Documentation
¶
Index ¶
- func RunMigrations(ctx context.Context, pool *pgxpool.Pool, logger *slog.Logger) error
- type Store
- func (s *Store) Close()
- func (s *Store) ConsumeAuthCode(ctx context.Context, code string) (*store.AuthCode, error)
- func (s *Store) ConsumePendingAuth(ctx context.Context, state string) (*store.PendingAuth, error)
- func (s *Store) DeleteGrant(ctx context.Context, jti string, retired *store.RetiredRefreshToken) error
- func (s *Store) DeleteInsight(ctx context.Context, orgID, insightID uuid.UUID) error
- func (s *Store) EnsureProject(ctx context.Context, orgID, createdBy uuid.UUID, slug, name string) (*store.Project, error)
- func (s *Store) GetClient(ctx context.Context, clientID string) (*store.OAuthClient, error)
- func (s *Store) GetGrant(ctx context.Context, jti string) (*store.Grant, error)
- func (s *Store) GetGrantByRefreshToken(ctx context.Context, token string) (*store.Grant, error)
- func (s *Store) GetPersonalOrgByUserID(ctx context.Context, userID uuid.UUID) (*store.Org, error)
- func (s *Store) GetProjectBySlug(ctx context.Context, orgID uuid.UUID, slug string) (*store.Project, error)
- func (s *Store) GetRetiredRefreshToken(ctx context.Context, tokenHash []byte) (*store.RetiredRefreshToken, error)
- func (s *Store) GetUserByGitHubID(ctx context.Context, githubID int64) (*store.User, error)
- func (s *Store) GetUserByID(ctx context.Context, id uuid.UUID) (*store.User, error)
- func (s *Store) IsTokenRevoked(ctx context.Context, jti string) (bool, error)
- func (s *Store) ListAuditLog(ctx context.Context, filter store.AuditLogFilter) ([]*store.AuditLogEntry, error)
- func (s *Store) ListInsights(ctx context.Context, projectID uuid.UUID, tag string, limit int) ([]*store.Insight, error)
- func (s *Store) ListProjects(ctx context.Context, orgID uuid.UUID) ([]*store.Project, error)
- func (s *Store) ListTags(ctx context.Context, projectID uuid.UUID, limit int) ([]store.TagCount, error)
- func (s *Store) Migrate(ctx context.Context, logger *slog.Logger) error
- func (s *Store) Ping(ctx context.Context) error
- func (s *Store) RevokeToken(ctx context.Context, jti string, expiresAt time.Time) error
- func (s *Store) RotateGrant(ctx context.Context, oldToken, oldJTI string, oldJWTExpiry time.Time, ...) (*store.Grant, error)
- func (s *Store) SaveClient(ctx context.Context, c store.OAuthClient) error
- func (s *Store) SearchInsights(ctx context.Context, projectID uuid.UUID, query string, tags []string, ...) ([]*store.Insight, error)
- func (s *Store) StoreAuthCode(ctx context.Context, code string, c store.AuthCode) error
- func (s *Store) StorePendingAuth(ctx context.Context, state string, p store.PendingAuth) error
- func (s *Store) UpdateInsight(ctx context.Context, p store.UpdateInsightParams) (*store.Insight, error)
- func (s *Store) UpsertGrant(ctx context.Context, g store.Grant) error
- func (s *Store) UpsertUser(ctx context.Context, githubID int64, email, login string) (*store.User, error)
- func (s *Store) WriteInsight(ctx context.Context, p store.WriteInsightParams) (*store.Insight, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RunMigrations ¶
RunMigrations executes all pending SQL migrations in version order under an advisory lock. Only one process holds the lock at a time; others block until migrations finish. The lock acquisition times out after 60 seconds to prevent indefinite blocking.
Types ¶
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store wraps a pgxpool and exposes domain-level query methods.
func (*Store) ConsumeAuthCode ¶
ConsumeAuthCode atomically deletes and returns the auth code record. Returns ErrNotFound for unknown or expired codes.
func (*Store) ConsumePendingAuth ¶
ConsumePendingAuth atomically deletes and returns the pending auth for the given state. Returns ErrNotFound for unknown or expired states.
func (*Store) DeleteGrant ¶
func (s *Store) DeleteGrant(ctx context.Context, jti string, retired *store.RetiredRefreshToken) error
DeleteGrant removes a grant row by jti.
func (*Store) DeleteInsight ¶ added in v0.4.0
DeleteInsight soft-deletes an insight, scoped to orgID. Returns ErrNotFound if it does not exist, is already deleted, or belongs to a different org.
func (*Store) EnsureProject ¶
func (s *Store) EnsureProject(ctx context.Context, orgID, createdBy uuid.UUID, slug, name string) (*store.Project, error)
EnsureProject creates the project if it does not exist and returns it. If it already exists the name is updated to match the provided value.
func (*Store) GetGrantByRefreshToken ¶
GetGrantByRefreshToken fetches and decrypts a grant by our_refresh_token.
func (*Store) GetPersonalOrgByUserID ¶
GetPersonalOrgByUserID returns the personal org for the given user. Returns ErrNotFound if the user has no personal org.
func (*Store) GetProjectBySlug ¶
func (s *Store) GetProjectBySlug(ctx context.Context, orgID uuid.UUID, slug string) (*store.Project, error)
GetProjectBySlug fetches a project by org and slug. Returns ErrNotFound if no matching row exists.
func (*Store) GetRetiredRefreshToken ¶ added in v0.4.0
func (s *Store) GetRetiredRefreshToken(ctx context.Context, tokenHash []byte) (*store.RetiredRefreshToken, error)
GetRetiredRefreshToken returns retained metadata for a consumed or deleted refresh token.
func (*Store) GetUserByGitHubID ¶
GetUserByGitHubID looks up a user by GitHub numeric ID. Returns ErrNotFound if no matching row exists.
func (*Store) GetUserByID ¶
GetUserByID looks up a user by internal UUID. Returns ErrNotFound if no matching row exists.
func (*Store) IsTokenRevoked ¶
IsTokenRevoked returns true if the jti is present and not yet expired.
func (*Store) ListAuditLog ¶ added in v0.3.0
func (s *Store) ListAuditLog(ctx context.Context, filter store.AuditLogFilter) ([]*store.AuditLogEntry, error)
ListAuditLog returns audit_log entries newest-first, with optional filtering by table, operation, and a minimum timestamp.
func (*Store) ListInsights ¶ added in v0.4.0
func (s *Store) ListInsights(ctx context.Context, projectID uuid.UUID, tag string, limit int) ([]*store.Insight, error)
ListInsights returns live insights for a project ordered by most recently updated.
func (*Store) ListProjects ¶
ListProjects returns all projects in the org, ordered by name.
func (*Store) ListTags ¶
func (s *Store) ListTags(ctx context.Context, projectID uuid.UUID, limit int) ([]store.TagCount, error)
ListTags returns tags for a project ordered by usage frequency.
func (*Store) RevokeToken ¶
RevokeToken inserts a jti into the revoked_tokens table. Idempotent on duplicate jti. Lazily prunes expired rows.
func (*Store) RotateGrant ¶
func (s *Store) RotateGrant(ctx context.Context, oldToken, oldJTI string, oldJWTExpiry time.Time, g store.Grant, retired *store.RetiredRefreshToken) (*store.Grant, error)
RotateGrant atomically replaces a grant row identified by oldToken and records the old jti as revoked in the same transaction. Returns ErrNotFound if oldToken does not match any row (concurrent rotation race).
func (*Store) SaveClient ¶
func (*Store) SearchInsights ¶ added in v0.4.0
func (s *Store) SearchInsights(ctx context.Context, projectID uuid.UUID, query string, tags []string, limit int) ([]*store.Insight, error)
SearchInsights runs a full-text search over live insights in a project.
func (*Store) StoreAuthCode ¶
StoreAuthCode persists an authorization code with a 5-minute TTL. Lazily prunes all expired rows in the same transaction.
func (*Store) StorePendingAuth ¶
StorePendingAuth persists an authorization state with a 10-minute TTL. Lazily prunes all expired rows in the same transaction.
func (*Store) UpdateInsight ¶ added in v0.4.0
func (s *Store) UpdateInsight(ctx context.Context, p store.UpdateInsightParams) (*store.Insight, error)
UpdateInsight patches content and/or tags on an existing live insight, scoped to orgID.
func (*Store) UpsertGrant ¶
UpsertGrant inserts or replaces a grant row and lazily prunes expired grants for the same GitHub user within the same transaction.
func (*Store) UpsertUser ¶
func (s *Store) UpsertUser(ctx context.Context, githubID int64, email, login string) (*store.User, error)
UpsertUser creates or updates a user from GitHub identity. On first login a personal org is created and the user is added as owner. Returns the user row.
func (*Store) WriteInsight ¶ added in v0.4.0
func (s *Store) WriteInsight(ctx context.Context, p store.WriteInsightParams) (*store.Insight, error)
WriteInsight creates or updates an insight. If Key is set and a live insight with that key exists in the project it is updated in place; otherwise a new row is inserted.