user

package
v0.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

store.go is the data-access layer for User. Same conventions as the entity stores: sqlc-generated typed methods, no sqlc types in exported signatures, (nil, nil) on not-found.

Package user owns the DB-backed user account: the row behind a login session. Users are not a catalog kind — no metadata envelope, no snapshot, no NOTIFY; they are identity, not routing config.

Two credential shapes coexist on one row: a local bcrypt password hash (password login) and/or an external identity subject ("issuer|sub", OIDC login). Either may be absent. Authorization is out of scope — roles are carried verbatim for app/authz to interpret.

Index

Constants

View Source
const RoleAdmin = "admin"

RoleAdmin is the only role with defined meaning today: full access, including rows owned by other users.

Variables

This section is empty.

Functions

func HashPassword

func HashPassword(password string) (string, error)

HashPassword bcrypt-hashes a cleartext password for storage.

func SeedFromIdentity

func SeedFromIdentity(ctx context.Context, s *Store, id *identity.Store, log *slog.Logger) error

SeedFromIdentity copies YAML identity users (config/users/) into the users table, seed-if-absent by username — same pattern as the settings seed. The YAML files remain the bootstrap/break-glass path; the table is what login reads. Plain-text YAML passwords are bcrypt-hashed on ingest so cleartext never lands in Postgres; already-hashed values are stored verbatim.

func VerifyPassword

func VerifyPassword(hash, password string) bool

VerifyPassword checks cleartext against the stored hash. bcrypt hashes ("$2a$"/"$2b$"/"$2y$" prefix) compare via bcrypt; anything else is treated as a legacy plain value and compared constant-time (the YAML seed hashes plain passwords on ingest, so plain values here should not occur — kept for defense in depth). Empty hash never matches: an OIDC-only user has no password login.

Types

type Store

type Store struct {
	// contains filtered or unexported fields
}

Store is the User data-access type.

func NewStore

func NewStore(q *gen.Queries) *Store

NewStore constructs a Store from an existing sqlc Queries handle.

func (*Store) ByOIDCSubject

func (s *Store) ByOIDCSubject(ctx context.Context, subject string) (*User, error)

ByOIDCSubject returns the user bound to the external identity subject ("issuer|sub"), or (nil, nil).

func (*Store) ByUsername

func (s *Store) ByUsername(ctx context.Context, username string) (*User, error)

ByUsername returns the user with the given username, or (nil, nil).

func (*Store) Delete

func (s *Store) Delete(ctx context.Context, id string) error

Delete removes a user by id.

func (*Store) Get

func (s *Store) Get(ctx context.Context, id string) (*User, error)

Get returns the user with the given id, or (nil, nil) if not found.

func (*Store) List

func (s *Store) List(ctx context.Context) ([]*User, error)

List returns every user, oldest first.

func (*Store) Upsert

func (s *Store) Upsert(ctx context.Context, u *User) error

Upsert writes u. Caller is responsible for stamping ID.

type User

type User struct {
	ID           string    `json:"id"`
	Username     string    `json:"username"`
	Email        string    `json:"email,omitempty"`
	PasswordHash string    `json:"-"`
	OIDCSubject  string    `json:"oidcSubject,omitempty"`
	Roles        []string  `json:"roles,omitempty"`
	Disabled     bool      `json:"disabled,omitempty"`
	CreatedAt    time.Time `json:"createdAt,omitempty"`
	UpdatedAt    time.Time `json:"updatedAt,omitempty"`
}

User is one account row.

func (*User) HasRole

func (u *User) HasRole(role string) bool

HasRole reports whether the user carries role.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL