Files
geo/server/internal/tenant/repository/queries/auth.sql
T
root e045e00fbf
Frontend CI / Frontend (push) Successful in 3m8s
Backend CI / Backend (push) Successful in 14m48s
feat(auth,prompt-rule): add password change with session revocation and scope prompt rules by brand
Add self-service password change that re-hashes the credential and bumps a
per-user session version so all existing access/refresh tokens are rejected.
Session version is tracked in Redis with an in-memory fallback and enforced in
middleware and refresh.

Scope prompt rules and rule groups to a brand: new brand_id column (migrated to
a "未归属" fallback brand for existing rows), brand-filtered queries/indexes, and
brand-aware admin-web tabs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 18:09:53 +08:00

51 lines
1.6 KiB
SQL

-- name: GetUserByEmail :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE email = sqlc.arg(email) AND deleted_at IS NULL;
-- name: GetUserByLoginIdentifier :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE (email = sqlc.arg(login_identifier) OR phone = sqlc.arg(login_identifier))
AND deleted_at IS NULL;
-- name: GetUserByID :one
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
FROM users
WHERE id = sqlc.arg(id) AND deleted_at IS NULL;
-- name: UpdateUserPassword :exec
UPDATE users
SET password_hash = sqlc.arg(password_hash),
updated_at = NOW()
WHERE id = sqlc.arg(id) AND deleted_at IS NULL;
-- name: GetTenantMembership :one
SELECT tm.id,
tm.tenant_id,
tm.user_id,
tm.tenant_role,
tm.created_at,
wm.workspace_id AS primary_workspace_id
FROM tenant_memberships tm
JOIN workspace_memberships wm
ON wm.tenant_id = tm.tenant_id
AND wm.user_id = tm.user_id
AND wm.is_primary = TRUE
WHERE tm.user_id = sqlc.arg(user_id) AND tm.deleted_at IS NULL
LIMIT 1;
-- name: GetTenantMembershipByTenantAndUser :one
SELECT tm.id,
tm.tenant_id,
tm.user_id,
tm.tenant_role,
tm.created_at,
wm.workspace_id AS primary_workspace_id
FROM tenant_memberships tm
JOIN workspace_memberships wm
ON wm.tenant_id = tm.tenant_id
AND wm.user_id = tm.user_id
AND wm.is_primary = TRUE
WHERE tm.tenant_id = sqlc.arg(tenant_id) AND tm.user_id = sqlc.arg(user_id) AND tm.deleted_at IS NULL;