sqlite

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package sqlite implements store.Store using SQLite via modernc.org/sqlite. Migrations are embedded and run automatically on Open.

Type translations from the postgres backend:

UUID         → TEXT (uuid.UUID's Scan/Value handle the round trip)
BOOLEAN      → INTEGER (0/1; database/sql converts bool↔int)
BYTEA        → BLOB
TEXT[]       → TEXT (JSON-encoded; see the stringArray helper)
JSONB        → TEXT
TIMESTAMPTZ  → DATETIME (modernc.org/sqlite stores time.Time as RFC3339)

Nullable UUID/time columns are scanned via sql.NullString / sql.NullTime because google/uuid does not implement Scan for the **uuid.UUID indirection that database/sql would need to write a NULL into a *uuid.UUID field.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DB

type DB struct {
	// contains filtered or unexported fields
}

DB wraps sql.DB and implements store.Store.

func Open

func Open(path string) (*DB, error)

Open opens (or creates) the SQLite database at path and runs migrations. SQLite is single-writer; one connection avoids locking contention.

func (*DB) AddAWSRevokedUser added in v0.2.0

func (s *DB) AddAWSRevokedUser(ctx context.Context, roleID uuid.UUID, subUUID string) error

func (*DB) AddGroupMember

func (s *DB) AddGroupMember(ctx context.Context, groupID, userID uuid.UUID) error

func (*DB) Close

func (s *DB) Close() error

func (*DB) CountUsers

func (s *DB) CountUsers(ctx context.Context) (int, error)

func (*DB) CreateAWSAccount added in v0.2.0

func (s *DB) CreateAWSAccount(ctx context.Context, a *model.AWSAccount) error

func (*DB) CreateAWSRole added in v0.2.0

func (s *DB) CreateAWSRole(ctx context.Context, r *model.AWSRole) error

func (*DB) CreateAWSRoleAssignment added in v0.2.0

func (s *DB) CreateAWSRoleAssignment(ctx context.Context, a *model.AWSRoleAssignment) error

func (*DB) CreateClient

func (s *DB) CreateClient(ctx context.Context, clientID, clientSecretHash, name string, redirectURIs, scopes []string, public bool, backchannelLogoutURI *string) (*model.Client, error)

func (*DB) CreateDeviceGrant added in v0.3.0

func (s *DB) CreateDeviceGrant(ctx context.Context, g *model.DeviceGrant) error

func (*DB) CreateGrant

func (s *DB) CreateGrant(ctx context.Context, g *model.Grant) error

func (*DB) CreateGroup

func (s *DB) CreateGroup(ctx context.Context, displayName string) (*model.SCIMGroup, error)

func (*DB) CreateIntegration

func (s *DB) CreateIntegration(ctx context.Context, i *model.AppIntegration) error

func (*DB) CreateSession

func (s *DB) CreateSession(ctx context.Context, sess *model.Session) error

func (*DB) CreateSigningKey

func (s *DB) CreateSigningKey(ctx context.Context, k *model.SigningKey) error

func (*DB) CreateTOTPCredential

func (s *DB) CreateTOTPCredential(ctx context.Context, c *model.TOTPCredential) error

func (*DB) CreateUser

func (s *DB) CreateUser(ctx context.Context, email, passwordHash, name string) (*model.User, error)

func (*DB) CreateWebAuthnCredential

func (s *DB) CreateWebAuthnCredential(ctx context.Context, c *model.WebAuthnCredential) error

func (*DB) CreateWebAuthnSession

func (s *DB) CreateWebAuthnSession(ctx context.Context, userID uuid.UUID, data []byte, purpose string) (uuid.UUID, error)

func (*DB) DeactivateSigningKey

func (s *DB) DeactivateSigningKey(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteAWSAccount added in v0.2.0

func (s *DB) DeleteAWSAccount(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteAWSRevokedUser added in v0.2.0

func (s *DB) DeleteAWSRevokedUser(ctx context.Context, roleID uuid.UUID, subUUID string) error

func (*DB) DeleteAWSRole added in v0.2.0

func (s *DB) DeleteAWSRole(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteAWSRoleAssignment added in v0.2.0

func (s *DB) DeleteAWSRoleAssignment(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteClient

func (s *DB) DeleteClient(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteExpiredDeviceGrants added in v0.3.0

func (s *DB) DeleteExpiredDeviceGrants(ctx context.Context) (int, error)

func (*DB) DeleteExpiredGrants

func (s *DB) DeleteExpiredGrants(ctx context.Context) error

func (*DB) DeleteExpiredSessions

func (s *DB) DeleteExpiredSessions(ctx context.Context) error

func (*DB) DeleteExternalID

func (s *DB) DeleteExternalID(ctx context.Context, provider string, userID uuid.UUID) error

func (*DB) DeleteGroup

func (s *DB) DeleteGroup(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteIntegration

func (s *DB) DeleteIntegration(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteSession

func (s *DB) DeleteSession(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteSessionsByUserID

func (s *DB) DeleteSessionsByUserID(ctx context.Context, userID uuid.UUID) error

func (*DB) DeleteTOTP

func (s *DB) DeleteTOTP(ctx context.Context, userID uuid.UUID) error

func (*DB) DeleteUser

func (s *DB) DeleteUser(ctx context.Context, id uuid.UUID) error

func (*DB) DeleteWebAuthnCredential

func (s *DB) DeleteWebAuthnCredential(ctx context.Context, id uuid.UUID, userID uuid.UUID) error

func (*DB) DeleteWebAuthnSession

func (s *DB) DeleteWebAuthnSession(ctx context.Context, id uuid.UUID) error

func (*DB) EnableTOTP

func (s *DB) EnableTOTP(ctx context.Context, id uuid.UUID) error

func (*DB) ExtendSessionExpiry

func (s *DB) ExtendSessionExpiry(ctx context.Context, id uuid.UUID, newExpiry time.Time) error

func (*DB) GetAWSAccount added in v0.2.0

func (s *DB) GetAWSAccount(ctx context.Context, id uuid.UUID) (*model.AWSAccount, error)

func (*DB) GetAWSRole added in v0.2.0

func (s *DB) GetAWSRole(ctx context.Context, id uuid.UUID) (*model.AWSRole, error)

func (*DB) GetActiveSigningKey

func (s *DB) GetActiveSigningKey(ctx context.Context) (*model.SigningKey, error)

func (*DB) GetClientByClientID

func (s *DB) GetClientByClientID(ctx context.Context, clientID string) (*model.Client, error)

func (*DB) GetClientByID

func (s *DB) GetClientByID(ctx context.Context, id uuid.UUID) (*model.Client, error)

func (*DB) GetDeviceGrantByDeviceCodeHash added in v0.3.0

func (s *DB) GetDeviceGrantByDeviceCodeHash(ctx context.Context, hash string) (*model.DeviceGrant, error)

func (*DB) GetDeviceGrantByUserCodeHash added in v0.3.0

func (s *DB) GetDeviceGrantByUserCodeHash(ctx context.Context, hash string) (*model.DeviceGrant, error)

func (*DB) GetExternalID

func (s *DB) GetExternalID(ctx context.Context, provider string, userID uuid.UUID) (string, error)

func (*DB) GetGrantByCodeHash

func (s *DB) GetGrantByCodeHash(ctx context.Context, codeHash string) (*model.Grant, error)

func (*DB) GetGroupByID

func (s *DB) GetGroupByID(ctx context.Context, id uuid.UUID) (*model.SCIMGroup, error)

func (*DB) GetIntegration

func (s *DB) GetIntegration(ctx context.Context, id uuid.UUID) (*model.AppIntegration, error)

func (*DB) GetIntegrationByName

func (s *DB) GetIntegrationByName(ctx context.Context, name string) (*model.AppIntegration, error)

func (*DB) GetSessionByAccessTokenHash

func (s *DB) GetSessionByAccessTokenHash(ctx context.Context, hash string) (*model.Session, error)

func (*DB) GetSessionByRefreshTokenHash

func (s *DB) GetSessionByRefreshTokenHash(ctx context.Context, hash string) (*model.Session, error)

func (*DB) GetTOTPByUserID

func (s *DB) GetTOTPByUserID(ctx context.Context, userID uuid.UUID) (*model.TOTPCredential, error)

func (*DB) GetUserByEmail

func (s *DB) GetUserByEmail(ctx context.Context, email string) (*model.User, error)

func (*DB) GetUserByID

func (s *DB) GetUserByID(ctx context.Context, id uuid.UUID) (*model.User, error)

func (*DB) GetWebAuthnCredentialByCredentialID

func (s *DB) GetWebAuthnCredentialByCredentialID(ctx context.Context, credID []byte) (*model.WebAuthnCredential, error)

func (*DB) GetWebAuthnSession

func (s *DB) GetWebAuthnSession(ctx context.Context, id uuid.UUID, userID uuid.UUID, purpose string) ([]byte, error)

func (*DB) ListAWSAccounts added in v0.2.0

func (s *DB) ListAWSAccounts(ctx context.Context) ([]*model.AWSAccount, error)

func (*DB) ListAWSRevokedUsers added in v0.2.0

func (s *DB) ListAWSRevokedUsers(ctx context.Context, roleID uuid.UUID) ([]*model.AWSRevokedUser, error)

func (*DB) ListAWSRevokedUsersOlderThan added in v0.2.0

func (s *DB) ListAWSRevokedUsersOlderThan(ctx context.Context, cutoff time.Time) ([]*model.AWSRevokedUser, error)

func (*DB) ListAWSRoleAssignments added in v0.2.0

func (s *DB) ListAWSRoleAssignments(ctx context.Context) ([]*model.AWSRoleAssignment, error)

func (*DB) ListAWSRoles added in v0.2.0

func (s *DB) ListAWSRoles(ctx context.Context) ([]*model.AWSRole, error)

func (*DB) ListAWSRolesForUser added in v0.2.0

func (s *DB) ListAWSRolesForUser(ctx context.Context, userID uuid.UUID) ([]*model.AWSRole, error)

func (*DB) ListActiveSigningKeys

func (s *DB) ListActiveSigningKeys(ctx context.Context) ([]*model.SigningKey, error)

func (*DB) ListClientVisibility added in v0.2.0

func (s *DB) ListClientVisibility(ctx context.Context, clientID uuid.UUID) ([]uuid.UUID, error)

func (*DB) ListClients

func (s *DB) ListClients(ctx context.Context) ([]*model.Client, error)

func (*DB) ListEnabledIntegrations

func (s *DB) ListEnabledIntegrations(ctx context.Context) ([]*model.AppIntegration, error)

func (*DB) ListGroups

func (s *DB) ListGroups(ctx context.Context) ([]*model.SCIMGroup, error)

func (*DB) ListIntegrations

func (s *DB) ListIntegrations(ctx context.Context) ([]*model.AppIntegration, error)

func (*DB) ListPortalClientsForUser added in v0.2.0

func (s *DB) ListPortalClientsForUser(ctx context.Context, userID uuid.UUID) ([]*model.Client, error)

ListPortalClientsForUser: see postgres equivalent for design notes. SQLite needs `c.` prefixes hand-written rather than the prefixCols helper used in postgres, because the column list interpolation happens at compile time of the SQL string and SQLite's parser is stricter about it. Kept the column list inline for readability.

func (*DB) ListSessionClientIDsByUser

func (s *DB) ListSessionClientIDsByUser(ctx context.Context, userID uuid.UUID) ([]uuid.UUID, error)

func (*DB) ListUsers

func (s *DB) ListUsers(ctx context.Context) ([]*model.User, error)

func (*DB) ListWebAuthnCredentials

func (s *DB) ListWebAuthnCredentials(ctx context.Context, userID uuid.UUID) ([]*model.WebAuthnCredential, error)

func (*DB) MarkDeviceGrantApproved added in v0.3.0

func (s *DB) MarkDeviceGrantApproved(ctx context.Context, id, userID uuid.UUID, mfaVerified bool, mfaVerifiedAt *time.Time, approverIP string) error

func (*DB) MarkDeviceGrantDenied added in v0.3.0

func (s *DB) MarkDeviceGrantDenied(ctx context.Context, id uuid.UUID, approverIP string) error

func (*DB) MarkDeviceGrantRedeemed added in v0.3.0

func (s *DB) MarkDeviceGrantRedeemed(ctx context.Context, id uuid.UUID) error

func (*DB) MarkGrantUsed

func (s *DB) MarkGrantUsed(ctx context.Context, id uuid.UUID) error

func (*DB) MarkSessionMFA added in v0.3.0

func (s *DB) MarkSessionMFA(ctx context.Context, id uuid.UUID, when time.Time) error

MarkSessionMFA updates the MFA freshness columns on an existing session. Called after a step-up MFA challenge succeeds so the next step-up gate sees a fresh timestamp without minting a new session row.

func (*DB) RemoveGroupMember

func (s *DB) RemoveGroupMember(ctx context.Context, groupID, userID uuid.UUID) error

func (*DB) ReplaceClientVisibility added in v0.2.0

func (s *DB) ReplaceClientVisibility(ctx context.Context, clientID uuid.UUID, groupIDs []uuid.UUID) error

func (*DB) ReplaceGroupMembers

func (s *DB) ReplaceGroupMembers(ctx context.Context, groupID uuid.UUID, memberIDs []uuid.UUID) error

func (*DB) RotateRefreshToken

func (s *DB) RotateRefreshToken(ctx context.Context, id uuid.UUID, newRefreshHash string, newAccessExpiry, newRefreshExpiry time.Time) error

func (*DB) SetExternalID

func (s *DB) SetExternalID(ctx context.Context, provider string, userID uuid.UUID, externalID string) error

func (*DB) SetUserActive

func (s *DB) SetUserActive(ctx context.Context, id uuid.UUID, active bool) error

func (*DB) SetUserAdmin

func (s *DB) SetUserAdmin(ctx context.Context, id uuid.UUID, isAdmin bool) error

func (*DB) SetUserMustChangePassword added in v0.2.0

func (s *DB) SetUserMustChangePassword(ctx context.Context, id uuid.UUID, flag bool) error

func (*DB) SetUserSCIMExternalID

func (s *DB) SetUserSCIMExternalID(ctx context.Context, id uuid.UUID, externalID string) error

func (*DB) UpdateAWSAccount added in v0.2.0

func (s *DB) UpdateAWSAccount(ctx context.Context, a *model.AWSAccount) error

func (*DB) UpdateAWSRole added in v0.2.0

func (s *DB) UpdateAWSRole(ctx context.Context, r *model.AWSRole) error

func (*DB) UpdateClient

func (s *DB) UpdateClient(ctx context.Context, id uuid.UUID, name string, redirectURIs, scopes []string, public bool, backchannelLogoutURI *string) error

func (*DB) UpdateClientDeviceGrant added in v0.3.0

func (s *DB) UpdateClientDeviceGrant(ctx context.Context, id uuid.UUID, allow bool) error

UpdateClientDeviceGrant flips the per-client opt-in for the RFC 8628 device authorization flow. Separate from UpdateClient so the admin edit form can save this independently of the core fields.

func (*DB) UpdateClientPortalConfig added in v0.2.0

func (s *DB) UpdateClientPortalConfig(ctx context.Context, id uuid.UUID, showInPortal bool, launchURL, brandColor, iconURL string, visibleToAll bool) error

func (*DB) UpdateClientSecret

func (s *DB) UpdateClientSecret(ctx context.Context, id uuid.UUID, secretHash string) error

func (*DB) UpdateDeviceGrantPoll added in v0.3.0

func (s *DB) UpdateDeviceGrantPoll(ctx context.Context, id uuid.UUID, now time.Time, intervalSec int) error

func (*DB) UpdateGroup

func (s *DB) UpdateGroup(ctx context.Context, id uuid.UUID, displayName string) error

func (*DB) UpdateIntegration

func (s *DB) UpdateIntegration(ctx context.Context, i *model.AppIntegration) error

func (*DB) UpdateSessionActivity

func (s *DB) UpdateSessionActivity(ctx context.Context, id uuid.UUID, lastActivity time.Time) error

func (*DB) UpdateUser

func (s *DB) UpdateUser(ctx context.Context, id uuid.UUID, name string, active bool) error

func (*DB) UpdateUserFailedAttempts

func (s *DB) UpdateUserFailedAttempts(ctx context.Context, id uuid.UUID, count int, lockedUntil *time.Time) error

func (*DB) UpdateUserMFAEnabled

func (s *DB) UpdateUserMFAEnabled(ctx context.Context, id uuid.UUID, enabled bool) error

func (*DB) UpdateUserPassword

func (s *DB) UpdateUserPassword(ctx context.Context, id uuid.UUID, passwordHash string) error

UpdateUserPassword writes a new password hash and resets the rotate-required flag in the same statement. See the postgres equivalent for design notes.

func (*DB) UpdateWebAuthnSignCount

func (s *DB) UpdateWebAuthnSignCount(ctx context.Context, id uuid.UUID, signCount uint32, lastUsed time.Time) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL