Files
root e045e00fbf
Frontend CI / Frontend (push) Successful in 3m8s
Backend CI / Backend (push) Successful in 14m48s
feat(auth,prompt-rule): add password change with session revocation and scope prompt rules by brand
Add self-service password change that re-hashes the credential and bumps a
per-user session version so all existing access/refresh tokens are rejected.
Session version is tracked in Redis with an in-memory fallback and enforced in
middleware and refresh.

Scope prompt rules and rule groups to a brand: new brand_id column (migrated to
a "未归属" fallback brand for existing rows), brand-filtered queries/indexes, and
brand-aware admin-web tabs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 18:09:53 +08:00

218 lines
6.2 KiB
Go

// Code generated by sqlc. DO NOT EDIT.
// versions:
// sqlc v1.30.0
// source: auth.sql
package generated
import (
"context"
"github.com/jackc/pgx/v5/pgtype"
)
const getTenantMembership = `-- name: GetTenantMembership :one
SELECT tm.id,
tm.tenant_id,
tm.user_id,
tm.tenant_role,
tm.created_at,
wm.workspace_id AS primary_workspace_id
FROM tenant_memberships tm
JOIN workspace_memberships wm
ON wm.tenant_id = tm.tenant_id
AND wm.user_id = tm.user_id
AND wm.is_primary = TRUE
WHERE tm.user_id = $1 AND tm.deleted_at IS NULL
LIMIT 1
`
type GetTenantMembershipRow struct {
ID int64 `json:"id"`
TenantID int64 `json:"tenant_id"`
UserID int64 `json:"user_id"`
TenantRole string `json:"tenant_role"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
PrimaryWorkspaceID int64 `json:"primary_workspace_id"`
}
func (q *Queries) GetTenantMembership(ctx context.Context, userID int64) (GetTenantMembershipRow, error) {
row := q.db.QueryRow(ctx, getTenantMembership, userID)
var i GetTenantMembershipRow
err := row.Scan(
&i.ID,
&i.TenantID,
&i.UserID,
&i.TenantRole,
&i.CreatedAt,
&i.PrimaryWorkspaceID,
)
return i, err
}
const getTenantMembershipByTenantAndUser = `-- name: GetTenantMembershipByTenantAndUser :one
SELECT tm.id,
tm.tenant_id,
tm.user_id,
tm.tenant_role,
tm.created_at,
wm.workspace_id AS primary_workspace_id
FROM tenant_memberships tm
JOIN workspace_memberships wm
ON wm.tenant_id = tm.tenant_id
AND wm.user_id = tm.user_id
AND wm.is_primary = TRUE
WHERE tm.tenant_id = $1 AND tm.user_id = $2 AND tm.deleted_at IS NULL
`
type GetTenantMembershipByTenantAndUserParams struct {
TenantID int64 `json:"tenant_id"`
UserID int64 `json:"user_id"`
}
type GetTenantMembershipByTenantAndUserRow struct {
ID int64 `json:"id"`
TenantID int64 `json:"tenant_id"`
UserID int64 `json:"user_id"`
TenantRole string `json:"tenant_role"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
PrimaryWorkspaceID int64 `json:"primary_workspace_id"`
}
func (q *Queries) GetTenantMembershipByTenantAndUser(ctx context.Context, arg GetTenantMembershipByTenantAndUserParams) (GetTenantMembershipByTenantAndUserRow, error) {
row := q.db.QueryRow(ctx, getTenantMembershipByTenantAndUser, arg.TenantID, arg.UserID)
var i GetTenantMembershipByTenantAndUserRow
err := row.Scan(
&i.ID,
&i.TenantID,
&i.UserID,
&i.TenantRole,
&i.CreatedAt,
&i.PrimaryWorkspaceID,
)
return i, err
}
const getUserByEmail = `-- name: GetUserByEmail :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE email = $1 AND deleted_at IS NULL
`
type GetUserByEmailRow struct {
ID int64 `json:"id"`
Email pgtype.Text `json:"email"`
Phone string `json:"phone"`
PasswordHash string `json:"password_hash"`
Name pgtype.Text `json:"name"`
AvatarUrl pgtype.Text `json:"avatar_url"`
Status string `json:"status"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
func (q *Queries) GetUserByEmail(ctx context.Context, email pgtype.Text) (GetUserByEmailRow, error) {
row := q.db.QueryRow(ctx, getUserByEmail, email)
var i GetUserByEmailRow
err := row.Scan(
&i.ID,
&i.Email,
&i.Phone,
&i.PasswordHash,
&i.Name,
&i.AvatarUrl,
&i.Status,
&i.CreatedAt,
&i.UpdatedAt,
)
return i, err
}
const getUserByID = `-- name: GetUserByID :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE id = $1 AND deleted_at IS NULL
`
type GetUserByIDRow struct {
ID int64 `json:"id"`
Email pgtype.Text `json:"email"`
Phone string `json:"phone"`
PasswordHash string `json:"password_hash"`
Name pgtype.Text `json:"name"`
AvatarUrl pgtype.Text `json:"avatar_url"`
Status string `json:"status"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
func (q *Queries) GetUserByID(ctx context.Context, id int64) (GetUserByIDRow, error) {
row := q.db.QueryRow(ctx, getUserByID, id)
var i GetUserByIDRow
err := row.Scan(
&i.ID,
&i.Email,
&i.Phone,
&i.PasswordHash,
&i.Name,
&i.AvatarUrl,
&i.Status,
&i.CreatedAt,
&i.UpdatedAt,
)
return i, err
}
const getUserByLoginIdentifier = `-- name: GetUserByLoginIdentifier :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE (email = $1 OR phone = $1)
AND deleted_at IS NULL
`
type GetUserByLoginIdentifierRow struct {
ID int64 `json:"id"`
Email pgtype.Text `json:"email"`
Phone string `json:"phone"`
PasswordHash string `json:"password_hash"`
Name pgtype.Text `json:"name"`
AvatarUrl pgtype.Text `json:"avatar_url"`
Status string `json:"status"`
CreatedAt pgtype.Timestamptz `json:"created_at"`
UpdatedAt pgtype.Timestamptz `json:"updated_at"`
}
func (q *Queries) GetUserByLoginIdentifier(ctx context.Context, loginIdentifier pgtype.Text) (GetUserByLoginIdentifierRow, error) {
row := q.db.QueryRow(ctx, getUserByLoginIdentifier, loginIdentifier)
var i GetUserByLoginIdentifierRow
err := row.Scan(
&i.ID,
&i.Email,
&i.Phone,
&i.PasswordHash,
&i.Name,
&i.AvatarUrl,
&i.Status,
&i.CreatedAt,
&i.UpdatedAt,
)
return i, err
}
const updateUserPassword = `-- name: UpdateUserPassword :exec
UPDATE users
SET password_hash = $1,
updated_at = NOW()
WHERE id = $2 AND deleted_at IS NULL
`
type UpdateUserPasswordParams struct {
PasswordHash string `json:"password_hash"`
ID int64 `json:"id"`
}
func (q *Queries) UpdateUserPassword(ctx context.Context, arg UpdateUserPasswordParams) error {
_, err := q.db.Exec(ctx, updateUserPassword, arg.PasswordHash, arg.ID)
return err
}