tenseleyflow/shithub / cfbcdab

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: BumpAuthThrottle :one

+-- Increments the hit counter for (scope, identifier). When the existing

+-- window is older than the supplied window-start cutoff, resets to 1 and

+-- starts a new window. Returns the post-bump (hits, window_started_at).

+INSERT INTO auth_throttle (scope, identifier, hits, window_started_at)

+VALUES ($1, $2, 1, now())

+ON CONFLICT (scope, identifier) DO UPDATE

+SET hits = CASE

+        WHEN auth_throttle.window_started_at < $3 THEN 1

+        ELSE auth_throttle.hits + 1

+    END,

+    window_started_at = CASE

+        WHEN auth_throttle.window_started_at < $3 THEN now()

+        ELSE auth_throttle.window_started_at

+    END

+RETURNING hits, window_started_at;

+

+-- name: ResetAuthThrottle :exec

+DELETE FROM auth_throttle WHERE scope = $1 AND identifier = $2;

+

+-- name: PurgeStaleAuthThrottle :exec

+DELETE FROM auth_throttle WHERE window_started_at < $1;

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: CreateEmailVerification :one

+INSERT INTO email_verifications (user_email_id, token_hash, expires_at)

+VALUES ($1, $2, $3)

+RETURNING id, user_email_id, token_hash, expires_at, used_at, created_at;

+

+-- name: GetEmailVerificationByTokenHash :one

+SELECT id, user_email_id, token_hash, expires_at, used_at, created_at

+FROM email_verifications

+WHERE token_hash = $1;

+

+-- name: ConsumeEmailVerification :exec

+UPDATE email_verifications

+SET used_at = now()

+WHERE id = $1 AND used_at IS NULL;

+

+-- name: DeleteExpiredEmailVerifications :exec

+DELETE FROM email_verifications WHERE expires_at < now();

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: CreatePasswordReset :one

+INSERT INTO password_resets (user_id, token_hash, expires_at)

+VALUES ($1, $2, $3)

+RETURNING id, user_id, token_hash, expires_at, used_at, created_at;

+

+-- name: GetPasswordResetByTokenHash :one

+SELECT id, user_id, token_hash, expires_at, used_at, created_at

+FROM password_resets

+WHERE token_hash = $1;

+

+-- name: ConsumePasswordReset :exec

+UPDATE password_resets

+SET used_at = now()

+WHERE id = $1 AND used_at IS NULL;

+

+-- name: DeleteExpiredPasswordResets :exec

+DELETE FROM password_resets WHERE expires_at < now();

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: CreateUserEmail :one

+INSERT INTO user_emails (user_id, email, is_primary, verified, verification_token_hash, verification_sent_at)

+VALUES ($1, $2, $3, $4, $5, CASE WHEN $5::bytea IS NULL THEN NULL ELSE now() END)

+RETURNING id, user_id, email, is_primary, verified, verification_token_hash,

+          verification_sent_at, verified_at, created_at;

+

+-- name: GetUserEmailByAddress :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE email = $1;

+

+-- name: GetUserEmailByID :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE id = $1;

+

+-- name: ListUserEmailsForUser :many

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE user_id = $1

+ORDER BY is_primary DESC, created_at;

+

+-- name: MarkUserEmailVerified :exec

+UPDATE user_emails

+SET verified                = true,

+    verified_at             = now(),

+    verification_token_hash = NULL

+WHERE id = $1;

+

+-- name: SetVerificationToken :exec

+UPDATE user_emails

+SET verification_token_hash = $2,

+    verification_sent_at    = now()

+WHERE id = $1;

+

+-- name: GetUserEmailByVerificationHash :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE verification_token_hash = $1;

+-- SPDX-License-Identifier: AGPL-3.0-or-later

+

+-- name: CreateUser :one

+INSERT INTO users (username, display_name, password_hash)

+VALUES ($1, $2, $3)

+RETURNING id, username, display_name, primary_email_id, password_hash, password_algo,

+          password_updated_at, email_verified, last_login_at, suspended_at,

+          suspended_reason, deleted_at, created_at, updated_at;

+

+-- name: GetUserByID :one

+SELECT id, username, display_name, primary_email_id, password_hash, password_algo,

+       password_updated_at, email_verified, last_login_at, suspended_at,

+       suspended_reason, deleted_at, created_at, updated_at

+FROM users

+WHERE id = $1 AND deleted_at IS NULL;

+

+-- name: GetUserByUsername :one

+SELECT id, username, display_name, primary_email_id, password_hash, password_algo,

+       password_updated_at, email_verified, last_login_at, suspended_at,

+       suspended_reason, deleted_at, created_at, updated_at

+FROM users

+WHERE username = $1 AND deleted_at IS NULL;

+

+-- name: UpdateUserPassword :exec

+UPDATE users

+SET password_hash       = $2,

+    password_algo       = $3,

+    password_updated_at = now()

+WHERE id = $1;

+

+-- name: SetUserPrimaryEmail :exec

+UPDATE users

+SET primary_email_id = $2,

+    email_verified   = true

+WHERE id = $1;

+

+-- name: TouchUserLastLogin :exec

+UPDATE users

+SET last_login_at = now()

+WHERE id = $1;

+

+-- name: SuspendUser :exec

+UPDATE users

+SET suspended_at     = now(),

+    suspended_reason = $2

+WHERE id = $1;

+

+-- name: SoftDeleteUser :exec

+UPDATE users

+SET deleted_at = now()

+WHERE id = $1;

+

+-- name: CountUsers :one

+SELECT count(*) FROM users WHERE deleted_at IS NULL;

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: auth_throttle.sql

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+const bumpAuthThrottle = `-- name: BumpAuthThrottle :one

+

+INSERT INTO auth_throttle (scope, identifier, hits, window_started_at)

+VALUES ($1, $2, 1, now())

+ON CONFLICT (scope, identifier) DO UPDATE

+SET hits = CASE

+        WHEN auth_throttle.window_started_at < $3 THEN 1

+        ELSE auth_throttle.hits + 1

+    END,

+    window_started_at = CASE

+        WHEN auth_throttle.window_started_at < $3 THEN now()

+        ELSE auth_throttle.window_started_at

+    END

+RETURNING hits, window_started_at

+`

+

+type BumpAuthThrottleParams struct {

+	Scope           string

+	Identifier      string

+	WindowStartedAt pgtype.Timestamptz

+}

+

+type BumpAuthThrottleRow struct {

+	Hits            int32

+	WindowStartedAt pgtype.Timestamptz

+}

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+// Increments the hit counter for (scope, identifier). When the existing

+// window is older than the supplied window-start cutoff, resets to 1 and

+// starts a new window. Returns the post-bump (hits, window_started_at).

+func (q *Queries) BumpAuthThrottle(ctx context.Context, db DBTX, arg BumpAuthThrottleParams) (BumpAuthThrottleRow, error) {

+	row := db.QueryRow(ctx, bumpAuthThrottle, arg.Scope, arg.Identifier, arg.WindowStartedAt)

+	var i BumpAuthThrottleRow

+	err := row.Scan(&i.Hits, &i.WindowStartedAt)

+	return i, err

+}

+

+const purgeStaleAuthThrottle = `-- name: PurgeStaleAuthThrottle :exec

+DELETE FROM auth_throttle WHERE window_started_at < $1

+`

+

+func (q *Queries) PurgeStaleAuthThrottle(ctx context.Context, db DBTX, windowStartedAt pgtype.Timestamptz) error {

+	_, err := db.Exec(ctx, purgeStaleAuthThrottle, windowStartedAt)

+	return err

+}

+

+const resetAuthThrottle = `-- name: ResetAuthThrottle :exec

+DELETE FROM auth_throttle WHERE scope = $1 AND identifier = $2

+`

+

+type ResetAuthThrottleParams struct {

+	Scope      string

+	Identifier string

+}

+

+func (q *Queries) ResetAuthThrottle(ctx context.Context, db DBTX, arg ResetAuthThrottleParams) error {

+	_, err := db.Exec(ctx, resetAuthThrottle, arg.Scope, arg.Identifier)

+	return err

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgconn"

+)

+

+type DBTX interface {

+	Exec(context.Context, string, ...interface{}) (pgconn.CommandTag, error)

+	Query(context.Context, string, ...interface{}) (pgx.Rows, error)

+	QueryRow(context.Context, string, ...interface{}) pgx.Row

+}

+

+func New() *Queries {

+	return &Queries{}

+}

+

+type Queries struct {

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: email_verifications.sql

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+const consumeEmailVerification = `-- name: ConsumeEmailVerification :exec

+UPDATE email_verifications

+SET used_at = now()

+WHERE id = $1 AND used_at IS NULL

+`

+

+func (q *Queries) ConsumeEmailVerification(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, consumeEmailVerification, id)

+	return err

+}

+

+const createEmailVerification = `-- name: CreateEmailVerification :one

+

+INSERT INTO email_verifications (user_email_id, token_hash, expires_at)

+VALUES ($1, $2, $3)

+RETURNING id, user_email_id, token_hash, expires_at, used_at, created_at

+`

+

+type CreateEmailVerificationParams struct {

+	UserEmailID int64

+	TokenHash   []byte

+	ExpiresAt   pgtype.Timestamptz

+}

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+func (q *Queries) CreateEmailVerification(ctx context.Context, db DBTX, arg CreateEmailVerificationParams) (EmailVerification, error) {

+	row := db.QueryRow(ctx, createEmailVerification, arg.UserEmailID, arg.TokenHash, arg.ExpiresAt)

+	var i EmailVerification

+	err := row.Scan(

+		&i.ID,

+		&i.UserEmailID,

+		&i.TokenHash,

+		&i.ExpiresAt,

+		&i.UsedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const deleteExpiredEmailVerifications = `-- name: DeleteExpiredEmailVerifications :exec

+DELETE FROM email_verifications WHERE expires_at < now()

+`

+

+func (q *Queries) DeleteExpiredEmailVerifications(ctx context.Context, db DBTX) error {

+	_, err := db.Exec(ctx, deleteExpiredEmailVerifications)

+	return err

+}

+

+const getEmailVerificationByTokenHash = `-- name: GetEmailVerificationByTokenHash :one

+SELECT id, user_email_id, token_hash, expires_at, used_at, created_at

+FROM email_verifications

+WHERE token_hash = $1

+`

+

+func (q *Queries) GetEmailVerificationByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (EmailVerification, error) {

+	row := db.QueryRow(ctx, getEmailVerificationByTokenHash, tokenHash)

+	var i EmailVerification

+	err := row.Scan(

+		&i.ID,

+		&i.UserEmailID,

+		&i.TokenHash,

+		&i.ExpiresAt,

+		&i.UsedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+

+package usersdb

+

+import (

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+type AuthThrottle struct {

+	ID              int64

+	Scope           string

+	Identifier      string

+	Hits            int32

+	WindowStartedAt pgtype.Timestamptz

+}

+

+type EmailVerification struct {

+	ID          int64

+	UserEmailID int64

+	TokenHash   []byte

+	ExpiresAt   pgtype.Timestamptz

+	UsedAt      pgtype.Timestamptz

+	CreatedAt   pgtype.Timestamptz

+}

+

+type Meta struct {

+	Key       string

+	Value     []byte

+	UpdatedAt pgtype.Timestamptz

+}

+

+type PasswordReset struct {

+	ID        int64

+	UserID    int64

+	TokenHash []byte

+	ExpiresAt pgtype.Timestamptz

+	UsedAt    pgtype.Timestamptz

+	CreatedAt pgtype.Timestamptz

+}

+

+type User struct {

+	ID                int64

+	Username          string

+	DisplayName       string

+	PrimaryEmailID    pgtype.Int8

+	PasswordHash      string

+	PasswordAlgo      string

+	PasswordUpdatedAt pgtype.Timestamptz

+	EmailVerified     bool

+	LastLoginAt       pgtype.Timestamptz

+	SuspendedAt       pgtype.Timestamptz

+	SuspendedReason   pgtype.Text

+	DeletedAt         pgtype.Timestamptz

+	CreatedAt         pgtype.Timestamptz

+	UpdatedAt         pgtype.Timestamptz

+}

+

+type UserEmail struct {

+	ID                    int64

+	UserID                int64

+	Email                 string

+	IsPrimary             bool

+	Verified              bool

+	VerificationTokenHash []byte

+	VerificationSentAt    pgtype.Timestamptz

+	VerifiedAt            pgtype.Timestamptz

+	CreatedAt             pgtype.Timestamptz

+}

+

+type UsernameRedirect struct {

+	OldUsername string

+	UserID      int64

+	ChangedAt   pgtype.Timestamptz

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: password_resets.sql

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+const consumePasswordReset = `-- name: ConsumePasswordReset :exec

+UPDATE password_resets

+SET used_at = now()

+WHERE id = $1 AND used_at IS NULL

+`

+

+func (q *Queries) ConsumePasswordReset(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, consumePasswordReset, id)

+	return err

+}

+

+const createPasswordReset = `-- name: CreatePasswordReset :one

+

+INSERT INTO password_resets (user_id, token_hash, expires_at)

+VALUES ($1, $2, $3)

+RETURNING id, user_id, token_hash, expires_at, used_at, created_at

+`

+

+type CreatePasswordResetParams struct {

+	UserID    int64

+	TokenHash []byte

+	ExpiresAt pgtype.Timestamptz

+}

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+func (q *Queries) CreatePasswordReset(ctx context.Context, db DBTX, arg CreatePasswordResetParams) (PasswordReset, error) {

+	row := db.QueryRow(ctx, createPasswordReset, arg.UserID, arg.TokenHash, arg.ExpiresAt)

+	var i PasswordReset

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.TokenHash,

+		&i.ExpiresAt,

+		&i.UsedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const deleteExpiredPasswordResets = `-- name: DeleteExpiredPasswordResets :exec

+DELETE FROM password_resets WHERE expires_at < now()

+`

+

+func (q *Queries) DeleteExpiredPasswordResets(ctx context.Context, db DBTX) error {

+	_, err := db.Exec(ctx, deleteExpiredPasswordResets)

+	return err

+}

+

+const getPasswordResetByTokenHash = `-- name: GetPasswordResetByTokenHash :one

+SELECT id, user_id, token_hash, expires_at, used_at, created_at

+FROM password_resets

+WHERE token_hash = $1

+`

+

+func (q *Queries) GetPasswordResetByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (PasswordReset, error) {

+	row := db.QueryRow(ctx, getPasswordResetByTokenHash, tokenHash)

+	var i PasswordReset

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.TokenHash,

+		&i.ExpiresAt,

+		&i.UsedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+type Querier interface {

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	// Increments the hit counter for (scope, identifier). When the existing

+	// window is older than the supplied window-start cutoff, resets to 1 and

+	// starts a new window. Returns the post-bump (hits, window_started_at).

+	BumpAuthThrottle(ctx context.Context, db DBTX, arg BumpAuthThrottleParams) (BumpAuthThrottleRow, error)

+	ConsumeEmailVerification(ctx context.Context, db DBTX, id int64) error

+	ConsumePasswordReset(ctx context.Context, db DBTX, id int64) error

+	CountUsers(ctx context.Context, db DBTX) (int64, error)

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	CreateEmailVerification(ctx context.Context, db DBTX, arg CreateEmailVerificationParams) (EmailVerification, error)

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	CreatePasswordReset(ctx context.Context, db DBTX, arg CreatePasswordResetParams) (PasswordReset, error)

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	CreateUser(ctx context.Context, db DBTX, arg CreateUserParams) (User, error)

+	// SPDX-License-Identifier: AGPL-3.0-or-later

+	CreateUserEmail(ctx context.Context, db DBTX, arg CreateUserEmailParams) (UserEmail, error)

+	DeleteExpiredEmailVerifications(ctx context.Context, db DBTX) error

+	DeleteExpiredPasswordResets(ctx context.Context, db DBTX) error

+	GetEmailVerificationByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (EmailVerification, error)

+	GetPasswordResetByTokenHash(ctx context.Context, db DBTX, tokenHash []byte) (PasswordReset, error)

+	GetUserByID(ctx context.Context, db DBTX, id int64) (User, error)

+	GetUserByUsername(ctx context.Context, db DBTX, username string) (User, error)

+	GetUserEmailByAddress(ctx context.Context, db DBTX, email string) (UserEmail, error)

+	GetUserEmailByID(ctx context.Context, db DBTX, id int64) (UserEmail, error)

+	GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error)

+	ListUserEmailsForUser(ctx context.Context, db DBTX, userID int64) ([]UserEmail, error)

+	MarkUserEmailVerified(ctx context.Context, db DBTX, id int64) error

+	PurgeStaleAuthThrottle(ctx context.Context, db DBTX, windowStartedAt pgtype.Timestamptz) error

+	ResetAuthThrottle(ctx context.Context, db DBTX, arg ResetAuthThrottleParams) error

+	SetUserPrimaryEmail(ctx context.Context, db DBTX, arg SetUserPrimaryEmailParams) error

+	SetVerificationToken(ctx context.Context, db DBTX, arg SetVerificationTokenParams) error

+	SoftDeleteUser(ctx context.Context, db DBTX, id int64) error

+	SuspendUser(ctx context.Context, db DBTX, arg SuspendUserParams) error

+	TouchUserLastLogin(ctx context.Context, db DBTX, id int64) error

+	UpdateUserPassword(ctx context.Context, db DBTX, arg UpdateUserPasswordParams) error

+}

+

+var _ Querier = (*Queries)(nil)

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: user_emails.sql

+

+package usersdb

+

+import (

+	"context"

+)

+

+const createUserEmail = `-- name: CreateUserEmail :one

+

+INSERT INTO user_emails (user_id, email, is_primary, verified, verification_token_hash, verification_sent_at)

+VALUES ($1, $2, $3, $4, $5, CASE WHEN $5::bytea IS NULL THEN NULL ELSE now() END)

+RETURNING id, user_id, email, is_primary, verified, verification_token_hash,

+          verification_sent_at, verified_at, created_at

+`

+

+type CreateUserEmailParams struct {

+	UserID                int64

+	Email                 string

+	IsPrimary             bool

+	Verified              bool

+	VerificationTokenHash []byte

+}

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+func (q *Queries) CreateUserEmail(ctx context.Context, db DBTX, arg CreateUserEmailParams) (UserEmail, error) {

+	row := db.QueryRow(ctx, createUserEmail,

+		arg.UserID,

+		arg.Email,

+		arg.IsPrimary,

+		arg.Verified,

+		arg.VerificationTokenHash,

+	)

+	var i UserEmail

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.Email,

+		&i.IsPrimary,

+		&i.Verified,

+		&i.VerificationTokenHash,

+		&i.VerificationSentAt,

+		&i.VerifiedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const getUserEmailByAddress = `-- name: GetUserEmailByAddress :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE email = $1

+`

+

+func (q *Queries) GetUserEmailByAddress(ctx context.Context, db DBTX, email string) (UserEmail, error) {

+	row := db.QueryRow(ctx, getUserEmailByAddress, email)

+	var i UserEmail

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.Email,

+		&i.IsPrimary,

+		&i.Verified,

+		&i.VerificationTokenHash,

+		&i.VerificationSentAt,

+		&i.VerifiedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const getUserEmailByID = `-- name: GetUserEmailByID :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE id = $1

+`

+

+func (q *Queries) GetUserEmailByID(ctx context.Context, db DBTX, id int64) (UserEmail, error) {

+	row := db.QueryRow(ctx, getUserEmailByID, id)

+	var i UserEmail

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.Email,

+		&i.IsPrimary,

+		&i.Verified,

+		&i.VerificationTokenHash,

+		&i.VerificationSentAt,

+		&i.VerifiedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const getUserEmailByVerificationHash = `-- name: GetUserEmailByVerificationHash :one

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE verification_token_hash = $1

+`

+

+func (q *Queries) GetUserEmailByVerificationHash(ctx context.Context, db DBTX, verificationTokenHash []byte) (UserEmail, error) {

+	row := db.QueryRow(ctx, getUserEmailByVerificationHash, verificationTokenHash)

+	var i UserEmail

+	err := row.Scan(

+		&i.ID,

+		&i.UserID,

+		&i.Email,

+		&i.IsPrimary,

+		&i.Verified,

+		&i.VerificationTokenHash,

+		&i.VerificationSentAt,

+		&i.VerifiedAt,

+		&i.CreatedAt,

+	)

+	return i, err

+}

+

+const listUserEmailsForUser = `-- name: ListUserEmailsForUser :many

+SELECT id, user_id, email, is_primary, verified, verification_token_hash,

+       verification_sent_at, verified_at, created_at

+FROM user_emails

+WHERE user_id = $1

+ORDER BY is_primary DESC, created_at

+`

+

+func (q *Queries) ListUserEmailsForUser(ctx context.Context, db DBTX, userID int64) ([]UserEmail, error) {

+	rows, err := db.Query(ctx, listUserEmailsForUser, userID)

+	if err != nil {

+		return nil, err

+	}

+	defer rows.Close()

+	items := []UserEmail{}

+	for rows.Next() {

+		var i UserEmail

+		if err := rows.Scan(

+			&i.ID,

+			&i.UserID,

+			&i.Email,

+			&i.IsPrimary,

+			&i.Verified,

+			&i.VerificationTokenHash,

+			&i.VerificationSentAt,

+			&i.VerifiedAt,

+			&i.CreatedAt,

+		); err != nil {

+			return nil, err

+		}

+		items = append(items, i)

+	}

+	if err := rows.Err(); err != nil {

+		return nil, err

+	}

+	return items, nil

+}

+

+const markUserEmailVerified = `-- name: MarkUserEmailVerified :exec

+UPDATE user_emails

+SET verified                = true,

+    verified_at             = now(),

+    verification_token_hash = NULL

+WHERE id = $1

+`

+

+func (q *Queries) MarkUserEmailVerified(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, markUserEmailVerified, id)

+	return err

+}

+

+const setVerificationToken = `-- name: SetVerificationToken :exec

+UPDATE user_emails

+SET verification_token_hash = $2,

+    verification_sent_at    = now()

+WHERE id = $1

+`

+

+type SetVerificationTokenParams struct {

+	ID                    int64

+	VerificationTokenHash []byte

+}

+

+func (q *Queries) SetVerificationToken(ctx context.Context, db DBTX, arg SetVerificationTokenParams) error {

+	_, err := db.Exec(ctx, setVerificationToken, arg.ID, arg.VerificationTokenHash)

+	return err

+}

+// Code generated by sqlc. DO NOT EDIT.

+// versions:

+//   sqlc v1.31.1

+// source: users.sql

+

+package usersdb

+

+import (

+	"context"

+

+	"github.com/jackc/pgx/v5/pgtype"

+)

+

+const countUsers = `-- name: CountUsers :one

+SELECT count(*) FROM users WHERE deleted_at IS NULL

+`

+

+func (q *Queries) CountUsers(ctx context.Context, db DBTX) (int64, error) {

+	row := db.QueryRow(ctx, countUsers)

+	var count int64

+	err := row.Scan(&count)

+	return count, err

+}

+

+const createUser = `-- name: CreateUser :one

+

+INSERT INTO users (username, display_name, password_hash)

+VALUES ($1, $2, $3)

+RETURNING id, username, display_name, primary_email_id, password_hash, password_algo,

+          password_updated_at, email_verified, last_login_at, suspended_at,

+          suspended_reason, deleted_at, created_at, updated_at

+`

+

+type CreateUserParams struct {

+	Username     string

+	DisplayName  string

+	PasswordHash string

+}

+

+// SPDX-License-Identifier: AGPL-3.0-or-later

+func (q *Queries) CreateUser(ctx context.Context, db DBTX, arg CreateUserParams) (User, error) {

+	row := db.QueryRow(ctx, createUser, arg.Username, arg.DisplayName, arg.PasswordHash)

+	var i User

+	err := row.Scan(

+		&i.ID,

+		&i.Username,

+		&i.DisplayName,

+		&i.PrimaryEmailID,

+		&i.PasswordHash,

+		&i.PasswordAlgo,

+		&i.PasswordUpdatedAt,

+		&i.EmailVerified,

+		&i.LastLoginAt,

+		&i.SuspendedAt,

+		&i.SuspendedReason,

+		&i.DeletedAt,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+const getUserByID = `-- name: GetUserByID :one

+SELECT id, username, display_name, primary_email_id, password_hash, password_algo,

+       password_updated_at, email_verified, last_login_at, suspended_at,

+       suspended_reason, deleted_at, created_at, updated_at

+FROM users

+WHERE id = $1 AND deleted_at IS NULL

+`

+

+func (q *Queries) GetUserByID(ctx context.Context, db DBTX, id int64) (User, error) {

+	row := db.QueryRow(ctx, getUserByID, id)

+	var i User

+	err := row.Scan(

+		&i.ID,

+		&i.Username,

+		&i.DisplayName,

+		&i.PrimaryEmailID,

+		&i.PasswordHash,

+		&i.PasswordAlgo,

+		&i.PasswordUpdatedAt,

+		&i.EmailVerified,

+		&i.LastLoginAt,

+		&i.SuspendedAt,

+		&i.SuspendedReason,

+		&i.DeletedAt,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+const getUserByUsername = `-- name: GetUserByUsername :one

+SELECT id, username, display_name, primary_email_id, password_hash, password_algo,

+       password_updated_at, email_verified, last_login_at, suspended_at,

+       suspended_reason, deleted_at, created_at, updated_at

+FROM users

+WHERE username = $1 AND deleted_at IS NULL

+`

+

+func (q *Queries) GetUserByUsername(ctx context.Context, db DBTX, username string) (User, error) {

+	row := db.QueryRow(ctx, getUserByUsername, username)

+	var i User

+	err := row.Scan(

+		&i.ID,

+		&i.Username,

+		&i.DisplayName,

+		&i.PrimaryEmailID,

+		&i.PasswordHash,

+		&i.PasswordAlgo,

+		&i.PasswordUpdatedAt,

+		&i.EmailVerified,

+		&i.LastLoginAt,

+		&i.SuspendedAt,

+		&i.SuspendedReason,

+		&i.DeletedAt,

+		&i.CreatedAt,

+		&i.UpdatedAt,

+	)

+	return i, err

+}

+

+const setUserPrimaryEmail = `-- name: SetUserPrimaryEmail :exec

+UPDATE users

+SET primary_email_id = $2,

+    email_verified   = true

+WHERE id = $1

+`

+

+type SetUserPrimaryEmailParams struct {

+	ID             int64

+	PrimaryEmailID pgtype.Int8

+}

+

+func (q *Queries) SetUserPrimaryEmail(ctx context.Context, db DBTX, arg SetUserPrimaryEmailParams) error {

+	_, err := db.Exec(ctx, setUserPrimaryEmail, arg.ID, arg.PrimaryEmailID)

+	return err

+}

+

+const softDeleteUser = `-- name: SoftDeleteUser :exec

+UPDATE users

+SET deleted_at = now()

+WHERE id = $1

+`

+

+func (q *Queries) SoftDeleteUser(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, softDeleteUser, id)

+	return err

+}

+

+const suspendUser = `-- name: SuspendUser :exec

+UPDATE users

+SET suspended_at     = now(),

+    suspended_reason = $2

+WHERE id = $1

+`

+

+type SuspendUserParams struct {

+	ID              int64

+	SuspendedReason pgtype.Text

+}

+

+func (q *Queries) SuspendUser(ctx context.Context, db DBTX, arg SuspendUserParams) error {

+	_, err := db.Exec(ctx, suspendUser, arg.ID, arg.SuspendedReason)

+	return err

+}

+

+const touchUserLastLogin = `-- name: TouchUserLastLogin :exec

+UPDATE users

+SET last_login_at = now()

+WHERE id = $1

+`

+

+func (q *Queries) TouchUserLastLogin(ctx context.Context, db DBTX, id int64) error {

+	_, err := db.Exec(ctx, touchUserLastLogin, id)

+	return err

+}

+

+const updateUserPassword = `-- name: UpdateUserPassword :exec

+UPDATE users

+SET password_hash       = $2,

+    password_algo       = $3,

+    password_updated_at = now()

+WHERE id = $1

+`

+

+type UpdateUserPasswordParams struct {

+	ID           int64

+	PasswordHash string

+	PasswordAlgo string

+}

+

+func (q *Queries) UpdateUserPassword(ctx context.Context, db DBTX, arg UpdateUserPasswordParams) error {

+	_, err := db.Exec(ctx, updateUserPassword, arg.ID, arg.PasswordHash, arg.PasswordAlgo)

+	return err

+}

+

+  - engine: postgresql

+    schema: internal/migrationsfs/migrations

+    queries: internal/users/queries

+    gen:

+      go:

+        package: usersdb

+        out: internal/users/sqlc

+        sql_package: pgx/v5

+        emit_json_tags: false

+        emit_pointers_for_null_types: false

+        emit_prepared_queries: false

+        emit_interface: true

+        emit_exact_table_names: false

+        emit_empty_slices: true

+        emit_methods_with_db_argument: true