// Code generated by sqlc. DO NOT EDIT. // versions: // sqlc v1.31.1 // source: user_gpg_subkeys.sql package usersdb import ( "context" "github.com/jackc/pgx/v5/pgtype" ) const getUserGPGSubkeyByFingerprint = `-- name: GetUserGPGSubkeyByFingerprint :one SELECT id, gpg_key_id, fingerprint, key_id, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, expires_at, revoked_at, created_at FROM user_gpg_subkeys WHERE fingerprint = $1 AND revoked_at IS NULL ` // Hot path for commit/tag signature verification. The signature // packet carries the signing subkey's fingerprint; this query // resolves it back to the primary key (and via FK to the user). // Index lookup via the partial unique index. func (q *Queries) GetUserGPGSubkeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgSubkey, error) { row := db.QueryRow(ctx, getUserGPGSubkeyByFingerprint, fingerprint) var i UserGpgSubkey err := row.Scan( &i.ID, &i.GpgKeyID, &i.Fingerprint, &i.KeyID, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.ExpiresAt, &i.RevokedAt, &i.CreatedAt, ) return i, err } const insertUserGPGSubkey = `-- name: InsertUserGPGSubkey :one INSERT INTO user_gpg_subkeys ( gpg_key_id, fingerprint, key_id, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, expires_at ) VALUES ( $1, $2, $3, $4, $5, $6, $7, $8 ) RETURNING id, gpg_key_id, fingerprint, key_id, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, expires_at, revoked_at, created_at ` type InsertUserGPGSubkeyParams struct { GpgKeyID int64 Fingerprint string KeyID string CanSign bool CanEncryptComms bool CanEncryptStorage bool CanCertify bool ExpiresAt pgtype.Timestamptz } // SPDX-License-Identifier: AGPL-3.0-or-later // One row per subkey of a primary key. Always inserted in the same // transaction as the parent InsertUserGPGKey so the verification // hot path's fingerprint lookup is consistent with the REST nested // shape. func (q *Queries) InsertUserGPGSubkey(ctx context.Context, db DBTX, arg InsertUserGPGSubkeyParams) (UserGpgSubkey, error) { row := db.QueryRow(ctx, insertUserGPGSubkey, arg.GpgKeyID, arg.Fingerprint, arg.KeyID, arg.CanSign, arg.CanEncryptComms, arg.CanEncryptStorage, arg.CanCertify, arg.ExpiresAt, ) var i UserGpgSubkey err := row.Scan( &i.ID, &i.GpgKeyID, &i.Fingerprint, &i.KeyID, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.ExpiresAt, &i.RevokedAt, &i.CreatedAt, ) return i, err } const listSubkeysForGPGKey = `-- name: ListSubkeysForGPGKey :many SELECT id, gpg_key_id, fingerprint, key_id, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, expires_at, revoked_at, created_at FROM user_gpg_subkeys WHERE gpg_key_id = $1 ORDER BY id ` // Reads all live subkeys for one primary; used when invalidating the // verification cache on primary soft-delete (every dependent subkey // needs its cache rows stamped invalidated too). func (q *Queries) ListSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) ([]UserGpgSubkey, error) { rows, err := db.Query(ctx, listSubkeysForGPGKey, gpgKeyID) if err != nil { return nil, err } defer rows.Close() items := []UserGpgSubkey{} for rows.Next() { var i UserGpgSubkey if err := rows.Scan( &i.ID, &i.GpgKeyID, &i.Fingerprint, &i.KeyID, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.ExpiresAt, &i.RevokedAt, &i.CreatedAt, ); err != nil { return nil, err } items = append(items, i) } if err := rows.Err(); err != nil { return nil, err } return items, nil } const softDeleteSubkeysForGPGKey = `-- name: SoftDeleteSubkeysForGPGKey :exec UPDATE user_gpg_subkeys SET revoked_at = now() WHERE gpg_key_id = $1 AND revoked_at IS NULL ` // Stamps revoked_at on every live subkey of a primary. Called in the // same transaction as SoftDeleteUserGPGKey so the partial unique index // frees up the fingerprint for re-upload if the user rotates. func (q *Queries) SoftDeleteSubkeysForGPGKey(ctx context.Context, db DBTX, gpgKeyID int64) error { _, err := db.Exec(ctx, softDeleteSubkeysForGPGKey, gpgKeyID) return err }