e045e00fbf
Add self-service password change that re-hashes the credential and bumps a per-user session version so all existing access/refresh tokens are rejected. Session version is tracked in Redis with an in-memory fallback and enforced in middleware and refresh. Scope prompt rules and rule groups to a brand: new brand_id column (migrated to a "未归属" fallback brand for existing rows), brand-filtered queries/indexes, and brand-aware admin-web tabs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
51 lines
1.6 KiB
SQL
51 lines
1.6 KiB
SQL
-- name: GetUserByEmail :one
|
|
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
|
|
FROM users
|
|
WHERE email = sqlc.arg(email) AND deleted_at IS NULL;
|
|
|
|
-- name: GetUserByLoginIdentifier :one
|
|
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
|
|
FROM users
|
|
WHERE (email = sqlc.arg(login_identifier) OR phone = sqlc.arg(login_identifier))
|
|
AND deleted_at IS NULL;
|
|
|
|
-- name: GetUserByID :one
|
|
SELECT id, email, phone, password_hash, name, avatar_url, status, created_at, updated_at
|
|
FROM users
|
|
WHERE id = sqlc.arg(id) AND deleted_at IS NULL;
|
|
|
|
-- name: UpdateUserPassword :exec
|
|
UPDATE users
|
|
SET password_hash = sqlc.arg(password_hash),
|
|
updated_at = NOW()
|
|
WHERE id = sqlc.arg(id) AND deleted_at IS NULL;
|
|
|
|
-- name: GetTenantMembership :one
|
|
SELECT tm.id,
|
|
tm.tenant_id,
|
|
tm.user_id,
|
|
tm.tenant_role,
|
|
tm.created_at,
|
|
wm.workspace_id AS primary_workspace_id
|
|
FROM tenant_memberships tm
|
|
JOIN workspace_memberships wm
|
|
ON wm.tenant_id = tm.tenant_id
|
|
AND wm.user_id = tm.user_id
|
|
AND wm.is_primary = TRUE
|
|
WHERE tm.user_id = sqlc.arg(user_id) AND tm.deleted_at IS NULL
|
|
LIMIT 1;
|
|
|
|
-- name: GetTenantMembershipByTenantAndUser :one
|
|
SELECT tm.id,
|
|
tm.tenant_id,
|
|
tm.user_id,
|
|
tm.tenant_role,
|
|
tm.created_at,
|
|
wm.workspace_id AS primary_workspace_id
|
|
FROM tenant_memberships tm
|
|
JOIN workspace_memberships wm
|
|
ON wm.tenant_id = tm.tenant_id
|
|
AND wm.user_id = tm.user_id
|
|
AND wm.is_primary = TRUE
|
|
WHERE tm.tenant_id = sqlc.arg(tenant_id) AND tm.user_id = sqlc.arg(user_id) AND tm.deleted_at IS NULL;
|