multica/server/pkg/db/generated/personal_access_token.sql.go

// Code generated by sqlc. DO NOT EDIT.
// versions:
//   sqlc v1.31.1
// source: personal_access_token.sql

package db

import (
	"context"

	"github.com/jackc/pgx/v5/pgtype"
)

const createPersonalAccessToken = `-- name: CreatePersonalAccessToken :one
INSERT INTO personal_access_token (user_id, name, token_hash, token_prefix, expires_at)
VALUES ($1, $2, $3, $4, $5)
RETURNING id, user_id, name, token_hash, token_prefix, expires_at, last_used_at, revoked, created_at
`

type CreatePersonalAccessTokenParams struct {
	UserID      pgtype.UUID        `json:"user_id"`
	Name        string             `json:"name"`
	TokenHash   string             `json:"token_hash"`
	TokenPrefix string             `json:"token_prefix"`
	ExpiresAt   pgtype.Timestamptz `json:"expires_at"`
}

func (q *Queries) CreatePersonalAccessToken(ctx context.Context, arg CreatePersonalAccessTokenParams) (PersonalAccessToken, error) {
	row := q.db.QueryRow(ctx, createPersonalAccessToken,
		arg.UserID,
		arg.Name,
		arg.TokenHash,
		arg.TokenPrefix,
		arg.ExpiresAt,
	)
	var i PersonalAccessToken
	err := row.Scan(
		&i.ID,
		&i.UserID,
		&i.Name,
		&i.TokenHash,
		&i.TokenPrefix,
		&i.ExpiresAt,
		&i.LastUsedAt,
		&i.Revoked,
		&i.CreatedAt,
	)
	return i, err
}

const extendPersonalAccessTokenExpiry = `-- name: ExtendPersonalAccessTokenExpiry :one
UPDATE personal_access_token
SET expires_at = $1
WHERE id = $2
  AND revoked = FALSE
  AND expires_at IS NOT NULL
  AND expires_at > now()
  AND expires_at <= $3
RETURNING expires_at
`

type ExtendPersonalAccessTokenExpiryParams struct {
	NewExpiresAt     pgtype.Timestamptz `json:"new_expires_at"`
	ID               pgtype.UUID        `json:"id"`
	RenewThresholdAt pgtype.Timestamptz `json:"renew_threshold_at"`
}

// In-place renew: only bumps expires_at when the token is still valid
// (not revoked, not already expired) AND the existing expires_at is
// still inside the renewal threshold ($3, e.g. now + 7d). Phrasing the
// CAS this way — "is the row still renewable?" rather than "is the
// requested new expiry larger than the current one?" — makes concurrent
// renews idempotent: once writer A bumps expires_at past the threshold,
// writer B's UPDATE matches zero rows (sqlc :one returns pgx.ErrNoRows,
// which the caller treats as "already renewed"). A naive `expires_at <
// $2` would still match because two callers race-computing
// `$2 = now + 90d` produce strictly-different values and the second
// one's $2 is always greater than the row A just wrote.
func (q *Queries) ExtendPersonalAccessTokenExpiry(ctx context.Context, arg ExtendPersonalAccessTokenExpiryParams) (pgtype.Timestamptz, error) {
	row := q.db.QueryRow(ctx, extendPersonalAccessTokenExpiry, arg.NewExpiresAt, arg.ID, arg.RenewThresholdAt)
	var expires_at pgtype.Timestamptz
	err := row.Scan(&expires_at)
	return expires_at, err
}

const getPersonalAccessTokenByHash = `-- name: GetPersonalAccessTokenByHash :one
SELECT id, user_id, name, token_hash, token_prefix, expires_at, last_used_at, revoked, created_at FROM personal_access_token
WHERE token_hash = $1
  AND revoked = FALSE
  AND (expires_at IS NULL OR expires_at > now())
`

func (q *Queries) GetPersonalAccessTokenByHash(ctx context.Context, tokenHash string) (PersonalAccessToken, error) {
	row := q.db.QueryRow(ctx, getPersonalAccessTokenByHash, tokenHash)
	var i PersonalAccessToken
	err := row.Scan(
		&i.ID,
		&i.UserID,
		&i.Name,
		&i.TokenHash,
		&i.TokenPrefix,
		&i.ExpiresAt,
		&i.LastUsedAt,
		&i.Revoked,
		&i.CreatedAt,
	)
	return i, err
}

const listPersonalAccessTokensByUser = `-- name: ListPersonalAccessTokensByUser :many
SELECT id, user_id, name, token_hash, token_prefix, expires_at, last_used_at, revoked, created_at FROM personal_access_token
WHERE user_id = $1
  AND revoked = FALSE
ORDER BY created_at DESC
`

func (q *Queries) ListPersonalAccessTokensByUser(ctx context.Context, userID pgtype.UUID) ([]PersonalAccessToken, error) {
	rows, err := q.db.Query(ctx, listPersonalAccessTokensByUser, userID)
	if err != nil {
		return nil, err
	}
	defer rows.Close()
	items := []PersonalAccessToken{}
	for rows.Next() {
		var i PersonalAccessToken
		if err := rows.Scan(
			&i.ID,
			&i.UserID,
			&i.Name,
			&i.TokenHash,
			&i.TokenPrefix,
			&i.ExpiresAt,
			&i.LastUsedAt,
			&i.Revoked,
			&i.CreatedAt,
		); err != nil {
			return nil, err
		}
		items = append(items, i)
	}
	if err := rows.Err(); err != nil {
		return nil, err
	}
	return items, nil
}

const revokePersonalAccessToken = `-- name: RevokePersonalAccessToken :one
UPDATE personal_access_token
SET revoked = TRUE
WHERE id = $1 AND user_id = $2
RETURNING token_hash
`

type RevokePersonalAccessTokenParams struct {
	ID     pgtype.UUID `json:"id"`
	UserID pgtype.UUID `json:"user_id"`
}

func (q *Queries) RevokePersonalAccessToken(ctx context.Context, arg RevokePersonalAccessTokenParams) (string, error) {
	row := q.db.QueryRow(ctx, revokePersonalAccessToken, arg.ID, arg.UserID)
	var token_hash string
	err := row.Scan(&token_hash)
	return token_hash, err
}

const updatePersonalAccessTokenLastUsed = `-- name: UpdatePersonalAccessTokenLastUsed :exec
UPDATE personal_access_token
SET last_used_at = now()
WHERE id = $1
`

func (q *Queries) UpdatePersonalAccessTokenLastUsed(ctx context.Context, id pgtype.UUID) error {
	_, err := q.db.Exec(ctx, updatePersonalAccessTokenLastUsed, id)
	return err
}