// Code generated by sqlc. DO NOT EDIT. // versions: // sqlc v1.31.1 // source: user_gpg_keys.sql package usersdb import ( "context" "github.com/jackc/pgx/v5/pgtype" ) const countUserGPGKeys = `-- name: CountUserGPGKeys :one SELECT count(*) FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL ` // Excludes revoked rows so the per-user cap (100) counts live keys. func (q *Queries) CountUserGPGKeys(ctx context.Context, db DBTX, userID int64) (int64, error) { row := db.QueryRow(ctx, countUserGPGKeys, userID) var count int64 err := row.Scan(&count) return count, err } const getUserGPGKey = `-- name: GetUserGPGKey :one SELECT id, user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, created_at, last_used_at, revoked_at, expires_at FROM user_gpg_keys WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL ` type GetUserGPGKeyParams struct { ID int64 UserID int64 } // Scoped single-key lookup for REST GET-by-id. user_id filter prevents // cross-user reads (existence-leak-safe: returns no row if the id // belongs to another user). Excludes soft-deleted rows so the public // surface mirrors a hard delete from the consumer's perspective; // verification (which needs historical attribution) uses // GetUserGPGKeyForVerification which has no revoked filter. func (q *Queries) GetUserGPGKey(ctx context.Context, db DBTX, arg GetUserGPGKeyParams) (UserGpgKey, error) { row := db.QueryRow(ctx, getUserGPGKey, arg.ID, arg.UserID) var i UserGpgKey err := row.Scan( &i.ID, &i.UserID, &i.Name, &i.Fingerprint, &i.KeyID, &i.Armored, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.CanAuthenticate, &i.Uids, &i.Subkeys, &i.PrimaryAlgo, &i.CreatedAt, &i.LastUsedAt, &i.RevokedAt, &i.ExpiresAt, ) return i, err } const getUserGPGKeyByFingerprint = `-- name: GetUserGPGKeyByFingerprint :one SELECT id, user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, created_at, last_used_at, revoked_at, expires_at FROM user_gpg_keys WHERE fingerprint = $1 AND revoked_at IS NULL ` // Uniqueness probe used by the add path to surface a friendly // "this key is already registered" error before the unique index // violation. Returns any row matching the fingerprint regardless of // which user owns it (global uniqueness is the contract). func (q *Queries) GetUserGPGKeyByFingerprint(ctx context.Context, db DBTX, fingerprint string) (UserGpgKey, error) { row := db.QueryRow(ctx, getUserGPGKeyByFingerprint, fingerprint) var i UserGpgKey err := row.Scan( &i.ID, &i.UserID, &i.Name, &i.Fingerprint, &i.KeyID, &i.Armored, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.CanAuthenticate, &i.Uids, &i.Subkeys, &i.PrimaryAlgo, &i.CreatedAt, &i.LastUsedAt, &i.RevokedAt, &i.ExpiresAt, ) return i, err } const getUserGPGKeyForVerification = `-- name: GetUserGPGKeyForVerification :one SELECT id, user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, created_at, last_used_at, revoked_at, expires_at FROM user_gpg_keys WHERE id = $1 ` // Non-user-scoped lookup used by the verification path. Unlike // GetUserGPGKey this query does NOT filter on user_id — the caller // already validated the subkey resolution and needs the parent // record's user_id to drive the email cross-check. Includes revoked // rows so historical commit verifications can still resolve their // signer attribution. func (q *Queries) GetUserGPGKeyForVerification(ctx context.Context, db DBTX, id int64) (UserGpgKey, error) { row := db.QueryRow(ctx, getUserGPGKeyForVerification, id) var i UserGpgKey err := row.Scan( &i.ID, &i.UserID, &i.Name, &i.Fingerprint, &i.KeyID, &i.Armored, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.CanAuthenticate, &i.Uids, &i.Subkeys, &i.PrimaryAlgo, &i.CreatedAt, &i.LastUsedAt, &i.RevokedAt, &i.ExpiresAt, ) return i, err } const insertUserGPGKey = `-- name: InsertUserGPGKey :one INSERT INTO user_gpg_keys ( user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, expires_at ) VALUES ( $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14 ) RETURNING id, user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, created_at, last_used_at, revoked_at, expires_at ` type InsertUserGPGKeyParams struct { UserID int64 Name string Fingerprint string KeyID string Armored string CanSign bool CanEncryptComms bool CanEncryptStorage bool CanCertify bool CanAuthenticate bool Uids []string Subkeys []byte PrimaryAlgo string ExpiresAt pgtype.Timestamptz } // SPDX-License-Identifier: AGPL-3.0-or-later // Inserts a parsed primary GPG key. Subkeys land in user_gpg_subkeys // in the same transaction (see InsertUserGPGSubkey). expires_at is // nullable; many keys have no expiration. revoked_at stays NULL on // insert; soft-delete sets it. func (q *Queries) InsertUserGPGKey(ctx context.Context, db DBTX, arg InsertUserGPGKeyParams) (UserGpgKey, error) { row := db.QueryRow(ctx, insertUserGPGKey, arg.UserID, arg.Name, arg.Fingerprint, arg.KeyID, arg.Armored, arg.CanSign, arg.CanEncryptComms, arg.CanEncryptStorage, arg.CanCertify, arg.CanAuthenticate, arg.Uids, arg.Subkeys, arg.PrimaryAlgo, arg.ExpiresAt, ) var i UserGpgKey err := row.Scan( &i.ID, &i.UserID, &i.Name, &i.Fingerprint, &i.KeyID, &i.Armored, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.CanAuthenticate, &i.Uids, &i.Subkeys, &i.PrimaryAlgo, &i.CreatedAt, &i.LastUsedAt, &i.RevokedAt, &i.ExpiresAt, ) return i, err } const listUserGPGKeys = `-- name: ListUserGPGKeys :many SELECT id, user_id, name, fingerprint, key_id, armored, can_sign, can_encrypt_comms, can_encrypt_storage, can_certify, can_authenticate, uids, subkeys, primary_algo, created_at, last_used_at, revoked_at, expires_at FROM user_gpg_keys WHERE user_id = $1 AND revoked_at IS NULL ORDER BY created_at DESC LIMIT $2 OFFSET $3 ` type ListUserGPGKeysParams struct { UserID int64 Limit int32 Offset int32 } // Paginated list for the REST surface; HTML settings page reuses with // a generous limit and no offset. func (q *Queries) ListUserGPGKeys(ctx context.Context, db DBTX, arg ListUserGPGKeysParams) ([]UserGpgKey, error) { rows, err := db.Query(ctx, listUserGPGKeys, arg.UserID, arg.Limit, arg.Offset) if err != nil { return nil, err } defer rows.Close() items := []UserGpgKey{} for rows.Next() { var i UserGpgKey if err := rows.Scan( &i.ID, &i.UserID, &i.Name, &i.Fingerprint, &i.KeyID, &i.Armored, &i.CanSign, &i.CanEncryptComms, &i.CanEncryptStorage, &i.CanCertify, &i.CanAuthenticate, &i.Uids, &i.Subkeys, &i.PrimaryAlgo, &i.CreatedAt, &i.LastUsedAt, &i.RevokedAt, &i.ExpiresAt, ); err != nil { return nil, err } items = append(items, i) } if err := rows.Err(); err != nil { return nil, err } return items, nil } const softDeleteUserGPGKey = `-- name: SoftDeleteUserGPGKey :execrows UPDATE user_gpg_keys SET revoked_at = now() WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL ` type SoftDeleteUserGPGKeyParams struct { ID int64 UserID int64 } // Scoped soft-delete: stamps revoked_at, preserves the row for audit // continuity. Returns the number of rows affected so the handler can // distinguish "not found" from "deleted" without a follow-up query. func (q *Queries) SoftDeleteUserGPGKey(ctx context.Context, db DBTX, arg SoftDeleteUserGPGKeyParams) (int64, error) { result, err := db.Exec(ctx, softDeleteUserGPGKey, arg.ID, arg.UserID) if err != nil { return 0, err } return result.RowsAffected(), nil } const touchUserGPGKeyLastUsed = `-- name: TouchUserGPGKeyLastUsed :exec UPDATE user_gpg_keys SET last_used_at = now() WHERE id = $1 ` // Best-effort last-used stamp called from the verification path when // a signature successfully resolves to this key. No timeout / error // propagation; the caller fires-and-forgets via a goroutine. func (q *Queries) TouchUserGPGKeyLastUsed(ctx context.Context, db DBTX, id int64) error { _, err := db.Exec(ctx, touchUserGPGKeyLastUsed, id) return err }