postgres

package
v2.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PGStore 

type PGStore struct {
	// contains filtered or unexported fields
}

PGStore implements auth.Store using PostgreSQL via pgx.

func New 

func New(db *pgxpool.Pool, cfg auth.Config) *PGStore

New creates a new PGStore backed by the given pgx connection pool.

func (*PGStore) AddPermissionToGroup 

func (s *PGStore) AddPermissionToGroup(ctx context.Context, groupID string, permissionKey string) error

AddPermissionToGroup adds a permission to a group.

func (*PGStore) AddUsersToGroup added in v2.1.0 

func (s *PGStore) AddUsersToGroup(ctx context.Context, groupID string, userIDs []string) error

AddUsersToGroup adds multiple users to a group in bulk.

func (*PGStore) AssignPermission 

func (s *PGStore) AssignPermission(ctx context.Context, userID string, permissionKey string) error

AssignPermission assigns a permission directly to a user.

func (*PGStore) AssignPermissionsToOrganization added in v2.1.0 

func (s *PGStore) AssignPermissionsToOrganization(ctx context.Context, orgID string, permissionKeys []string) error

AssignPermissionsToOrganization assigns permissions to an organization.

func (*PGStore) AssignUserToGroup 

func (s *PGStore) AssignUserToGroup(ctx context.Context, userID string, groupID string) error

AssignUserToGroup adds a user to a group.

func (*PGStore) Bootstrap 

func (s *PGStore) Bootstrap(ctx context.Context, superAdminEmail string, superAdminPassword string, organizations ...map[string][]string) error

Bootstrap creates the schema, seeds default permissions, and ensures the super admin user exists with all permissions and a password. Safe to call on every server start (idempotent). organizations is optional variadic map of organization name -> permission keys. superAdminPassword is optional — if provided, sets the super admin's password; if empty, no password is set.

func (*PGStore) ChangePassword 

func (s *PGStore) ChangePassword(ctx context.Context, userID string, currentPassword string, newPassword string) error

ChangePassword verifies the current password, then updates to the new one. Returns ErrPasswordNotSet if the user has no password (OTP-only account). Returns ErrPasswordInvalid if the current password is wrong. Returns ErrPasswordTooWeak if the new password doesn't meet strength requirements.

func (*PGStore) CreateGroup 

func (s *PGStore) CreateGroup(ctx context.Context, name string) (*auth.Group, error)

CreateGroup creates a new permission group.

func (*PGStore) CreateOTP 

func (s *PGStore) CreateOTP(ctx context.Context, email string) (*auth.OTP, error)

CreateOTP generates a random OTP code for the given email and stores it.

func (*PGStore) CreateOrganizationWithPermissions added in v2.1.0 

func (s *PGStore) CreateOrganizationWithPermissions(ctx context.Context, name string, permissionKeys []string) (*auth.Organization, error)

CreateOrganizationWithPermissions creates a new organization with assigned permissions. Idempotent — returns existing organization if already exists.

func (*PGStore) CreatePasswordReset 

func (s *PGStore) CreatePasswordReset(ctx context.Context, email string) (rawToken string, expiresAt time.Time, err error)

CreatePasswordReset generates a password reset token for the given email. Invalidates any existing unused tokens for that user. Returns the raw token (for the reset link) and expiry time.

func (*PGStore) CreatePermission 

func (s *PGStore) CreatePermission(ctx context.Context, key string, description string) (*auth.Permission, error)

CreatePermission creates a new permission with the given key and description.

func (*PGStore) CreateSchema 

func (s *PGStore) CreateSchema(ctx context.Context) error

CreateSchema applies all pending migrations. Delegates to Migrate for migration-based schema management.

func (*PGStore) CreateUser 

func (s *PGStore) CreateUser(ctx context.Context, email string) (*auth.User, error)

CreateUser creates a new user with the given email.

func (*PGStore) CreateUserWithOrganization added in v2.1.0 

func (s *PGStore) CreateUserWithOrganization(ctx context.Context, email string, organization string) (*auth.User, error)

CreateUserWithOrganization creates a new user assigned to an organization.

func (*PGStore) DeleteGroup 

func (s *PGStore) DeleteGroup(ctx context.Context, id string) error

DeleteGroup deletes a group by ID. Cascades to group_permissions and user_groups.

func (*PGStore) DeletePermission 

func (s *PGStore) DeletePermission(ctx context.Context, id string) error

DeletePermission deletes a permission by its ID. Cascades to user_permissions and group_permissions.

func (*PGStore) DropSchema 

func (s *PGStore) DropSchema(ctx context.Context) error

DropSchema drops all auth tables and the migrations tracking table.

func (*PGStore) GetAllUserPermissions added in v2.1.0 

func (s *PGStore) GetAllUserPermissions(ctx context.Context, userID string) ([]auth.Permission, error)

GetAllUserPermissions returns all permissions for a user (direct + from groups + from organizations).

func (*PGStore) GetGroup 

func (s *PGStore) GetGroup(ctx context.Context, id string) (*auth.Group, error)

GetGroup fetches a group by ID, including its permissions.

func (*PGStore) GetGroupMembers added in v2.1.0 

func (s *PGStore) GetGroupMembers(ctx context.Context, groupID string) ([]auth.User, error)

GetGroupMembers returns all users in a group.

func (*PGStore) GetOrganization added in v2.1.0 

func (s *PGStore) GetOrganization(ctx context.Context, id string) (*auth.Organization, error)

GetOrganization fetches an organization by ID, including its permissions.

func (*PGStore) GetOrganizationByName added in v2.1.0 

func (s *PGStore) GetOrganizationByName(ctx context.Context, name string) (*auth.Organization, error)

GetOrganizationByName fetches an organization by name.

func (*PGStore) GetOrganizationPermissions added in v2.1.0 

func (s *PGStore) GetOrganizationPermissions(ctx context.Context, orgID string) ([]auth.Permission, error)

GetOrganizationPermissions returns all permissions for an organization.

func (*PGStore) GetPermission 

func (s *PGStore) GetPermission(ctx context.Context, key string) (*auth.Permission, error)

GetPermission fetches a permission by its key.

func (*PGStore) GetResolvedPermissions 

func (s *PGStore) GetResolvedPermissions(ctx context.Context, userID string) ([]auth.Permission, error)

GetResolvedPermissions returns all permissions for a user (direct + from groups + from organizations), deduplicated.

func (*PGStore) GetUserByEmail 

func (s *PGStore) GetUserByEmail(ctx context.Context, email string) (*auth.User, error)

GetUserByEmail fetches a user by their email. Returns nil, nil if not found.

func (*PGStore) GetUserByID 

func (s *PGStore) GetUserByID(ctx context.Context, id string) (*auth.User, error)

GetUserByID fetches a user by their ID. Returns nil, nil if not found.

func (*PGStore) GetUserGroups 

func (s *PGStore) GetUserGroups(ctx context.Context, userID string) ([]auth.Group, error)

GetUserGroups returns all groups a user belongs to.

func (*PGStore) GetUserOrganization added in v2.1.0 

func (s *PGStore) GetUserOrganization(ctx context.Context, userID string) (string, error)

GetUserOrganization returns the organization assigned to a user.

func (*PGStore) GetUserPermissions 

func (s *PGStore) GetUserPermissions(ctx context.Context, userID string) ([]auth.Permission, error)

GetUserPermissions returns all direct permissions for a user.

func (*PGStore) HasAnyPermission added in v2.1.0 

func (s *PGStore) HasAnyPermission(ctx context.Context, userID string, permissionKeys []string) (bool, error)

HasAnyPermission checks if a user has any of the given permissions.

func (*PGStore) HasPassword 

func (s *PGStore) HasPassword(ctx context.Context, userID string) (bool, error)

HasPassword checks if a user has a password set.

func (*PGStore) HasPermission 

func (s *PGStore) HasPermission(ctx context.Context, userID string, permissionKey string) (bool, error)

HasPermission checks if a user has a specific direct permission.

func (*PGStore) HasResolvedPermission 

func (s *PGStore) HasResolvedPermission(ctx context.Context, userID string, permissionKey string) (bool, error)

HasResolvedPermission checks if a user has a permission (direct, via group, or via organization).

func (*PGStore) ListGroups 

func (s *PGStore) ListGroups(ctx context.Context) ([]auth.Group, error)

ListGroups returns all groups (without permissions).

func (*PGStore) ListOrganizations added in v2.1.0 

func (s *PGStore) ListOrganizations(ctx context.Context) ([]auth.Organization, error)

ListOrganizations returns all organizations (without permissions).

func (*PGStore) ListPermissions 

func (s *PGStore) ListPermissions(ctx context.Context) ([]auth.Permission, error)

ListPermissions returns all permissions.

func (*PGStore) ListUsers 

func (s *PGStore) ListUsers(ctx context.Context) ([]auth.User, error)

ListUsers returns all users.

func (*PGStore) LoginWithPassword 

func (s *PGStore) LoginWithPassword(ctx context.Context, email string, plainPassword string) (*auth.User, error)

LoginWithPassword validates the email and password, returning the user if valid. Returns ErrPasswordNotSet if the user exists but has no password (OTP-only account). Returns ErrPasswordInvalid if the password is incorrect.

func (*PGStore) Migrate 

func (s *PGStore) Migrate(ctx context.Context) error

Migrate applies all pending migrations in order, within transactions.

func (*PGStore) MigrationStatus 

func (s *PGStore) MigrationStatus(ctx context.Context) ([]auth.MigrationRecord, error)

MigrationStatus returns all migrations with their applied status.

func (*PGStore) RegisterWithPassword 

func (s *PGStore) RegisterWithPassword(ctx context.Context, email string, plainPassword string) (*auth.User, error)

RegisterWithPassword creates a new user with an email and password. Returns ErrEmailAlreadyRegistered if the email is already taken.

func (*PGStore) RemovePermissionFromGroup 

func (s *PGStore) RemovePermissionFromGroup(ctx context.Context, groupID string, permissionID string) error

RemovePermissionFromGroup removes a permission from a group.

func (*PGStore) RemovePermissionsFromOrganization added in v2.1.0 

func (s *PGStore) RemovePermissionsFromOrganization(ctx context.Context, orgID string, permissionKeys []string) error

RemovePermissionsFromOrganization removes permissions from an organization.

func (*PGStore) RemoveUserFromGroup 

func (s *PGStore) RemoveUserFromGroup(ctx context.Context, userID string, groupID string) error

RemoveUserFromGroup removes a user from a group.

func (*PGStore) RemoveUsersFromGroup added in v2.1.0 

func (s *PGStore) RemoveUsersFromGroup(ctx context.Context, groupID string, userIDs []string) error

RemoveUsersFromGroup removes multiple users from a group in bulk.

func (*PGStore) ResetPassword 

func (s *PGStore) ResetPassword(ctx context.Context, rawToken string, newPassword string) error

ResetPassword validates the reset token and updates the user's password. Marks the token as used atomically. Returns ErrResetTokenInvalid if the token is not found or has expired. Returns ErrResetTokenUsed if the token has already been used. Returns ErrPasswordTooWeak if the new password doesn't meet strength requirements.

func (*PGStore) RevokePermission 

func (s *PGStore) RevokePermission(ctx context.Context, userID string, permissionKey string) error

RevokePermission removes a direct permission from a user.

func (*PGStore) Rollback 

func (s *PGStore) Rollback(ctx context.Context) error

Rollback rolls back the last applied migration.

func (*PGStore) SetPassword 

func (s *PGStore) SetPassword(ctx context.Context, userID string, plainPassword string) error

SetPassword updates a user's password (admin override). Returns ErrUserNotFound if the user does not exist.

func (*PGStore) VerifyOTP 

func (s *PGStore) VerifyOTP(ctx context.Context, email string, code string) (*auth.User, error)

VerifyOTP validates the OTP code for the given email. If valid, it marks the OTP as verified and returns the user (auto-creating if needed).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.