store

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package store provides a pure-Go SQLite-backed persistence layer.

It uses modernc.org/sqlite which is a CGO-free SQLite implementation, so the whole application can be cross-compiled to a single static binary for Windows/Linux/macOS without a C toolchain.

Index

Constants

This section is empty.

Variables

View Source 
var ErrDuplicate = errors.New("store: duplicate")

ErrDuplicate is returned when an insert violates a UNIQUE constraint (e.g. a project slug that already exists).

View Source 
var ErrNotFound = errors.New("store: not found")

ErrNotFound is returned when a lookup yields no row.

View Source 
var Sections = []string{
	"dashboard", "containers", "projects", "images", "volumes", "networks", "topology",
	"logs", "events", "alerts", "hosts", "registries", "audit",
}

Sections are the access-control units, matching the app's menu. A user's permissions and the global feature flags are both expressed as sets of these.

Functions

func NormalizeRegistryHost 

func NormalizeRegistryHost(host string) string

NormalizeRegistryHost maps the various Docker Hub aliases to a single key so a stored "docker.io" credential matches refs like "nginx" or "user/app".

func ValidSection 

func ValidSection(key string) bool

ValidSection reports whether key is a known section.

Types

type APIToken added in v1.4.0 

type APIToken struct {
	ID         int64
	UserID     int64
	TokenHash  string
	Name       string
	Sections   []string // empty = inherit all of the user's sections
	ReadOnly   bool
	CreatedAt  time.Time
	LastUsedAt time.Time
	ExpiresAt  time.Time // zero = never expires
	Revoked    bool
}

APIToken is a long-lived bearer credential for programmatic (MCP) access. The plaintext secret is never stored — only TokenHash (a SHA-256 hex digest). A token can only narrow its owner's rights, never widen them:

  • Sections, when non-empty, restricts the token to a subset of the user's granted sections (the dispatcher still intersects with the live user grants, so revoking a section in the admin UI also shrinks the token).
  • ReadOnly, when true, forces read-only even if the user is read-write.

func (*APIToken) Expired added in v1.4.0 

func (t *APIToken) Expired() bool

Expired reports whether the token has a set expiry that is in the past.

type APITokenWithUser added in v1.4.0 

type APITokenWithUser struct {
	APIToken
	Username string
}

APITokenWithUser is an APIToken plus its owner's username, for the admin overview where tokens from every account are listed together.

type AlertEvent 

type AlertEvent struct {
	ID            int64     `json:"id"`
	RuleID        int64     `json:"ruleId"`
	RuleName      string    `json:"ruleName"`
	Type          string    `json:"type"`
	Severity      string    `json:"severity"`
	HostID        int64     `json:"hostId"`
	HostName      string    `json:"hostName"`
	ContainerID   string    `json:"containerId"`
	ContainerName string    `json:"containerName"`
	Message       string    `json:"message"`
	Value         *float64  `json:"value"`
	Acknowledged  bool      `json:"acknowledged"`
	CreatedAt     time.Time `json:"createdAt"`
}

AlertEvent is a fired alert recorded for the in-app feed.

type AlertRule 

type AlertRule struct {
	ID          int64     `json:"id"`
	Name        string    `json:"name"`
	Enabled     bool      `json:"enabled"`
	Type        string    `json:"type"`     // state | resource | log | restart
	Target      string    `json:"target"`   // container name substring; ” or '*' = all
	Config      string    `json:"config"`   // raw JSON, interpreted by the engine
	Severity    string    `json:"severity"` // info | warning | critical
	WebhookID   *int64    `json:"webhookId"`
	Email       bool      `json:"email"` // also send to the configured SMTP recipient
	CooldownSec int       `json:"cooldownSec"`
	CreatedAt   time.Time `json:"createdAt"`
}

AlertRule defines when an alert fires and where it goes.

type AuditEntry 

type AuditEntry struct {
	ID        int64     `json:"id"`
	UserID    int64     `json:"userId"`
	Username  string    `json:"username"`
	Action    string    `json:"action"`
	Target    string    `json:"target"`
	Detail    string    `json:"detail"`
	IP        string    `json:"ip"`
	CreatedAt time.Time `json:"createdAt"`
}

AuditEntry is a single recorded security-relevant action.

type ComposeFragment added in v1.4.0 

type ComposeFragment struct {
	ID          int64     `json:"id"`
	Name        string    `json:"name"`
	Slug        string    `json:"slug"`
	Description string    `json:"description"`
	Content     string    `json:"content"`
	CreatedBy   string    `json:"createdBy"`
	CreatedAt   time.Time `json:"createdAt"`
}

ComposeFragment is a user-saved "shared definition": a top-level compose fragment (a YAML anchor) merged into builds above services:.

type Host 

type Host struct {
	ID         int64
	Name       string
	Kind       string
	Address    string
	TLSCA      string
	TLSCert    string
	TLSKey     string
	HostKey    string // pinned SSH host public key (authorized_keys line); ssh hosts only
	AlertEmail string // per-host alert recipient override (falls back to global SMTP To)
	Disabled   bool   // when true the monitor ignores this host (no events/stats)
	CreatedAt  time.Time
}

Host describes a Docker engine endpoint the app can connect to.

Kind is one of:

  • "local": the local daemon (unix socket / windows named pipe)
  • "tcp": a remote daemon over TCP, optionally TLS-secured
  • "ssh": a remote daemon reached through an SSH tunnel

type LDAPConfig 

type LDAPConfig struct {
	Enabled      bool   `json:"enabled"`
	URL          string `json:"url"`      // ldap://host:389 or ldaps://host:636
	StartTLS     bool   `json:"startTls"` // upgrade a plain connection to TLS
	BindDN       string `json:"bindDn"`   // service account used to search for users
	BindPassword string `json:"bindPassword"`
	UserBaseDN   string `json:"userBaseDn"`
	UserFilter   string `json:"userFilter"`   // e.g. (uid=%s) or (sAMAccountName=%s)
	AdminGroupDN string `json:"adminGroupDn"` // optional: members are provisioned as admins
	// GroupMappings grant RBAC sections by LDAP group membership. When any are
	// set, LDAP is authoritative for a user's sections (re-synced on each login).
	GroupMappings []LDAPGroupMapping `json:"groupMappings"`
}

LDAPConfig configures optional LDAP / Active Directory authentication. The bind password is encrypted at rest (like the SMTP one) and never returned.

func (LDAPConfig) Configured 

func (c LDAPConfig) Configured() bool

Configured reports whether enough is set to attempt LDAP authentication.

type LDAPGroupMapping added in v1.5.0 

type LDAPGroupMapping struct {
	GroupDN  string   `json:"groupDn"`
	Sections []string `json:"sections"`
}

LDAPGroupMapping grants a set of RBAC sections to members of an LDAP group, matched on the group's full DN. A user's effective sections are the union over every mapping whose group they belong to.

type OAuthClient added in v1.4.0 

type OAuthClient struct {
	ID           string // client_id
	Name         string
	RedirectURIs []string
	CreatedAt    time.Time
}

OAuthClient is a dynamically-registered (RFC 7591) MCP OAuth client. Clients are public (no secret); security rests on PKCE + exact redirect-URI matching.

type OAuthCode added in v1.4.0 

type OAuthCode struct {
	ClientID      string
	UserID        int64
	RedirectURI   string
	CodeChallenge string
	Resource      string
	Scope         string
	ExpiresAt     time.Time
}

OAuthCode is the state bound to a single-use authorization code.

type OAuthRefreshToken added in v1.4.0 

type OAuthRefreshToken struct {
	ClientID  string
	UserID    int64
	Scope     string
	Resource  string
	ExpiresAt time.Time
}

OAuthRefreshToken is the state bound to a refresh token.

type ParseRule 

type ParseRule struct {
	ID        int64     `json:"id"`
	Name      string    `json:"name"`
	Pattern   string    `json:"pattern"`
	CreatedAt time.Time `json:"createdAt"`
}

ParseRule is a saved log-parsing rule: a regex with named capture groups that the Logs view applies to extract structured fields (columns) from log lines.

type Project added in v1.2.0 

type Project struct {
	ID          int64
	Name        string
	Slug        string
	ComposeFile string
	HostID      int64 // target Docker host for deploy; 0 = local daemon
	CreatedBy   string
	CreatedAt   time.Time
	UpdatedAt   time.Time
}

Project is a managed compose project: a folder under the data dir holding a compose file plus sidecar config/script files, deployed via the docker compose CLI. The folder is keyed by the numeric ID (derived at runtime, not stored) so renames never move files. Slug is the compose project name.

type ProjectTemplate added in v1.4.0 

type ProjectTemplate struct {
	ID          int64     `json:"id"`
	Name        string    `json:"name"`
	Slug        string    `json:"slug"`
	Description string    `json:"description"`
	CreatedBy   string    `json:"createdBy"`
	CreatedAt   time.Time `json:"createdAt"`
}

ProjectTemplate is a user-saved project preset. Only metadata lives in the DB; the scaffold files live on disk under DataDir/project-templates/{id}/.

type Registry 

type Registry struct {
	ID        int64
	Name      string
	Address   string
	Username  string
	CreatedAt time.Time
}

Registry holds credentials for a container image registry. The secret (password/token) is encrypted at rest and never returned in listings.

type RegistryAuth 

type RegistryAuth struct {
	Address  string
	Username string
	Password string
}

RegistryAuth is the decrypted credential pair used to authenticate to a registry for pull/push. It is only assembled server-side, never serialised.

type SMTPConfig 

type SMTPConfig struct {
	Host     string `json:"host"`
	Port     int    `json:"port"`
	Username string `json:"username"`
	Password string `json:"password"`
	From     string `json:"from"`
	To       string `json:"to"`  // comma-separated recipients
	TLS      bool   `json:"tls"` // implicit TLS (e.g. port 465); otherwise STARTTLS if offered
}

SMTPConfig is the mail server used for the email alert channel. The password is stored encrypted at rest (the persisted JSON holds ciphertext); it is decrypted on read and never returned to API clients.

func (SMTPConfig) Configured 

func (c SMTPConfig) Configured() bool

Configured reports whether enough is set to attempt sending.

type ServiceBlock added in v1.4.0 

type ServiceBlock struct {
	ID          int64     `json:"id"`
	Name        string    `json:"name"`
	Slug        string    `json:"slug"`
	Description string    `json:"description"`
	Service     string    `json:"service"`
	ServiceYAML string    `json:"serviceYaml"`
	Volumes     []string  `json:"volumes"`
	CreatedBy   string    `json:"createdBy"`
	CreatedAt   time.Time `json:"createdAt"`
}

ServiceBlock is a user-defined builder block — a single compose service fragment stored inline.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store wraps the database handle and exposes typed queries.

func Open 

func Open(path string) (*Store, error)

Open opens (creating if necessary) the SQLite database at path and runs all pending migrations. A path of ":memory:" yields an ephemeral DB.

func (*Store) APITokenByHash added in v1.4.0 

func (s *Store) APITokenByHash(ctx context.Context, hash string) (*APIToken, error)

APITokenByHash looks up an active (non-revoked) token by its SHA-256 hash. Expiry is NOT enforced here — callers check Expired() so they can treat an expired token identically to a missing one. Returns ErrNotFound if absent or revoked.

func (*Store) AckAlertEvent 

func (s *Store) AckAlertEvent(ctx context.Context, id int64) error

AckAlertEvent marks an alert event acknowledged.

func (*Store) AdminRevokeAPIToken added in v1.4.0 

func (s *Store) AdminRevokeAPIToken(ctx context.Context, id int64) (bool, error)

AdminRevokeAPIToken marks any token revoked regardless of owner — for admins managing the fleet. Unlike RevokeAPIToken it is not scoped to a user. The bool reports whether a matching, still-active token was revoked (false → unknown id or already revoked), so the handler can return 404 instead of a false success.

func (*Store) Audit 

func (s *Store) Audit(ctx context.Context, e AuditEntry) error

Audit appends an entry to the audit log. Failures are returned but callers generally log-and-continue: an audit write must never block a user action.

func (*Store) AuthByID 

func (s *Store) AuthByID(ctx context.Context, id int64) (*RegistryAuth, error)

AuthByID returns the decrypted credentials for a single registry.

func (*Store) AuthForHost 

func (s *Store) AuthForHost(ctx context.Context, host string) (*RegistryAuth, error)

AuthForHost returns the decrypted credentials whose address matches the registry host of an image reference, or ErrNotFound if none is configured.

func (*Store) Close 

func (s *Store) Close() error

Close releases the underlying database handle.

func (*Store) ComposeFragmentByID added in v1.4.0 

func (s *Store) ComposeFragmentByID(ctx context.Context, id int64) (*ComposeFragment, error)

func (*Store) ComposeFragmentBySlug added in v1.4.0 

func (s *Store) ComposeFragmentBySlug(ctx context.Context, slug string) (*ComposeFragment, error)

func (*Store) ConsumeOAuthCode added in v1.4.0 

func (s *Store) ConsumeOAuthCode(ctx context.Context, codeHash string) (*OAuthCode, error)

ConsumeOAuthCode atomically fetches and deletes an authorization code, so a code can never be redeemed twice. Returns ErrNotFound if absent. Callers must still check ExpiresAt.

func (*Store) ConsumeRefreshToken added in v1.4.0 

func (s *Store) ConsumeRefreshToken(ctx context.Context, tokenHash string) (*OAuthRefreshToken, error)

ConsumeRefreshToken atomically fetches and deletes a refresh token (rotation: every use invalidates the old token and a fresh one is issued). Returns ErrNotFound if absent. Callers must still check ExpiresAt.

func (*Store) CountAdmins 

func (s *Store) CountAdmins(ctx context.Context) (int, error)

CountAdmins returns how many admin accounts exist (to guard the last admin).

func (*Store) CountUnacknowledged 

func (s *Store) CountUnacknowledged(ctx context.Context) (int, error)

CountUnacknowledged returns the number of unacknowledged alert events.

func (*Store) CountUsers 

func (s *Store) CountUsers(ctx context.Context) (int, error)

CountUsers returns the number of accounts; used to detect first-run setup.

func (*Store) CreateAPIToken added in v1.4.0 

func (s *Store) CreateAPIToken(ctx context.Context, t *APIToken) (int64, error)

CreateAPIToken inserts a new token row and returns its assigned ID. The caller is responsible for generating the secret and passing its SHA-256 hash.

func (*Store) CreateAlertRule 

func (s *Store) CreateAlertRule(ctx context.Context, r *AlertRule) (int64, error)

CreateAlertRule inserts an alert rule and returns its ID.

func (*Store) CreateComposeFragment added in v1.4.0 

func (s *Store) CreateComposeFragment(ctx context.Context, f *ComposeFragment) (int64, error)

func (*Store) CreateHost 

func (s *Store) CreateHost(ctx context.Context, h *Host) (int64, error)

CreateHost inserts a new host and returns its ID. The TLS private key is encrypted at rest (CA and client cert are public, so they're stored as-is).

func (*Store) CreateOAuthClient added in v1.4.0 

func (s *Store) CreateOAuthClient(ctx context.Context, c *OAuthClient) error

CreateOAuthClient stores a newly registered client.

func (*Store) CreateOAuthCode added in v1.4.0 

func (s *Store) CreateOAuthCode(ctx context.Context, codeHash string, c *OAuthCode) error

CreateOAuthCode stores an authorization code (by hash).

func (*Store) CreateParseRule 

func (s *Store) CreateParseRule(ctx context.Context, name, pattern string) (int64, error)

CreateParseRule inserts a parse rule and returns its ID.

func (*Store) CreateProject added in v1.2.0 

func (s *Store) CreateProject(ctx context.Context, p *Project) (int64, error)

CreateProject inserts a project and returns its ID. A slug collision yields ErrDuplicate.

func (*Store) CreateProjectTemplate added in v1.4.0 

func (s *Store) CreateProjectTemplate(ctx context.Context, t *ProjectTemplate) (int64, error)

func (*Store) CreateRefreshToken added in v1.4.0 

func (s *Store) CreateRefreshToken(ctx context.Context, tokenHash string, t *OAuthRefreshToken) error

CreateRefreshToken stores a refresh token (by hash).

func (*Store) CreateRegistry 

func (s *Store) CreateRegistry(ctx context.Context, name, address, username, secret string) (int64, error)

CreateRegistry stores a registry, encrypting the secret. The address is normalised so it matches image references later (see NormalizeRegistryHost).

func (*Store) CreateServiceBlock added in v1.4.0 

func (s *Store) CreateServiceBlock(ctx context.Context, b *ServiceBlock) (int64, error)

func (*Store) CreateUser 

func (s *Store) CreateUser(ctx context.Context, u *User) (int64, error)

CreateUser inserts a new account and returns its assigned ID.

func (*Store) CreateWebhook 

func (s *Store) CreateWebhook(ctx context.Context, w *Webhook) (int64, error)

CreateWebhook inserts a webhook and returns its ID.

func (*Store) DeleteAlertRule 

func (s *Store) DeleteAlertRule(ctx context.Context, id int64) error

DeleteAlertRule removes an alert rule by ID.

func (*Store) DeleteComposeFragment added in v1.4.0 

func (s *Store) DeleteComposeFragment(ctx context.Context, id int64) error

func (*Store) DeleteExpiredOAuth added in v1.4.0 

func (s *Store) DeleteExpiredOAuth(ctx context.Context) error

DeleteExpiredOAuth purges authorization codes and refresh tokens whose expiry has passed (issued-but-never-redeemed codes, lapsed refresh tokens). Run periodically so the tables don't grow unbounded.

func (*Store) DeleteHost 

func (s *Store) DeleteHost(ctx context.Context, id int64) error

DeleteHost removes a host by ID.

func (*Store) DeleteOAuthClient added in v1.4.0 

func (s *Store) DeleteOAuthClient(ctx context.Context, id string) (bool, error)

DeleteOAuthClient removes a registered client and, in the same transaction, any authorization codes and refresh tokens issued to it — so de-registering a client immediately severs every credential derived from it. The bool reports whether a client row actually existed (false → unknown id → 404).

func (*Store) DeleteParseRule 

func (s *Store) DeleteParseRule(ctx context.Context, id int64) error

DeleteParseRule removes a parse rule by ID.

func (*Store) DeleteProject added in v1.2.0 

func (s *Store) DeleteProject(ctx context.Context, id int64) error

DeleteProject removes the project row (the caller removes the folder).

func (*Store) DeleteProjectTemplate added in v1.4.0 

func (s *Store) DeleteProjectTemplate(ctx context.Context, id int64) error

func (*Store) DeleteRegistry 

func (s *Store) DeleteRegistry(ctx context.Context, id int64) error

DeleteRegistry removes a registry by ID.

func (*Store) DeleteServiceBlock added in v1.4.0 

func (s *Store) DeleteServiceBlock(ctx context.Context, id int64) error

func (*Store) DeleteUser 

func (s *Store) DeleteUser(ctx context.Context, id int64) error

DeleteUser removes an account.

func (*Store) DeleteWebhook 

func (s *Store) DeleteWebhook(ctx context.Context, id int64) error

DeleteWebhook removes a webhook by ID.

func (*Store) DisabledSections 

func (s *Store) DisabledSections(ctx context.Context) ([]string, error)

DisabledSections returns the sections an admin has turned off app-wide.

func (*Store) EncryptPlaintextHostKeys added in v1.5.0 

func (s *Store) EncryptPlaintextHostKeys(ctx context.Context) error

EncryptPlaintextHostKeys re-encrypts any host TLS private key still stored in plaintext (rows created before encryption-at-rest). Called once at startup, after the cipher is set; a no-op when there's nothing to migrate.

func (*Store) EnsureLocalHost 

func (s *Store) EnsureLocalHost(ctx context.Context) error

EnsureLocalHost guarantees a "local" host row exists so the app is usable immediately on first run without manual host configuration.

func (*Store) GetLDAP 

func (s *Store) GetLDAP(ctx context.Context) (LDAPConfig, error)

GetLDAP loads the LDAP config, decrypting the bind password.

func (*Store) GetSMTP 

func (s *Store) GetSMTP(ctx context.Context) (SMTPConfig, error)

GetSMTP loads the SMTP config, decrypting the password.

func (*Store) HostByID 

func (s *Store) HostByID(ctx context.Context, id int64) (*Host, error)

HostByID returns a single host or ErrNotFound.

func (*Store) InsertAlertEvent 

func (s *Store) InsertAlertEvent(ctx context.Context, e *AlertEvent) (int64, error)

InsertAlertEvent records a fired alert event and returns its ID.

func (*Store) ListAPITokens added in v1.4.0 

func (s *Store) ListAPITokens(ctx context.Context, userID int64) ([]APIToken, error)

ListAPITokens returns a user's tokens (newest first) for the management UI. The hash is included but is not the secret — the secret is unrecoverable.

func (*Store) ListAlertEvents 

func (s *Store) ListAlertEvents(ctx context.Context, limit int) ([]AlertEvent, error)

ListAlertEvents returns recent alert events (newest first), up to limit.

func (*Store) ListAlertRules 

func (s *Store) ListAlertRules(ctx context.Context) ([]AlertRule, error)

ListAlertRules returns all alert rules.

func (*Store) ListAllAPITokens added in v1.4.0 

func (s *Store) ListAllAPITokens(ctx context.Context) ([]APITokenWithUser, error)

ListAllAPITokens returns every user's tokens (newest first), each annotated with the owner's username, for the admin overview. Revoked tokens are included so an admin can see recently-revoked credentials; the handler/UI distinguishes them via the Revoked flag. The token hash is deliberately NOT selected — the overview is metadata-only, so the digest never even reaches process memory here (no chance of leaking via a log line or panic).

func (*Store) ListComposeFragments added in v1.4.0 

func (s *Store) ListComposeFragments(ctx context.Context) ([]ComposeFragment, error)

func (*Store) ListHosts 

func (s *Store) ListHosts(ctx context.Context) ([]Host, error)

ListHosts returns all configured hosts ordered by name.

func (*Store) ListOAuthClients added in v1.4.0 

func (s *Store) ListOAuthClients(ctx context.Context) ([]OAuthClient, error)

ListOAuthClients returns every registered MCP OAuth client (newest first) for the admin overview. Clients are public (no secret stored), so the full row is safe to surface.

func (*Store) ListParseRules 

func (s *Store) ListParseRules(ctx context.Context) ([]ParseRule, error)

ListParseRules returns all saved log-parsing rules.

func (*Store) ListProjectTemplates added in v1.4.0 

func (s *Store) ListProjectTemplates(ctx context.Context) ([]ProjectTemplate, error)

func (*Store) ListProjects added in v1.2.0 

func (s *Store) ListProjects(ctx context.Context) ([]Project, error)

ListProjects returns all projects ordered by name.

func (*Store) ListRegistries 

func (s *Store) ListRegistries(ctx context.Context) ([]Registry, error)

ListRegistries returns the configured registries without their secrets.

func (*Store) ListServiceBlocks added in v1.4.0 

func (s *Store) ListServiceBlocks(ctx context.Context) ([]ServiceBlock, error)

func (*Store) ListUsers 

func (s *Store) ListUsers(ctx context.Context) ([]User, error)

ListUsers returns all accounts (without secrets) for the admin user manager.

func (*Store) ListWebhooks 

func (s *Store) ListWebhooks(ctx context.Context) ([]Webhook, error)

ListWebhooks returns all configured webhooks.

func (*Store) LocalhostNo2FA 

func (s *Store) LocalhostNo2FA(ctx context.Context) (bool, error)

LocalhostNo2FA reports whether password-only login is allowed from loopback.

func (*Store) OAuthClientByID added in v1.4.0 

func (s *Store) OAuthClientByID(ctx context.Context, id string) (*OAuthClient, error)

OAuthClientByID looks up a registered client.

func (*Store) Ping added in v1.1.0 

func (s *Store) Ping(ctx context.Context) error

Ping checks that the database is reachable (used by the health endpoint).

func (*Store) ProjectByID added in v1.2.0 

func (s *Store) ProjectByID(ctx context.Context, id int64) (*Project, error)

ProjectByID looks up a project by primary key.

func (*Store) ProjectTemplateByID added in v1.4.0 

func (s *Store) ProjectTemplateByID(ctx context.Context, id int64) (*ProjectTemplate, error)

func (*Store) ProjectTemplateBySlug added in v1.4.0 

func (s *Store) ProjectTemplateBySlug(ctx context.Context, slug string) (*ProjectTemplate, error)

func (*Store) RecentAudit 

func (s *Store) RecentAudit(ctx context.Context, limit int, before int64) ([]AuditEntry, error)

RecentAudit returns the most recent audit entries, newest first. When before is > 0, only entries older than that id are returned (cursor pagination).

func (*Store) RevokeAPIToken added in v1.4.0 

func (s *Store) RevokeAPIToken(ctx context.Context, id, userID int64) (bool, error)

RevokeAPIToken marks a token revoked. It is scoped to userID so a caller can only revoke their own tokens. The bool reports whether a matching, owned token was actually revoked (false → unknown id or not the caller's), so the handler can return 404 instead of a misleading success.

func (*Store) ServiceBlockByID added in v1.4.0 

func (s *Store) ServiceBlockByID(ctx context.Context, id int64) (*ServiceBlock, error)

func (*Store) ServiceBlockBySlug added in v1.4.0 

func (s *Store) ServiceBlockBySlug(ctx context.Context, slug string) (*ServiceBlock, error)

func (*Store) SetAlertRuleEnabled 

func (s *Store) SetAlertRuleEnabled(ctx context.Context, id int64, enabled bool) error

SetAlertRuleEnabled toggles an alert rule on or off.

func (*Store) SetCipher 

func (s *Store) SetCipher(c *crypto.Cipher)

SetCipher installs the cipher used to encrypt secrets at rest (registry credentials). It is wired up once at startup, after the key is loaded.

func (*Store) SetDisabledSections 

func (s *Store) SetDisabledSections(ctx context.Context, keys []string) error

SetDisabledSections persists the app-wide disabled sections.

func (*Store) SetHostAlertEmail 

func (s *Store) SetHostAlertEmail(ctx context.Context, id int64, email string) error

SetHostAlertEmail sets a host's per-host alert recipient override.

func (*Store) SetHostDisabled added in v1.2.0 

func (s *Store) SetHostDisabled(ctx context.Context, id int64, disabled bool) error

SetHostDisabled toggles whether the monitor ignores a host.

func (*Store) SetHostKey 

func (s *Store) SetHostKey(ctx context.Context, id int64, key string) error

SetHostKey pins (or clears, when key is "") the trusted SSH host public key for a host. Subsequent connections verify the daemon's key against it.

func (*Store) SetLDAP 

func (s *Store) SetLDAP(ctx context.Context, c LDAPConfig) error

SetLDAP persists the config, encrypting the bind password. An empty bind password preserves the previously stored one.

func (*Store) SetLocalhostNo2FA 

func (s *Store) SetLocalhostNo2FA(ctx context.Context, on bool) error

SetLocalhostNo2FA toggles the localhost 2FA exemption.

func (*Store) SetSMTP 

func (s *Store) SetSMTP(ctx context.Context, c SMTPConfig) error

SetSMTP persists the SMTP config, encrypting the password. An empty password preserves the previously stored one (so the UI need not resend the secret).

func (*Store) SetSetting 

func (s *Store) SetSetting(ctx context.Context, key, value string) error

SetSetting upserts a key/value pair.

func (*Store) SetTOTP 

func (s *Store) SetTOTP(ctx context.Context, userID int64, secret string, enabled bool) error

SetTOTP stores the secret and enabled flag for a user (enrollment / disable).

func (*Store) SetUserPrefs added in v1.1.0 

func (s *Store) SetUserPrefs(ctx context.Context, userID int64, prefs string) error

SetUserPrefs replaces a user's UI preferences JSON blob.

func (*Store) Setting 

func (s *Store) Setting(ctx context.Context, key string) (string, error)

Setting reads a single key from the settings table. Returns ("", nil) when the key is absent so callers can treat "missing" as "use default".

func (*Store) TouchAPIToken added in v1.4.0 

func (s *Store) TouchAPIToken(ctx context.Context, id int64) error

TouchAPIToken records the last time a token was used. Best-effort: callers ignore the error so a logging write never blocks an authenticated request.

func (*Store) TouchLogin 

func (s *Store) TouchLogin(ctx context.Context, userID int64) error

TouchLogin records the timestamp of a successful login.

func (*Store) TouchProject added in v1.2.0 

func (s *Store) TouchProject(ctx context.Context, id int64) error

TouchProject bumps updated_at (called when a file changes).

func (*Store) UpdateAlertRule 

func (s *Store) UpdateAlertRule(ctx context.Context, id int64, r *AlertRule) error

UpdateAlertRule replaces a rule's mutable fields (enabled is managed separately via SetAlertRuleEnabled).

func (*Store) UpdateComposeFragment added in v1.4.0 

func (s *Store) UpdateComposeFragment(ctx context.Context, f *ComposeFragment) error

UpdateComposeFragment edits a fragment's editable fields (the slug is immutable).

func (*Store) UpdatePassword 

func (s *Store) UpdatePassword(ctx context.Context, userID int64, hash string) error

UpdatePassword replaces the stored Argon2id hash for a user.

func (*Store) UpdateProjectName added in v1.2.0 

func (s *Store) UpdateProjectName(ctx context.Context, id int64, name string, hostID int64) error

UpdateProjectName changes the display name and target host (the slug stays immutable).

func (*Store) UpdateProjectTemplate added in v1.4.0 

func (s *Store) UpdateProjectTemplate(ctx context.Context, id int64, name, description string) error

UpdateProjectTemplate changes a template's display name and description. The slug (its stable identifier on disk and in create references) is immutable, so renames never move files — mirrors how project renames work.

func (*Store) UpdateServiceBlock added in v1.4.0 

func (s *Store) UpdateServiceBlock(ctx context.Context, b *ServiceBlock) error

UpdateServiceBlock changes a block's editable fields. The slug stays immutable (it backs the builder reference), like project/template renames.

func (*Store) UpdateUserAccess 

func (s *Store) UpdateUserAccess(ctx context.Context, id int64, role string, readOnly bool, sections []string) error

UpdateUserAccess changes a user's role, read-only flag and allowed sections.

func (*Store) UserByID 

func (s *Store) UserByID(ctx context.Context, id int64) (*User, error)

UserByID looks up a user by primary key.

func (*Store) UserByUsername 

func (s *Store) UserByUsername(ctx context.Context, username string) (*User, error)

UserByUsername looks up a user by their unique username.

func (*Store) UserPrefs added in v1.1.0 

func (s *Store) UserPrefs(ctx context.Context, userID int64) (string, error)

UserPrefs returns a user's UI preferences as a JSON object string ("{}" if none). These are opaque to the server — the frontend owns the shape.

func (*Store) WebhookByID 

func (s *Store) WebhookByID(ctx context.Context, id int64) (*Webhook, error)

WebhookByID returns one webhook by ID (ErrNotFound if missing).

type User 

type User struct {
	ID           int64
	Username     string
	PasswordHash string
	Role         string
	AuthSource   string // "local" (password stored here) or "ldap" (verified externally)
	ReadOnly     bool
	Sections     []string
	TOTPSecret   string
	TOTPEnabled  bool
	CreatedAt    time.Time
	LastLoginAt  time.Time
}

User is an application account. PasswordHash is an Argon2id encoded hash. TOTPSecret is the base32 shared secret; it is only meaningful once TOTPEnabled is true (i.e. the user confirmed enrollment with a valid code).

Role is "admin" (full access incl. user/feature management) or "user". For "user" accounts, Sections lists the menu sections they may access and ReadOnly blocks mutating actions. Admins ignore both.

func (*User) IsAdmin 

func (u *User) IsAdmin() bool

IsAdmin reports whether the user has the admin role.

type Webhook 

type Webhook struct {
	ID           int64             `json:"id"`
	Name         string            `json:"name"`
	URL          string            `json:"url"`
	Method       string            `json:"method"`
	Headers      map[string]string `json:"headers"`
	BodyTemplate string            `json:"bodyTemplate"`
	CreatedAt    time.Time         `json:"createdAt"`
}

Webhook is a generic HTTP destination an alert rule can fire to. body_template is a Go text/template rendered against the alert event.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.