store

package
v0.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2026 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrDomainNotFound     = errors.New("domain not found")
	ErrDuplicateDomain    = errors.New("domain already registered")
	ErrAssignmentNotFound = errors.New("assignment not found")
)
View Source 
var ErrAccountNotFound = errors.New("account not found")
View Source 
var ErrChallengeNotFound = errors.New("acme challenge not found")
View Source 
var ErrDeviceNotFound = errors.New("device not found")
View Source 
var ErrDuplicateEK = errors.New("duplicate ek fingerprint")
View Source 
var ErrDuplicateHostname = errors.New("hostname already taken")
View Source 
var ErrDuplicateSlug = errors.New("duplicate slug")
View Source 
var ErrInviteNotFound = errors.New("invite not found")
View Source 
var ErrIssuerNotFound = errors.New("issuer not found")
View Source 
var ErrNexusNotFound = errors.New("nexus instance not found")
View Source 
var ErrRecoveryClaimNotFound = errors.New("recovery claim not found")
View Source 
var ErrVoucherRequestNotFound = errors.New("voucher request not found")

Functions

func CreateDeviceWithAccount added in v0.1.1 

func CreateDeviceWithAccount(ctx context.Context, pool *pgxpool.Pool, account *model.Account, device *model.Device) error

CreateDeviceWithAccount creates an account and a device in a single transaction.

func CreateDeviceWithRecoveryAccount added in v0.1.4 

func CreateDeviceWithRecoveryAccount(ctx context.Context, pool *pgxpool.Pool, account *model.Account, device *model.Device) error

CreateDeviceWithRecoveryAccount creates a recovery account (ON CONFLICT DO NOTHING) and a device in a single transaction. Used for recovery enrollment where the account may already exist from another device's concurrent enrollment.

Types

type ACMEStore 

type ACMEStore struct {
	// contains filtered or unexported fields
}

func NewACMEStore 

func NewACMEStore(pool *pgxpool.Pool) *ACMEStore

func (*ACMEStore) Create 

func (s *ACMEStore) Create(ctx context.Context, c *model.ACMEChallenge) error

func (*ACMEStore) Delete 

func (s *ACMEStore) Delete(ctx context.Context, id uuid.UUID) error

func (*ACMEStore) GetByID 

func (s *ACMEStore) GetByID(ctx context.Context, id uuid.UUID) (*model.ACMEChallenge, error)

func (*ACMEStore) GetExpired 

func (s *ACMEStore) GetExpired(ctx context.Context) ([]*model.ACMEChallenge, error)

type AccountStore added in v0.1.1 

type AccountStore struct {
	// contains filtered or unexported fields
}

func NewAccountStore added in v0.1.1 

func NewAccountStore(pool *pgxpool.Pool) *AccountStore

func (*AccountStore) CountByStatus added in v0.1.6 

func (s *AccountStore) CountByStatus(ctx context.Context) (map[string]int, error)

CountByStatus returns account counts grouped by status.

func (*AccountStore) CountDevices added in v0.1.4 

func (s *AccountStore) CountDevices(ctx context.Context, accountID uuid.UUID) (int, error)

CountDevices returns the number of devices in an account.

func (*AccountStore) Create added in v0.1.1 

func (s *AccountStore) Create(ctx context.Context, account *model.Account) error

func (*AccountStore) CreateOrIgnore added in v0.1.4 

func (s *AccountStore) CreateOrIgnore(ctx context.Context, account *model.Account) error

CreateOrIgnore inserts an account or does nothing if it already exists. Used for concurrent recovery enrollment where multiple devices may try to create the same account simultaneously.

func (*AccountStore) DeleteEmpty added in v0.1.4 

func (s *AccountStore) DeleteEmpty(ctx context.Context, accountID uuid.UUID) error

DeleteEmpty deletes an account if it has no devices.

func (*AccountStore) GetByID added in v0.1.1 

func (s *AccountStore) GetByID(ctx context.Context, id uuid.UUID) (*model.Account, error)

func (*AccountStore) IncrementEpoch added in v0.1.4 

func (s *AccountStore) IncrementEpoch(ctx context.Context, id uuid.UUID) (int, error)

IncrementEpoch atomically increments the membership epoch and returns the new value.

func (*AccountStore) SetDissolvedAt added in v0.1.4 

func (s *AccountStore) SetDissolvedAt(ctx context.Context, id uuid.UUID, dissolvedAt *time.Time) (bool, error)

SetDissolvedAt sets the dissolved_at timestamp on an account.

func (*AccountStore) UpdateStatus added in v0.1.4 

func (s *AccountStore) UpdateStatus(ctx context.Context, id uuid.UUID, status model.AccountStatus) error

UpdateStatus sets the account status.

type AuditQuery added in v0.1.6 

type AuditQuery struct {
	Action       *string    // prefix filter (e.g. "device." matches device.enrolled, etc.)
	ActorType    *string    // exact match
	ResourceType *string    // exact match
	Since        *time.Time // entries after this time
	Until        *time.Time // entries before this time
	Limit        int        // max results (default 50, max 200)
	Before       *int64     // cursor: return entries with id < Before
}

AuditQuery specifies filters for querying the audit log.

type AuditStore 

type AuditStore struct {
	// contains filtered or unexported fields
}

func NewAuditStore 

func NewAuditStore(pool *pgxpool.Pool) *AuditStore

func (*AuditStore) DeleteOlderThan 

func (s *AuditStore) DeleteOlderThan(ctx context.Context, days int) (int64, error)

func (*AuditStore) Log 

func (s *AuditStore) Log(ctx context.Context, entry *model.AuditEntry) error

func (*AuditStore) LogAction 

func (s *AuditStore) LogAction(ctx context.Context, actorType model.ActorType, actorID, action, resourceType string, resourceID *string, details any, ip net.IP)

func (*AuditStore) Query added in v0.1.6 

func (s *AuditStore) Query(ctx context.Context, q AuditQuery) ([]model.AuditEntry, error)

Query returns audit log entries matching the given filters, ordered newest-first. Uses cursor-based pagination via Before (id < cursor). All filter values are parameterized. Callers must clamp q.Limit before calling; a zero or negative limit defaults to 50.

type CensusStore added in v0.1.5 

type CensusStore struct {
	// contains filtered or unexported fields
}

func NewCensusStore added in v0.1.5 

func NewCensusStore(pool *pgxpool.Pool) *CensusStore

func (*CensusStore) FlagIssuer added in v0.1.5 

func (s *CensusStore) FlagIssuer(ctx context.Context, fp string, reason string) error

func (*CensusStore) GetAllPCRMajorities added in v0.1.5 

func (s *CensusStore) GetAllPCRMajorities(ctx context.Context) (map[string]*model.PCRCensus, error)

GetAllPCRMajorities returns all current PCR majorities keyed by "groupingKey|pcrGroup".

func (*CensusStore) GetCrowdCorroboratedIssuers added in v0.1.5 

func (s *CensusStore) GetCrowdCorroboratedIssuers(ctx context.Context) ([]model.EKIssuerCensus, error)

func (*CensusStore) GetDistinctPCRGroups added in v0.1.5 

func (s *CensusStore) GetDistinctPCRGroups(ctx context.Context) ([][2]string, error)

GetDistinctPCRGroups returns distinct (grouping_key, pcr_group) pairs for recalculation.

func (*CensusStore) GetIssuerByFingerprint added in v0.1.5 

func (s *CensusStore) GetIssuerByFingerprint(ctx context.Context, fp string) (*model.EKIssuerCensus, error)

func (*CensusStore) GetIssuerObservations added in v0.1.5 

func (s *CensusStore) GetIssuerObservations(ctx context.Context, fp string) ([]model.EKIssuerObservation, error)

func (*CensusStore) GetIssuerSummary added in v0.1.6 

func (s *CensusStore) GetIssuerSummary(ctx context.Context) (*IssuerSummary, error)

GetIssuerSummary returns aggregate counts of issuers grouped by tier, plus flagged count.

func (*CensusStore) GetPCRCensusEligibleDevices added in v0.1.5 

func (s *CensusStore) GetPCRCensusEligibleDevices(ctx context.Context, activeWindowDays int) ([]PCRCensusEligibleDevice, error)

GetPCRCensusEligibleDevices returns Tier 1-2 devices with PCR values within the active window.

func (*CensusStore) GetPCRMajority added in v0.1.5 

func (s *CensusStore) GetPCRMajority(ctx context.Context, groupingKey string, pcrGroup model.PCRGroup) (*model.PCRCensus, error)

func (*CensusStore) GetPromotionCandidateStats added in v0.1.5 

func (s *CensusStore) GetPromotionCandidateStats(ctx context.Context, fp string, activeWindowDays int) (*PromotionCandidateStats, error)

func (*CensusStore) GetTopPCRCluster added in v0.1.5 

func (s *CensusStore) GetTopPCRCluster(ctx context.Context, groupingKey string, pcrGroup model.PCRGroup, minPopulation int) (*model.PCRCensus, error)

GetTopPCRCluster returns the cluster with the highest device_count for the given key/group.

func (*CensusStore) GetUnverifiedIssuers added in v0.1.5 

func (s *CensusStore) GetUnverifiedIssuers(ctx context.Context) ([]model.EKIssuerCensus, error)

func (*CensusStore) ListIssuers added in v0.1.5 

func (s *CensusStore) ListIssuers(ctx context.Context, tierFilter *string) ([]model.EKIssuerCensus, error)

func (*CensusStore) ListPCRClusters added in v0.1.5 

func (s *CensusStore) ListPCRClusters(ctx context.Context, groupingKey *string) ([]model.PCRCensus, error)

func (*CensusStore) RecomputeAllIssuerCounts added in v0.1.5 

func (s *CensusStore) RecomputeAllIssuerCounts(ctx context.Context, activeWindowDays int) error

RecomputeAllIssuerCounts batch-updates device_count and distinct_subnet_count for all issuers.

func (*CensusStore) ResetAllPCRCounts added in v0.1.5 

func (s *CensusStore) ResetAllPCRCounts(ctx context.Context) error

ResetAllPCRCounts sets all device_count to 0 before recomputation.

func (*CensusStore) ResetPCRMajority added in v0.1.5 

func (s *CensusStore) ResetPCRMajority(ctx context.Context, groupingKey string, pcrGroup model.PCRGroup) error

func (*CensusStore) SetPCRDeviceCount added in v0.1.5 

func (s *CensusStore) SetPCRDeviceCount(ctx context.Context, groupingKey string, pcrGroup model.PCRGroup, compositeHash string, count int) error

SetPCRDeviceCount updates the device_count for a specific PCR census entry.

func (*CensusStore) SetPCRMajority added in v0.1.5 

func (s *CensusStore) SetPCRMajority(ctx context.Context, id uuid.UUID) error

func (*CensusStore) UnflagIssuer added in v0.1.5 

func (s *CensusStore) UnflagIssuer(ctx context.Context, fp string) error

func (*CensusStore) UpdateIssuerTier added in v0.1.5 

func (s *CensusStore) UpdateIssuerTier(ctx context.Context, fp string, tier model.IssuerTier) error

func (*CensusStore) UpdateStructuralComplianceScore added in v0.1.5 

func (s *CensusStore) UpdateStructuralComplianceScore(ctx context.Context, fp string, score float32) error

func (*CensusStore) UpsertIssuerCensus added in v0.1.5 

func (s *CensusStore) UpsertIssuerCensus(ctx context.Context, census *model.EKIssuerCensus) error

UpsertIssuerCensus creates or updates an issuer census entry. On conflict, only last_seen_at is updated — device_count and distinct_subnet_count are recomputed by the background census service to prevent drift.

func (*CensusStore) UpsertObservation added in v0.1.5 

func (s *CensusStore) UpsertObservation(ctx context.Context, obs *model.EKIssuerObservation) error

func (*CensusStore) UpsertPCRCensus added in v0.1.5 

func (s *CensusStore) UpsertPCRCensus(ctx context.Context, pcr *model.PCRCensus) error

UpsertPCRCensus creates or updates a PCR census entry.

func (*CensusStore) UpsertPCRCensusWithCount added in v0.1.5 

func (s *CensusStore) UpsertPCRCensusWithCount(ctx context.Context, pcr *model.PCRCensus) error

UpsertPCRCensusWithCount creates or updates a PCR census entry with an exact device count. Used by the background census service to set authoritative counts from device aggregation.

type DeviceStore 

type DeviceStore struct {
	// contains filtered or unexported fields
}

func NewDeviceStore 

func NewDeviceStore(pool *pgxpool.Pool) *DeviceStore

func (*DeviceStore) CleanupReleasedHostnames 

func (s *DeviceStore) CleanupReleasedHostnames(ctx context.Context, maxAgeDays int) (int64, error)

func (*DeviceStore) ClearTrustOverride added in v0.1.5 

func (s *DeviceStore) ClearTrustOverride(ctx context.Context, id uuid.UUID) error

ClearTrustOverride removes the operator override, allowing system-computed trust to take effect.

func (*DeviceStore) CountByIdentityClass added in v0.1.6 

func (s *DeviceStore) CountByIdentityClass(ctx context.Context) (map[string]int, error)

func (*DeviceStore) CountByStatus added in v0.1.6 

func (s *DeviceStore) CountByStatus(ctx context.Context) (map[string]int, error)

func (*DeviceStore) CountByTrustLevel added in v0.1.6 

func (s *DeviceStore) CountByTrustLevel(ctx context.Context) (map[string]int, error)

func (*DeviceStore) CreateDevice added in v0.1.4 

func (s *DeviceStore) CreateDevice(ctx context.Context, device *model.Device) error

CreateDevice inserts a device into an existing account.

func (*DeviceStore) Delete 

func (s *DeviceStore) Delete(ctx context.Context, id uuid.UUID) error

func (*DeviceStore) GetByEKFingerprint 

func (s *DeviceStore) GetByEKFingerprint(ctx context.Context, fingerprint string) (*model.Device, error)

func (*DeviceStore) GetByID 

func (s *DeviceStore) GetByID(ctx context.Context, id uuid.UUID) (*model.Device, error)

func (*DeviceStore) GetBySlug added in v0.1.1 

func (s *DeviceStore) GetBySlug(ctx context.Context, slug string) (*model.Device, error)

func (*DeviceStore) IsHostnameReleased 

func (s *DeviceStore) IsHostnameReleased(ctx context.Context, label string, cooldownDays int) (bool, error)

func (*DeviceStore) IsLabelTaken 

func (s *DeviceStore) IsLabelTaken(ctx context.Context, label string) (bool, error)

func (*DeviceStore) ListByAccountID added in v0.1.4 

func (s *DeviceStore) ListByAccountID(ctx context.Context, accountID uuid.UUID) ([]model.Device, error)

ListByAccountID returns all active devices in an account.

func (*DeviceStore) ReleaseHostname 

func (s *DeviceStore) ReleaseHostname(ctx context.Context, label string, deviceID uuid.UUID) error

func (*DeviceStore) SetCustomHostname 

func (s *DeviceStore) SetCustomHostname(ctx context.Context, p SetCustomHostnameParams) error

func (*DeviceStore) SetVoucherPendingSince added in v0.1.4 

func (s *DeviceStore) SetVoucherPendingSince(ctx context.Context, deviceID uuid.UUID, t *time.Time) error

SetVoucherPendingSince sets or clears the voucher_pending_since timestamp on a device.

func (*DeviceStore) UpdateAKPublicKey 

func (s *DeviceStore) UpdateAKPublicKey(ctx context.Context, id uuid.UUID, akPub []byte) error

func (*DeviceStore) UpdateAccountID added in v0.1.4 

func (s *DeviceStore) UpdateAccountID(ctx context.Context, deviceID uuid.UUID, accountID uuid.UUID) error

UpdateAccountID moves a device to a different account and cleans up alias-domain assignments from the old account.

func (*DeviceStore) UpdateIdentityClass added in v0.1.5 

func (s *DeviceStore) UpdateIdentityClass(ctx context.Context, id uuid.UUID, identityClass string) error

func (*DeviceStore) UpdateLastSeen 

func (s *DeviceStore) UpdateLastSeen(ctx context.Context, id uuid.UUID, ip net.IP) error

func (*DeviceStore) UpdateStatus 

func (s *DeviceStore) UpdateStatus(ctx context.Context, id uuid.UUID, status model.DeviceStatus) error

func (*DeviceStore) UpdateTrustData added in v0.1.5 

func (s *DeviceStore) UpdateTrustData(ctx context.Context, id uuid.UUID, identityClass string, trustLevel model.TrustLevel, issuerFP *string, osVersion *string, pcrValues map[string]string) error

func (*DeviceStore) UpdateTrustLevel added in v0.1.5 

func (s *DeviceStore) UpdateTrustLevel(ctx context.Context, id uuid.UUID, trustLevel model.TrustLevel) error

UpdateTrustLevel sets both trust_level and trust_level_override (operator override). The override prevents system-computed trust from overwriting the operator's decision.

type DomainStore added in v0.1.1 

type DomainStore struct {
	// contains filtered or unexported fields
}

func NewDomainStore added in v0.1.1 

func NewDomainStore(pool *pgxpool.Pool) *DomainStore

func (*DomainStore) AreDevicesInAccount added in v0.1.1 

func (s *DomainStore) AreDevicesInAccount(ctx context.Context, accountID uuid.UUID, deviceIDs []uuid.UUID) (bool, error)

AreDevicesInAccount checks that all given device IDs belong to the specified account.

func (*DomainStore) AssignDevice added in v0.1.1 

func (s *DomainStore) AssignDevice(ctx context.Context, domainID, deviceID uuid.UUID) error

AssignDevice assigns a domain to a device.

func (*DomainStore) CountByAccountID added in v0.1.1 

func (s *DomainStore) CountByAccountID(ctx context.Context, accountID uuid.UUID) (int, error)

func (*DomainStore) Create added in v0.1.1 

func (s *DomainStore) Create(ctx context.Context, d *model.AccountDomain) error

func (*DomainStore) Delete added in v0.1.1 

func (s *DomainStore) Delete(ctx context.Context, id uuid.UUID) error

func (*DomainStore) DeleteExpiredPending added in v0.1.1 

func (s *DomainStore) DeleteExpiredPending(ctx context.Context) (int64, error)

func (*DomainStore) GetByDomain added in v0.1.1 

func (s *DomainStore) GetByDomain(ctx context.Context, domain string) (*model.AccountDomain, error)

func (*DomainStore) GetByID added in v0.1.1 

func (s *DomainStore) GetByID(ctx context.Context, id uuid.UUID) (*model.AccountDomain, error)

func (*DomainStore) GetDeviceAliasDomains added in v0.1.1 

func (s *DomainStore) GetDeviceAliasDomains(ctx context.Context, deviceID uuid.UUID) ([]string, error)

GetDeviceAliasDomains returns verified domain strings for a device.

func (*DomainStore) HasConflictingDomain added in v0.1.1 

func (s *DomainStore) HasConflictingDomain(ctx context.Context, accountID uuid.UUID, domain string) (bool, error)

func (*DomainStore) ListAssignments added in v0.1.1 

func (s *DomainStore) ListAssignments(ctx context.Context, domainID uuid.UUID) ([]*model.DomainAssignment, error)

ListAssignments returns all device assignments for a domain.

func (*DomainStore) ListByAccountID added in v0.1.1 

func (s *DomainStore) ListByAccountID(ctx context.Context, accountID uuid.UUID) ([]*model.AccountDomain, error)

func (*DomainStore) UnassignDevice added in v0.1.1 

func (s *DomainStore) UnassignDevice(ctx context.Context, domainID, deviceID uuid.UUID) error

UnassignDevice removes a device assignment from a domain.

func (*DomainStore) UpdateVerified added in v0.1.1 

func (s *DomainStore) UpdateVerified(ctx context.Context, id uuid.UUID, verifiedByDeviceID uuid.UUID) error

type InactiveNexus added in v0.1.6 

type InactiveNexus struct {
	ID       uuid.UUID
	Hostname string
}

type InviteStore added in v0.1.4 

type InviteStore struct {
	// contains filtered or unexported fields
}

func NewInviteStore added in v0.1.4 

func NewInviteStore(pool *pgxpool.Pool) *InviteStore

func (*InviteStore) Consume added in v0.1.4 

func (s *InviteStore) Consume(ctx context.Context, inviteID uuid.UUID, deviceID uuid.UUID) error

func (*InviteStore) CountActiveByAccount added in v0.1.4 

func (s *InviteStore) CountActiveByAccount(ctx context.Context, accountID uuid.UUID) (int, error)

CountActiveByAccount returns the number of unconsumed, unexpired invites for an account.

func (*InviteStore) Create added in v0.1.4 

func (s *InviteStore) Create(ctx context.Context, invite *model.AccountInvite) error

func (*InviteStore) DeleteExpired added in v0.1.4 

func (s *InviteStore) DeleteExpired(ctx context.Context) (int64, error)

DeleteExpired removes expired unconsumed invites. Returns the number deleted.

func (*InviteStore) GetByCodeHash added in v0.1.4 

func (s *InviteStore) GetByCodeHash(ctx context.Context, codeHash string) (*model.AccountInvite, error)

type IssuerSummary added in v0.1.6 

type IssuerSummary struct {
	Total   int            `json:"total"`
	ByTier  map[string]int `json:"by_tier"`
	Flagged int            `json:"flagged"`
}

IssuerSummary holds aggregate counts of EK issuers by tier.

type LastSeenBatcher added in v0.1.5 

type LastSeenBatcher struct {
	// contains filtered or unexported fields
}

LastSeenBatcher coalesces per-request UpdateLastSeen writes into periodic batch UPDATEs. This replaces unbounded fire-and-forget goroutines with a single flush goroutine.

func NewLastSeenBatcher added in v0.1.5 

func NewLastSeenBatcher(pool *pgxpool.Pool, logger *slog.Logger) *LastSeenBatcher

func (*LastSeenBatcher) Flush added in v0.1.5 

func (b *LastSeenBatcher) Flush(ctx context.Context)

Flush writes all pending updates to the database. Safe to call from shutdown code.

func (*LastSeenBatcher) FlushLoop added in v0.1.5 

func (b *LastSeenBatcher) FlushLoop(ctx context.Context, interval time.Duration)

FlushLoop periodically flushes pending updates. Sequential: waits for each flush to complete before starting the next. Stops when ctx is cancelled.

func (*LastSeenBatcher) Record added in v0.1.5 

func (b *LastSeenBatcher) Record(deviceID uuid.UUID, ip net.IP)

Record stores a last-seen update to be flushed later. Non-blocking, no DB call.

type NexusStore 

type NexusStore struct {
	// contains filtered or unexported fields
}

func NewNexusStore 

func NewNexusStore(pool *pgxpool.Pool) *NexusStore

func (*NexusStore) CountByStatus added in v0.1.6 

func (s *NexusStore) CountByStatus(ctx context.Context) (map[string]int, error)

CountByStatus returns nexus instance counts grouped by status.

func (*NexusStore) GetByHostname 

func (s *NexusStore) GetByHostname(ctx context.Context, hostname string) (*model.NexusInstance, error)

func (*NexusStore) ListActive 

func (s *NexusStore) ListActive(ctx context.Context) ([]*model.NexusInstance, error)

func (*NexusStore) MarkInactive 

func (s *NexusStore) MarkInactive(ctx context.Context, thresholdSeconds int) ([]InactiveNexus, error)

func (*NexusStore) UpdateResolvedAddresses 

func (s *NexusStore) UpdateResolvedAddresses(ctx context.Context, id uuid.UUID, addrs []net.IP) error

func (*NexusStore) Upsert 

func (s *NexusStore) Upsert(ctx context.Context, n *model.NexusInstance) error

type PCRCensusEligibleDevice added in v0.1.5 

type PCRCensusEligibleDevice struct {
	IssuerFingerprint *string
	OSVersion         *string
	PCRValues         map[string]string
}

PCRCensusEligibleDevice holds minimal data for PCR census aggregation.

type PromotionCandidateStats added in v0.1.5 

type PromotionCandidateStats struct {
	DeviceCount     int
	DistinctSubnets int
	SpanDays        int
}

PromotionCandidateStats holds aggregated stats for evaluating CA promotion criteria.

type RecoveryStore added in v0.1.4 

type RecoveryStore struct {
	// contains filtered or unexported fields
}

func NewRecoveryStore added in v0.1.4 

func NewRecoveryStore(pool *pgxpool.Pool) *RecoveryStore

func (*RecoveryStore) AttributeClaim added in v0.1.4 

func (s *RecoveryStore) AttributeClaim(ctx context.Context, claimID uuid.UUID) error

AttributeClaim marks a claim as attributed.

func (*RecoveryStore) CountAttributedByAccount added in v0.1.4 

func (s *RecoveryStore) CountAttributedByAccount(ctx context.Context, accountID uuid.UUID) (int, error)

CountAttributedByAccount returns the count of attributed claims for an account.

func (*RecoveryStore) CountDistinctDevicesByAccount added in v0.1.4 

func (s *RecoveryStore) CountDistinctDevicesByAccount(ctx context.Context, accountID uuid.UUID) (int, error)

CountDistinctDevicesByAccount returns the number of distinct devices with attributed claims.

func (*RecoveryStore) CountExpectedMembersByAccount added in v0.1.4 

func (s *RecoveryStore) CountExpectedMembersByAccount(ctx context.Context, accountID uuid.UUID) (int, error)

CountExpectedMembersByAccount returns the number of distinct EK fingerprints referenced across all recovery claims for an account (both issuer and subject). This gives the expected account size from the voucher graph.

func (*RecoveryStore) DeleteByAccount added in v0.1.4 

func (s *RecoveryStore) DeleteByAccount(ctx context.Context, accountID uuid.UUID) (int64, error)

DeleteByAccount removes all recovery claims for an account.

func (*RecoveryStore) DeleteClaimsForActiveAccounts added in v0.1.4 

func (s *RecoveryStore) DeleteClaimsForActiveAccounts(ctx context.Context, retentionDays int) (int64, error)

DeleteClaimsForActiveAccounts removes claims whose account is now active and were created more than retentionDays ago (24h retention for forensic review per RFC).

func (*RecoveryStore) DeleteOrphaned added in v0.1.4 

func (s *RecoveryStore) DeleteOrphaned(ctx context.Context, olderThanDays int) (int64, error)

DeleteOrphaned removes claims older than the given age whose account doesn't exist.

func (*RecoveryStore) GetByAccount added in v0.1.4 

func (s *RecoveryStore) GetByAccount(ctx context.Context, accountID uuid.UUID) ([]model.RecoveryClaim, error)

GetByAccount returns all recovery claims for a given account.

func (*RecoveryStore) GetMaxEpochByAccount added in v0.1.4 

func (s *RecoveryStore) GetMaxEpochByAccount(ctx context.Context, accountID uuid.UUID) (int, error)

GetMaxEpochByAccount returns the maximum voucher epoch for an account.

func (*RecoveryStore) GetUnattributedByIssuer added in v0.1.4 

func (s *RecoveryStore) GetUnattributedByIssuer(ctx context.Context, issuerEKFingerprint string) ([]model.RecoveryClaim, error)

GetUnattributedByIssuer returns unattributed, non-rejected claims from a specific issuer EK.

func (*RecoveryStore) HasUnattributedClaims added in v0.1.4 

func (s *RecoveryStore) HasUnattributedClaims(ctx context.Context, issuerEKFingerprint string) (bool, error)

HasUnattributedClaims checks if there are any unattributed claims from this issuer.

func (*RecoveryStore) ListPendingRecoveryAccounts added in v0.1.4 

func (s *RecoveryStore) ListPendingRecoveryAccounts(ctx context.Context) ([]uuid.UUID, error)

ListPendingRecoveryAccounts returns account IDs in pending_recovery state.

func (*RecoveryStore) RejectClaim added in v0.1.4 

func (s *RecoveryStore) RejectClaim(ctx context.Context, claimID uuid.UUID, reason string) error

RejectClaim marks a claim as rejected with a reason.

func (*RecoveryStore) UpsertClaim added in v0.1.4 

func (s *RecoveryStore) UpsertClaim(ctx context.Context, claim *model.RecoveryClaim) error

UpsertClaim inserts or updates a recovery claim.

type SetCustomHostnameParams 

type SetCustomHostnameParams struct {
	DeviceID       uuid.UUID
	CustomHostname string
	ChangeCount    int
	HostnameYear   int
}

type Stores 

type Stores struct {
	Device   *DeviceStore
	Nexus    *NexusStore
	ACME     *ACMEStore
	Audit    *AuditStore
	Account  *AccountStore
	Domain   *DomainStore
	Invite   *InviteStore
	Voucher  *VoucherStore
	Recovery *RecoveryStore
	Census   *CensusStore
}

func New 

func New(pool *pgxpool.Pool) *Stores

type VoucherStore added in v0.1.4 

type VoucherStore struct {
	// contains filtered or unexported fields
}

func NewVoucherStore added in v0.1.4 

func NewVoucherStore(pool *pgxpool.Pool) *VoucherStore

func (*VoucherStore) CreateRequest added in v0.1.4 

func (s *VoucherStore) CreateRequest(ctx context.Context, req *model.VoucherRequest) error

CreateRequest upserts a voucher request. If a request for this issuer/subject pair already exists, it is replaced (new epoch, new voucher data).

func (*VoucherStore) ExpireStale added in v0.1.4 

func (s *VoucherStore) ExpireStale(ctx context.Context, maxAge time.Duration) (int64, error)

ExpireStale marks unfulfilled requests older than maxAge as expired.

func (*VoucherStore) GetByID added in v0.1.4 

func (s *VoucherStore) GetByID(ctx context.Context, id uuid.UUID) (*model.VoucherRequest, error)

GetByID returns a voucher request by ID.

func (*VoucherStore) GetPendingForDevice added in v0.1.4 

func (s *VoucherStore) GetPendingForDevice(ctx context.Context, deviceID uuid.UUID) ([]model.VoucherRequest, error)

GetPendingForDevice returns pending voucher requests where the device is the issuer.

func (*VoucherStore) GetSignedForSubject added in v0.1.4 

func (s *VoucherStore) GetSignedForSubject(ctx context.Context, subjectDeviceID uuid.UUID) ([]model.VoucherRequest, error)

GetSignedForSubject returns signed voucher requests where the device is the subject.

func (*VoucherStore) SignRequest added in v0.1.4 

func (s *VoucherStore) SignRequest(ctx context.Context, requestID uuid.UUID, quote string) error

SignRequest marks a voucher request as signed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.