store

package
v0.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrUsernameConflict is returned when a username already exists
	ErrUsernameConflict = errors.New("username already exists")

	// ErrAuthCodeAlreadyUsed is returned by MarkAuthorizationCodeUsed when the
	// code was already consumed by a concurrent request (0 rows updated).
	ErrAuthCodeAlreadyUsed = errors.New("authorization code already used")

	// ErrDeviceCodeAlreadyAuthorized is returned by AuthorizeDeviceCode when the
	// device code was already authorized by a concurrent request (0 rows updated).
	ErrDeviceCodeAlreadyAuthorized = errors.New("device code already authorized")
)
View Source 
var (
	NewPaginationParams = types.NewPaginationParams
	CalculatePagination = types.CalculatePagination
)

Re-export functions.

Functions

func GetDialector 

func GetDialector(driver, dsn string) (gorm.Dialector, error)

GetDialector returns a GORM dialector for the given driver name and DSN

func RegisterDriver 

func RegisterDriver(name string, factory DriverFactory)

RegisterDriver allows registering custom database drivers

Types

type AuditLogFilters 

type AuditLogFilters = types.AuditLogFilters

Re-export types from store/types for backward compatibility.

type AuditLogStats 

type AuditLogStats = types.AuditLogStats

Re-export types from store/types for backward compatibility.

type DashboardCounts added in v0.24.0 

type DashboardCounts = types.DashboardCounts

Re-export types from store/types for backward compatibility.

type DriverFactory 

type DriverFactory func(dsn string) gorm.Dialector

DriverFactory is a function that creates a gorm.Dialector

type PaginationParams 

type PaginationParams = types.PaginationParams

Re-export types from store/types for backward compatibility.

type PaginationResult 

type PaginationResult = types.PaginationResult

Re-export types from store/types for backward compatibility.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

func New 

func New(ctx context.Context, driver, dsn string, cfg *config.Config) (*Store, error)

func (*Store) AuthorizeDeviceCode added in v0.24.0 

func (s *Store) AuthorizeDeviceCode(id int64, userID string) error

AuthorizeDeviceCode atomically marks a device code as authorized by a user. It uses a WHERE clause to ensure only one concurrent request wins; the loser receives ErrDeviceCodeAlreadyAuthorized (0 rows updated).

func (*Store) Close 

func (s *Store) Close(ctx context.Context) error

Close gracefully closes the database connection with timeout support

func (*Store) CountActiveTokensByCategory 

func (s *Store) CountActiveTokensByCategory(category string) (int64, error)

CountActiveTokensByCategory counts active, non-expired tokens by category

func (*Store) CountActiveTokensByClientID 

func (s *Store) CountActiveTokensByClientID(clientID string) (int64, error)

CountActiveTokensByClientID counts active tokens for a specific client

func (*Store) CountClientsByStatus added in v0.17.0 

func (s *Store) CountClientsByStatus(status string) (int64, error)

CountClientsByStatus returns the number of clients with the given status

func (*Store) CountPendingDeviceCodes 

func (s *Store) CountPendingDeviceCodes() (int64, error)

CountPendingDeviceCodes counts pending (not yet authorized) device codes

func (*Store) CountTotalDeviceCodes 

func (s *Store) CountTotalDeviceCodes() (int64, error)

CountTotalDeviceCodes counts all non-expired device codes

func (*Store) CountUsersByRole added in v0.24.0 

func (s *Store) CountUsersByRole(role string) (int64, error)

CountUsersByRole returns the number of users with the given role.

func (*Store) CreateAccessToken 

func (s *Store) CreateAccessToken(token *models.AccessToken) error

func (*Store) CreateAuditLog 

func (s *Store) CreateAuditLog(log *models.AuditLog) error

CreateAuditLog creates a single audit log entry

func (*Store) CreateAuditLogBatch 

func (s *Store) CreateAuditLogBatch(logs []*models.AuditLog) error

CreateAuditLogBatch creates multiple audit log entries in a single transaction

func (*Store) CreateAuthorizationCode 

func (s *Store) CreateAuthorizationCode(code *models.AuthorizationCode) error

CreateAuthorizationCode persists a new authorization code

func (*Store) CreateClient 

func (s *Store) CreateClient(client *models.OAuthApplication) error

func (*Store) CreateDeviceCode 

func (s *Store) CreateDeviceCode(dc *models.DeviceCode) error

CreateDeviceCode creates a new device code

func (*Store) CreateOAuthConnection 

func (s *Store) CreateOAuthConnection(conn *models.OAuthConnection) error

CreateOAuthConnection creates a new OAuth connection

func (*Store) CreateUser 

func (s *Store) CreateUser(user *models.User) error

CreateUser creates a new user

func (*Store) DB deprecated 

func (s *Store) DB() *gorm.DB

DB returns the underlying GORM database connection (for transactions)

Deprecated: use RunInTransaction instead of accessing the raw DB handle.

func (*Store) DeleteClient 

func (s *Store) DeleteClient(clientID string) error

func (*Store) DeleteDeviceCodeByID 

func (s *Store) DeleteDeviceCodeByID(id int64) error

DeleteDeviceCodeByID deletes device code by ID (primary key)

func (*Store) DeleteExpiredDeviceCodes 

func (s *Store) DeleteExpiredDeviceCodes() error

func (*Store) DeleteExpiredTokens 

func (s *Store) DeleteExpiredTokens() error

func (*Store) DeleteOAuthConnection 

func (s *Store) DeleteOAuthConnection(id string) error

DeleteOAuthConnection deletes an OAuth connection by ID

func (*Store) DeleteOAuthConnectionsByUserID added in v0.24.0 

func (s *Store) DeleteOAuthConnectionsByUserID(userID string) error

DeleteOAuthConnectionsByUserID deletes all OAuth connections for a user.

func (*Store) DeleteOldAuditLogs 

func (s *Store) DeleteOldAuditLogs(olderThan time.Time) (int64, error)

DeleteOldAuditLogs deletes audit logs older than the specified time

func (*Store) DeleteUser 

func (s *Store) DeleteUser(id string) error

DeleteUser deletes a user by ID

func (*Store) GetAccessTokenByHash added in v0.15.0 

func (s *Store) GetAccessTokenByHash(hash string) (*models.AccessToken, error)

func (*Store) GetAccessTokenByID 

func (s *Store) GetAccessTokenByID(tokenID string) (*models.AccessToken, error)

func (*Store) GetActiveTokenHashesByAuthorizationID added in v0.24.0 

func (s *Store) GetActiveTokenHashesByAuthorizationID(authorizationID uint) ([]string, error)

GetActiveTokenHashesByAuthorizationID returns token hashes for all active tokens linked to a specific UserAuthorization. Used for cache invalidation before bulk revocation.

func (*Store) GetActiveTokenHashesByClientID added in v0.24.0 

func (s *Store) GetActiveTokenHashesByClientID(clientID string) ([]string, error)

GetActiveTokenHashesByClientID returns token hashes for all active tokens belonging to a specific client. Used for cache invalidation before bulk revocation.

func (*Store) GetActiveTokenHashesByFamilyID added in v0.23.0 

func (s *Store) GetActiveTokenHashesByFamilyID(familyID string) ([]string, error)

GetActiveTokenHashesByFamilyID returns token hashes for all active tokens in a family. Used for cache invalidation before bulk revocation.

func (*Store) GetAuditLogStats 

func (s *Store) GetAuditLogStats(startTime, endTime time.Time) (AuditLogStats, error)

GetAuditLogStats returns statistics about audit logs in a given time range

func (*Store) GetAuditLogsPaginated 

func (s *Store) GetAuditLogsPaginated(
	params PaginationParams,
	filters AuditLogFilters,
) ([]models.AuditLog, PaginationResult, error)

GetAuditLogsPaginated retrieves audit logs with pagination and filtering

func (*Store) GetAuthorizationCodeByHash 

func (s *Store) GetAuthorizationCodeByHash(hash string) (*models.AuthorizationCode, error)

GetAuthorizationCodeByHash retrieves an authorization code by its SHA-256 hash

func (*Store) GetClient 

func (s *Store) GetClient(clientID string) (*models.OAuthApplication, error)

func (*Store) GetClientAuthorizations 

func (s *Store) GetClientAuthorizations(clientID string) ([]models.UserAuthorization, error)

GetClientAuthorizations returns all active consent records for a client, ordered by grant date

func (*Store) GetClientByIntID 

func (s *Store) GetClientByIntID(id int64) (*models.OAuthApplication, error)

GetClientByIntID retrieves an OAuth application by its integer primary key

func (*Store) GetClientsByIDs 

func (s *Store) GetClientsByIDs(clientIDs []string) (map[string]*models.OAuthApplication, error)

func (*Store) GetDashboardCounts added in v0.24.0 

func (s *Store) GetDashboardCounts() (DashboardCounts, error)

GetDashboardCounts returns all dashboard metrics in a single raw SQL query using scalar subselects. Works on both SQLite and PostgreSQL.

func (*Store) GetDeviceCodeByUserCode 

func (s *Store) GetDeviceCodeByUserCode(userCode string) (*models.DeviceCode, error)

GetDeviceCodeByUserCode retrieves a device code by user code

func (*Store) GetDeviceCodesByID 

func (s *Store) GetDeviceCodesByID(deviceCodeID string) ([]*models.DeviceCode, error)

GetDeviceCodesByID retrieves all device codes with matching ID suffix Used for hash verification during token exchange

func (*Store) GetOAuthConnection 

func (s *Store) GetOAuthConnection(
	provider, providerUserID string,
) (*models.OAuthConnection, error)

GetOAuthConnection finds an OAuth connection by provider and provider user ID

func (*Store) GetOAuthConnectionByUserAndProvider 

func (s *Store) GetOAuthConnectionByUserAndProvider(
	userID, provider string,
) (*models.OAuthConnection, error)

GetOAuthConnectionByUserAndProvider finds an OAuth connection by user ID and provider

func (*Store) GetOAuthConnectionsByUserID 

func (s *Store) GetOAuthConnectionsByUserID(userID string) ([]models.OAuthConnection, error)

GetOAuthConnectionsByUserID returns all OAuth connections for a user

func (*Store) GetTokenHashesByUserID added in v0.24.0 

func (s *Store) GetTokenHashesByUserID(userID string) ([]string, error)

GetTokenHashesByUserID returns token hashes for all tokens belonging to a user (any status). Unlike GetActiveTokenHashesBy*, this includes revoked/disabled tokens because the caller (RevokeTokensByUserID) performs a hard DELETE regardless of status.

func (*Store) GetTokensByCategoryAndStatus 

func (s *Store) GetTokensByCategoryAndStatus(
	userID, category, status string,
) ([]models.AccessToken, error)

GetTokensByCategoryAndStatus returns tokens filtered by category and status

func (*Store) GetTokensByUserID 

func (s *Store) GetTokensByUserID(userID string) ([]models.AccessToken, error)

func (*Store) GetTokensByUserIDPaginated 

func (s *Store) GetTokensByUserIDPaginated(
	userID string,
	params PaginationParams,
) ([]models.AccessToken, PaginationResult, error)

GetTokensByUserIDPaginated returns paginated tokens for a user with search support.

func (*Store) GetTokensPaginated added in v0.24.0 

func (s *Store) GetTokensPaginated(
	params PaginationParams,
) ([]models.AccessToken, PaginationResult, error)

GetTokensPaginated returns paginated tokens across all users with search support. Search additionally matches against username and email (via subquery).

func (*Store) GetUserAuthorization 

func (s *Store) GetUserAuthorization(
	userID string,
	applicationID int64,
) (*models.UserAuthorization, error)

GetUserAuthorization retrieves the active consent record for a (user, application) pair

func (*Store) GetUserAuthorizationByUUID 

func (s *Store) GetUserAuthorizationByUUID(
	authUUID, userID string,
) (*models.UserAuthorization, error)

GetUserAuthorizationByUUID retrieves an authorization by its public UUID, scoped to the owner

func (*Store) GetUserByEmail 

func (s *Store) GetUserByEmail(email string) (*models.User, error)

GetUserByEmail finds a user by email address

func (*Store) GetUserByExternalID 

func (s *Store) GetUserByExternalID(externalID, authSource string) (*models.User, error)

GetUserByExternalID finds a user by their external ID and auth source

func (*Store) GetUserByID 

func (s *Store) GetUserByID(id string) (*models.User, error)

func (*Store) GetUserByUsername 

func (s *Store) GetUserByUsername(username string) (*models.User, error)

func (*Store) GetUserStatsByUserID added in v0.24.0 

func (s *Store) GetUserStatsByUserID(userID string) (types.UserStatsCounts, error)

GetUserStatsByUserID returns all user stats (active tokens, OAuth connections, active authorizations) in a single database query using subqueries.

func (*Store) GetUsersByIDs 

func (s *Store) GetUsersByIDs(userIDs []string) (map[string]*models.User, error)

GetUsersByIDs batch loads users by IDs using WHERE IN to prevent N+1 queries

func (*Store) Health 

func (s *Store) Health() error

Health checks the database connection

func (*Store) ListClientsByUserID added in v0.17.0 

func (s *Store) ListClientsByUserID(
	userID string,
	params PaginationParams,
) ([]models.OAuthApplication, PaginationResult, error)

ListClientsByUserID returns paginated OAuth clients owned by the given user

func (*Store) ListClientsPaginated 

func (s *Store) ListClientsPaginated(
	params PaginationParams,
) ([]models.OAuthApplication, PaginationResult, error)

ListClientsPaginated returns paginated OAuth clients with search and optional status filter support

func (*Store) ListUserAuthorizations 

func (s *Store) ListUserAuthorizations(userID string) ([]models.UserAuthorization, error)

ListUserAuthorizations returns all active authorizations for a user, newest first

func (*Store) ListUsersPaginated added in v0.24.0 

func (s *Store) ListUsersPaginated(
	params PaginationParams,
) ([]models.User, PaginationResult, error)

ListUsersPaginated returns paginated users with search, role, and auth source filtering.

func (*Store) MarkAuthorizationCodeUsed 

func (s *Store) MarkAuthorizationCodeUsed(id uint) error

MarkAuthorizationCodeUsed atomically sets UsedAt only when the code has not yet been consumed. The WHERE clause includes "used_at IS NULL" so that a concurrent request that races past the application-level IsUsed() check will update 0 rows and receive ErrAuthCodeAlreadyUsed, preventing double issuance.

func (*Store) RevokeAllActiveTokensByClientID 

func (s *Store) RevokeAllActiveTokensByClientID(clientID string) (int64, error)

RevokeAllActiveTokensByClientID revokes every active token for a client and returns the count

func (*Store) RevokeAllUserAuthorizationsByClientID 

func (s *Store) RevokeAllUserAuthorizationsByClientID(clientID string) error

RevokeAllUserAuthorizationsByClientID invalidates all active consent records for a client

func (*Store) RevokeAllUserAuthorizationsByUserID added in v0.24.0 

func (s *Store) RevokeAllUserAuthorizationsByUserID(userID string) error

RevokeAllUserAuthorizationsByUserID invalidates all active consent records for a user.

func (*Store) RevokeToken 

func (s *Store) RevokeToken(tokenID string) error

func (*Store) RevokeTokenFamily added in v0.20.0 

func (s *Store) RevokeTokenFamily(familyID string) (int64, error)

RevokeTokenFamily revokes all active tokens that share the same TokenFamilyID. This is used for refresh token rotation replay detection: when a revoked refresh token is reused, all tokens in the family must be invalidated to prevent stolen token abuse.

func (*Store) RevokeTokensByAuthorizationID 

func (s *Store) RevokeTokensByAuthorizationID(authorizationID uint) error

RevokeTokensByAuthorizationID revokes all active tokens linked to a specific UserAuthorization

func (*Store) RevokeTokensByClientID 

func (s *Store) RevokeTokensByClientID(clientID string) error

func (*Store) RevokeTokensByUserID 

func (s *Store) RevokeTokensByUserID(userID string) error

func (*Store) RevokeUserAuthorization 

func (s *Store) RevokeUserAuthorization(
	authUUID, userID string,
) (*models.UserAuthorization, error)

RevokeUserAuthorization marks an authorization as revoked and returns the record

func (*Store) RunInTransaction added in v0.20.0 

func (s *Store) RunInTransaction(fn func(tx core.Store) error) error

RunInTransaction executes fn inside a database transaction. The Store passed to fn operates within the transaction scope.

func (*Store) UpdateClient 

func (s *Store) UpdateClient(client *models.OAuthApplication) error

func (*Store) UpdateDeviceCode 

func (s *Store) UpdateDeviceCode(dc *models.DeviceCode) error

UpdateDeviceCode updates a device code

func (*Store) UpdateOAuthConnection 

func (s *Store) UpdateOAuthConnection(conn *models.OAuthConnection) error

UpdateOAuthConnection updates an existing OAuth connection

func (*Store) UpdateTokenLastUsedAt added in v0.20.0 

func (s *Store) UpdateTokenLastUsedAt(tokenID string, t time.Time) error

UpdateTokenLastUsedAt updates the last_used_at timestamp of a token

func (*Store) UpdateTokenStatus 

func (s *Store) UpdateTokenStatus(tokenID, status string) error

UpdateTokenStatus updates the status of a token

func (*Store) UpdateUser 

func (s *Store) UpdateUser(user *models.User) error

UpdateUser updates an existing user

func (*Store) UpsertExternalUser 

func (s *Store) UpsertExternalUser(
	username, externalID, authSource, email, fullName string,
) (*models.User, error)

UpsertExternalUser creates or updates a user from external authentication

func (*Store) UpsertUserAuthorization 

func (s *Store) UpsertUserAuthorization(auth *models.UserAuthorization) error

UpsertUserAuthorization creates a new consent record or re-activates and updates an existing one. Uses a single atomic INSERT ... ON CONFLICT DO UPDATE to avoid the race condition that arises from a non-atomic SELECT-then-INSERT/UPDATE pattern.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.