alphacentri/anchorage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
anchorage/internal/pkg/store/postgres/sqlc/tokens.sql.go
William Gill 12bf35caf8 anchorage v1.0 initial tree 
Greenfield Go multi-tenant IPFS Pinning Service wire-compatible with the
IPFS Pinning Services API spec. Paired 1:1 with Kubo over localhost RPC,
clustered via embedded NATS JetStream, Postgres source-of-truth with
RLS-enforced tenancy, Fiber + huma v2 for the HTTP surface, Authentik
OIDC for session login with kid-rotated HS256 JWT API tokens.

Feature-complete against the 22-milestone build plan, including the
ship-it v1.0 gap items:

  * admin CLIs: drain/uncordon, maintenance, mint-token, rotate-key,
    prune-denylist, rebalance --dry-run, cache-stats, cluster-presences
  * TTL leader election via NATS KV, fence tokens, JetStream dedup
  * rebalancer (plan/apply split), reconciler, requeue sweeper
  * ristretto caches with NATS-backed cross-node invalidation
    (placements live-nodes + token denylist)
  * maintenance watchdog for stuck cluster-pause flag
  * Prometheus /metrics with CIDR ACL, HTTP/pin/scheduler/cache gauges
  * rate limiting: session (10/min) + anonymous global (120/min)
  * integration tests: rebalance, refcount multi-org, RLS belt
  * goreleaser (tar + deb/rpm/apk + Alpine Docker) targeting Gitea

Stack: Cobra/Viper, Fiber v2 + huma v2, embedded NATS JetStream,
pgx/sqlc/golang-migrate, ristretto, TypeID, prometheus/client_golang,
testcontainers-go.
2026-04-16 18:13:36 -05:00

175 lines
4.1 KiB
Go
Raw Permalink Blame History

// Code generated by sqlc. DO NOT EDIT.
// versions:
// sqlc v1.30.0
// source: tokens.sql
package sqlc
import (
"context"
"anchorage/internal/pkg/ids"
"github.com/jackc/pgx/v5/pgtype"
)
const addTokenDenylist = `-- name: AddTokenDenylist :exec
INSERT INTO token_denylist (jti, expires_at, reason)
VALUES ($1, $2, $3)
ON CONFLICT (jti) DO NOTHING
`
type AddTokenDenylistParams struct {
Jti string
ExpiresAt pgtype.Timestamptz
Reason string
}
func (q *Queries) AddTokenDenylist(ctx context.Context, arg AddTokenDenylistParams) error {
_, err := q.db.Exec(ctx, addTokenDenylist, arg.Jti, arg.ExpiresAt, arg.Reason)
return err
}
const createAPIToken = `-- name: CreateAPIToken :one
INSERT INTO api_tokens (jti, org_id, user_id, label, scopes, expires_at)
VALUES ($1, $2, $3, $4, $5, $6)
RETURNING jti, org_id, user_id, label, scopes, expires_at, revoked_at, last_used_at, created_at, updated_at
`
type CreateAPITokenParams struct {
Jti ids.TokenID
OrgID ids.OrgID
UserID ids.UserID
Label string
Scopes []string
ExpiresAt pgtype.Timestamptz
}
func (q *Queries) CreateAPIToken(ctx context.Context, arg CreateAPITokenParams) (ApiToken, error) {
row := q.db.QueryRow(ctx, createAPIToken,
arg.Jti,
arg.OrgID,
arg.UserID,
arg.Label,
arg.Scopes,
arg.ExpiresAt,
)
var i ApiToken
err := row.Scan(
&i.Jti,
&i.OrgID,
&i.UserID,
&i.Label,
&i.Scopes,
&i.ExpiresAt,
&i.RevokedAt,
&i.LastUsedAt,
&i.CreatedAt,
&i.UpdatedAt,
)
return i, err
}
const getAPITokenByJTI = `-- name: GetAPITokenByJTI :one
SELECT jti, org_id, user_id, label, scopes, expires_at, revoked_at, last_used_at, created_at, updated_at FROM api_tokens WHERE jti = $1
`
func (q *Queries) GetAPITokenByJTI(ctx context.Context, jti ids.TokenID) (ApiToken, error) {
row := q.db.QueryRow(ctx, getAPITokenByJTI, jti)
var i ApiToken
err := row.Scan(
&i.Jti,
&i.OrgID,
&i.UserID,
&i.Label,
&i.Scopes,
&i.ExpiresAt,
&i.RevokedAt,
&i.LastUsedAt,
&i.CreatedAt,
&i.UpdatedAt,
)
return i, err
}
const isTokenDenied = `-- name: IsTokenDenied :one
SELECT EXISTS(
SELECT 1 FROM token_denylist WHERE jti = $1 AND expires_at > now()
)
`
func (q *Queries) IsTokenDenied(ctx context.Context, jti string) (bool, error) {
row := q.db.QueryRow(ctx, isTokenDenied, jti)
var exists bool
err := row.Scan(&exists)
return exists, err
}
const listAPITokensForUser = `-- name: ListAPITokensForUser :many
SELECT jti, org_id, user_id, label, scopes, expires_at, revoked_at, last_used_at, created_at, updated_at FROM api_tokens
WHERE org_id = $1 AND user_id = $2 AND revoked_at IS NULL
ORDER BY created_at DESC
`
type ListAPITokensForUserParams struct {
OrgID ids.OrgID
UserID ids.UserID
}
func (q *Queries) ListAPITokensForUser(ctx context.Context, arg ListAPITokensForUserParams) ([]ApiToken, error) {
rows, err := q.db.Query(ctx, listAPITokensForUser, arg.OrgID, arg.UserID)
if err != nil {
return nil, err
}
defer rows.Close()
var items []ApiToken
for rows.Next() {
var i ApiToken
if err := rows.Scan(
&i.Jti,
&i.OrgID,
&i.UserID,
&i.Label,
&i.Scopes,
&i.ExpiresAt,
&i.RevokedAt,
&i.LastUsedAt,
&i.CreatedAt,
&i.UpdatedAt,
); err != nil {
return nil, err
}
items = append(items, i)
}
if err := rows.Err(); err != nil {
return nil, err
}
return items, nil
}
const pruneTokenDenylist = `-- name: PruneTokenDenylist :exec
DELETE FROM token_denylist WHERE expires_at <= now()
`
func (q *Queries) PruneTokenDenylist(ctx context.Context) error {
_, err := q.db.Exec(ctx, pruneTokenDenylist)
return err
}
const revokeAPIToken = `-- name: RevokeAPIToken :exec
UPDATE api_tokens SET revoked_at = now() WHERE jti = $1
`
func (q *Queries) RevokeAPIToken(ctx context.Context, jti ids.TokenID) error {
_, err := q.db.Exec(ctx, revokeAPIToken, jti)
return err
}
const touchAPITokenLastUsed = `-- name: TouchAPITokenLastUsed :exec
UPDATE api_tokens SET last_used_at = now() WHERE jti = $1
`
func (q *Queries) TouchAPITokenLastUsed(ctx context.Context, jti ids.TokenID) error {
_, err := q.db.Exec(ctx, touchAPITokenLastUsed, jti)
return err
}
Reference in New Issue View Git Blame Copy Permalink