startup-starter/skybridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

-

Browse Source
This commit is contained in:
Ryan Copley
2025-09-01 18:26:44 -04:00
parent 74b2d75dbc
commit 3e3ade75e5
31 changed files with 1678 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
user/internal/repository/postgres/user_repository.go
View File

@ -28,10 +28,16 @@ func (r *userRepository) Create(ctx context.Context, user *domain.User) error {
query := `
INSERT INTO users (
id, email, first_name, last_name, display_name, avatar,
role, status, created_at, updated_at, created_by, updated_by
role, status, password_hash, password_salt, email_verified,
email_verification_token, email_verification_expires_at,
two_factor_enabled, two_factor_secret, two_factor_backup_codes,
created_at, updated_at, created_by, updated_by
) VALUES (
:id, :email, :first_name, :last_name, :display_name, :avatar,
:role, :status, :created_at, :updated_at, :created_by, :updated_by
:role, :status, :password_hash, :password_salt, :email_verified,
:email_verification_token, :email_verification_expires_at,
:two_factor_enabled, :two_factor_secret, :two_factor_backup_codes,
:created_at, :updated_at, :created_by, :updated_by
)`
if user.ID == uuid.Nil {
@ -58,7 +64,11 @@ func (r *userRepository) Create(ctx context.Context, user *domain.User) error {
func (r *userRepository) GetByID(ctx context.Context, id uuid.UUID) (*domain.User, error) {
query := `
SELECT id, email, first_name, last_name, display_name, avatar,
role, status, last_login_at, created_at, updated_at, created_by, updated_by
role, status, last_login_at, password_hash, password_salt,
email_verified, email_verification_token, email_verification_expires_at,
password_reset_token, password_reset_expires_at, failed_login_attempts,
locked_until, two_factor_enabled, two_factor_secret, two_factor_backup_codes,
last_password_change, created_at, updated_at, created_by, updated_by
FROM users
WHERE id = $1`
@ -77,7 +87,11 @@ func (r *userRepository) GetByID(ctx context.Context, id uuid.UUID) (*domain.Use
func (r *userRepository) GetByEmail(ctx context.Context, email string) (*domain.User, error) {
query := `
SELECT id, email, first_name, last_name, display_name, avatar,
role, status, last_login_at, created_at, updated_at, created_by, updated_by
role, status, last_login_at, password_hash, password_salt,
email_verified, email_verification_token, email_verification_expires_at,
password_reset_token, password_reset_expires_at, failed_login_attempts,
locked_until, two_factor_enabled, two_factor_secret, two_factor_backup_codes,
last_password_change, created_at, updated_at, created_by, updated_by
FROM users
WHERE email = $1`
@ -302,4 +316,133 @@ func (r *userRepository) ExistsByEmail(ctx context.Context, email string) (bool,
}
return exists, nil
}
// Security methods
func (r *userRepository) IncrementFailedAttempts(ctx context.Context, userID uuid.UUID, lockoutDuration time.Duration) error {
query := `
UPDATE users SET
failed_login_attempts = failed_login_attempts + 1,
locked_until = CASE
WHEN failed_login_attempts + 1 >= 5 THEN $2
ELSE locked_until
END,
updated_at = $3
WHERE id = $1`
_, err := r.db.ExecContext(ctx, query, userID, time.Now().Add(lockoutDuration), time.Now())
if err != nil {
return fmt.Errorf("failed to increment failed attempts: %w", err)
}
return nil
}
func (r *userRepository) ResetFailedAttempts(ctx context.Context, userID uuid.UUID) error {
query := `
UPDATE users SET
failed_login_attempts = 0,
locked_until = NULL,
updated_at = $2
WHERE id = $1`
_, err := r.db.ExecContext(ctx, query, userID, time.Now())
if err != nil {
return fmt.Errorf("failed to reset failed attempts: %w", err)
}
return nil
}
func (r *userRepository) GetFailedAttempts(ctx context.Context, userID uuid.UUID) (int, *time.Time, error) {
query := `SELECT failed_login_attempts, locked_until FROM users WHERE id = $1`
var attempts int
var lockedUntil *time.Time
err := r.db.QueryRowContext(ctx, query, userID).Scan(&attempts, &lockedUntil)
if err != nil {
if err == sql.ErrNoRows {
return 0, nil, fmt.Errorf("user not found")
}
return 0, nil, fmt.Errorf("failed to get failed attempts: %w", err)
}
return attempts, lockedUntil, nil
}
func (r *userRepository) SetEmailVerified(ctx context.Context, userID uuid.UUID, verified bool) error {
query := `
UPDATE users SET
email_verified = $2,
email_verification_token = NULL,
email_verification_expires_at = NULL,
updated_at = $3
WHERE id = $1`
result, err := r.db.ExecContext(ctx, query, userID, verified, time.Now())
if err != nil {
return fmt.Errorf("failed to set email verified: %w", err)
}
rowsAffected, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("failed to get affected rows: %w", err)
}
if rowsAffected == 0 {
return fmt.Errorf("user not found")
}
return nil
}
func (r *userRepository) UpdatePassword(ctx context.Context, userID uuid.UUID, passwordHash string) error {
query := `
UPDATE users SET
password_hash = $2,
last_password_change = $3,
password_reset_token = NULL,
password_reset_expires_at = NULL,
updated_at = $3
WHERE id = $1`
result, err := r.db.ExecContext(ctx, query, userID, passwordHash, time.Now())
if err != nil {
return fmt.Errorf("failed to update password: %w", err)
}
rowsAffected, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("failed to get affected rows: %w", err)
}
if rowsAffected == 0 {
return fmt.Errorf("user not found")
}
return nil
}
func (r *userRepository) UpdateTwoFactorSettings(ctx context.Context, userID uuid.UUID, enabled bool, secret *string, backupCodes []string) error {
query := `
UPDATE users SET
two_factor_enabled = $2,
two_factor_secret = $3,
two_factor_backup_codes = $4,
updated_at = $5
WHERE id = $1`
result, err := r.db.ExecContext(ctx, query, userID, enabled, secret, pq.Array(backupCodes), time.Now())
if err != nil {
return fmt.Errorf("failed to update two factor settings: %w", err)
}
rowsAffected, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("failed to get affected rows: %w", err)
}
if rowsAffected == 0 {
return fmt.Errorf("user not found")
}
return nil
}