package repository import ( "context" "time" "github.com/google/uuid" "github.com/kms/api-key-service/internal/audit" "github.com/kms/api-key-service/internal/domain" ) // ApplicationRepository defines the interface for application data operations type ApplicationRepository interface { // Create creates a new application Create(ctx context.Context, app *domain.Application) error // GetByID retrieves an application by its ID GetByID(ctx context.Context, appID string) (*domain.Application, error) // List retrieves applications with pagination List(ctx context.Context, limit, offset int) ([]*domain.Application, error) // Update updates an existing application Update(ctx context.Context, appID string, updates *domain.UpdateApplicationRequest) (*domain.Application, error) // Delete deletes an application Delete(ctx context.Context, appID string) error // Exists checks if an application exists Exists(ctx context.Context, appID string) (bool, error) } // StaticTokenRepository defines the interface for static token data operations type StaticTokenRepository interface { // Create creates a new static token Create(ctx context.Context, token *domain.StaticToken) error // GetByID retrieves a static token by its ID GetByID(ctx context.Context, tokenID uuid.UUID) (*domain.StaticToken, error) // GetByKeyHash retrieves a static token by its key hash GetByKeyHash(ctx context.Context, keyHash string) (*domain.StaticToken, error) // GetByAppID retrieves all static tokens for an application GetByAppID(ctx context.Context, appID string) ([]*domain.StaticToken, error) // List retrieves static tokens with pagination List(ctx context.Context, limit, offset int) ([]*domain.StaticToken, error) // Delete deletes a static token Delete(ctx context.Context, tokenID uuid.UUID) error // Exists checks if a static token exists Exists(ctx context.Context, tokenID uuid.UUID) (bool, error) } // PermissionRepository defines the interface for permission data operations type PermissionRepository interface { // CreateAvailablePermission creates a new available permission CreateAvailablePermission(ctx context.Context, permission *domain.AvailablePermission) error // GetAvailablePermission retrieves an available permission by ID GetAvailablePermission(ctx context.Context, permissionID uuid.UUID) (*domain.AvailablePermission, error) // GetAvailablePermissionByScope retrieves an available permission by scope GetAvailablePermissionByScope(ctx context.Context, scope string) (*domain.AvailablePermission, error) // ListAvailablePermissions retrieves available permissions with pagination and filtering ListAvailablePermissions(ctx context.Context, category string, includeSystem bool, limit, offset int) ([]*domain.AvailablePermission, error) // UpdateAvailablePermission updates an available permission UpdateAvailablePermission(ctx context.Context, permissionID uuid.UUID, permission *domain.AvailablePermission) error // DeleteAvailablePermission deletes an available permission DeleteAvailablePermission(ctx context.Context, permissionID uuid.UUID) error // ValidatePermissionScopes checks if all given scopes exist and are valid ValidatePermissionScopes(ctx context.Context, scopes []string) ([]string, error) // returns invalid scopes // GetPermissionHierarchy returns all parent and child permissions for given scopes GetPermissionHierarchy(ctx context.Context, scopes []string) ([]*domain.AvailablePermission, error) } // GrantedPermissionRepository defines the interface for granted permission operations type GrantedPermissionRepository interface { // GrantPermissions grants multiple permissions to a token GrantPermissions(ctx context.Context, grants []*domain.GrantedPermission) error // GetGrantedPermissions retrieves all granted permissions for a token GetGrantedPermissions(ctx context.Context, tokenType domain.TokenType, tokenID uuid.UUID) ([]*domain.GrantedPermission, error) // GetGrantedPermissionScopes retrieves only the scopes for a token (more efficient) GetGrantedPermissionScopes(ctx context.Context, tokenType domain.TokenType, tokenID uuid.UUID) ([]string, error) // RevokePermission revokes a specific permission from a token RevokePermission(ctx context.Context, grantID uuid.UUID, revokedBy string) error // RevokeAllPermissions revokes all permissions from a token RevokeAllPermissions(ctx context.Context, tokenType domain.TokenType, tokenID uuid.UUID, revokedBy string) error // HasPermission checks if a token has a specific permission HasPermission(ctx context.Context, tokenType domain.TokenType, tokenID uuid.UUID, scope string) (bool, error) // HasAnyPermission checks if a token has any of the specified permissions HasAnyPermission(ctx context.Context, tokenType domain.TokenType, tokenID uuid.UUID, scopes []string) (map[string]bool, error) } // SessionRepository defines the interface for user session data operations type SessionRepository interface { // Create creates a new user session Create(ctx context.Context, session *domain.UserSession) error // GetByID retrieves a session by its ID GetByID(ctx context.Context, sessionID uuid.UUID) (*domain.UserSession, error) // GetByUserID retrieves all sessions for a user GetByUserID(ctx context.Context, userID string) ([]*domain.UserSession, error) // GetByUserAndApp retrieves sessions for a specific user and application GetByUserAndApp(ctx context.Context, userID, appID string) ([]*domain.UserSession, error) // GetActiveByUserID retrieves all active sessions for a user GetActiveByUserID(ctx context.Context, userID string) ([]*domain.UserSession, error) // List retrieves sessions with filtering and pagination List(ctx context.Context, req *domain.SessionListRequest) (*domain.SessionListResponse, error) // Update updates an existing session Update(ctx context.Context, sessionID uuid.UUID, updates *domain.UpdateSessionRequest) error // UpdateActivity updates the last activity timestamp for a session UpdateActivity(ctx context.Context, sessionID uuid.UUID) error // Revoke revokes a session Revoke(ctx context.Context, sessionID uuid.UUID, revokedBy string) error // RevokeAllByUser revokes all sessions for a user RevokeAllByUser(ctx context.Context, userID string, revokedBy string) error // RevokeAllByUserAndApp revokes all sessions for a user and application RevokeAllByUserAndApp(ctx context.Context, userID, appID string, revokedBy string) error // ExpireOldSessions marks expired sessions as expired ExpireOldSessions(ctx context.Context) (int, error) // DeleteExpiredSessions removes expired sessions older than the specified duration DeleteExpiredSessions(ctx context.Context, olderThan time.Duration) (int, error) // Exists checks if a session exists Exists(ctx context.Context, sessionID uuid.UUID) (bool, error) // GetSessionCount returns the total number of sessions for a user GetSessionCount(ctx context.Context, userID string) (int, error) // GetActiveSessionCount returns the number of active sessions for a user GetActiveSessionCount(ctx context.Context, userID string) (int, error) } // DatabaseProvider defines the interface for database operations type DatabaseProvider interface { // GetDB returns the underlying database connection GetDB() interface{} // Ping checks the database connection Ping(ctx context.Context) error // Close closes all database connections Close() error // BeginTx starts a database transaction BeginTx(ctx context.Context) (TransactionProvider, error) } // TransactionProvider defines the interface for database transaction operations type TransactionProvider interface { // Commit commits the transaction Commit() error // Rollback rolls back the transaction Rollback() error // GetTx returns the underlying transaction GetTx() interface{} } // CacheProvider defines the interface for caching operations type CacheProvider interface { // Get retrieves a value from cache Get(ctx context.Context, key string) ([]byte, error) // Set stores a value in cache with expiration Set(ctx context.Context, key string, value []byte, expiration time.Duration) error // Delete removes a value from cache Delete(ctx context.Context, key string) error // Exists checks if a key exists in cache Exists(ctx context.Context, key string) (bool, error) // Flush clears all cache entries Flush(ctx context.Context) error // Close closes the cache connection Close() error } // TokenProvider defines the interface for token operations type TokenProvider interface { // GenerateUserToken generates a JWT token for user authentication GenerateUserToken(ctx context.Context, userToken *domain.UserToken, hmacKey string) (string, error) // ValidateUserToken validates and parses a JWT token ValidateUserToken(ctx context.Context, token string, hmacKey string) (*domain.UserToken, error) // GenerateStaticToken generates a static API key GenerateStaticToken(ctx context.Context) (string, error) // HashStaticToken creates a secure hash of a static token HashStaticToken(ctx context.Context, token string) (string, error) // ValidateStaticToken validates a static token against its hash ValidateStaticToken(ctx context.Context, token, hash string) (bool, error) // RenewUserToken renews a user token while preserving max validity RenewUserToken(ctx context.Context, currentToken *domain.UserToken, renewalDuration time.Duration, hmacKey string) (string, error) } // HashProvider defines the interface for cryptographic hashing operations type HashProvider interface { // Hash creates a secure hash of the input Hash(ctx context.Context, input string) (string, error) // Compare compares an input against a hash Compare(ctx context.Context, input, hash string) (bool, error) // GenerateKey generates a secure random key GenerateKey(ctx context.Context, length int) (string, error) } // LoggerProvider defines the interface for logging operations type LoggerProvider interface { // Info logs an info level message Info(ctx context.Context, msg string, fields ...interface{}) // Warn logs a warning level message Warn(ctx context.Context, msg string, fields ...interface{}) // Error logs an error level message Error(ctx context.Context, msg string, err error, fields ...interface{}) // Debug logs a debug level message Debug(ctx context.Context, msg string, fields ...interface{}) // With returns a logger with additional fields With(fields ...interface{}) LoggerProvider } // ConfigProvider defines the interface for configuration operations type ConfigProvider interface { // GetString retrieves a string configuration value GetString(key string) string // GetInt retrieves an integer configuration value GetInt(key string) int // GetBool retrieves a boolean configuration value GetBool(key string) bool // GetDuration retrieves a duration configuration value GetDuration(key string) time.Duration // GetStringSlice retrieves a string slice configuration value GetStringSlice(key string) []string // IsSet checks if a configuration key is set IsSet(key string) bool // Validate validates all required configuration values Validate() error } // AuthenticationProvider defines the interface for user authentication type AuthenticationProvider interface { // GetUserID extracts the user ID from the request context/headers GetUserID(ctx context.Context) (string, error) // ValidateUser validates if the user is authentic ValidateUser(ctx context.Context, userID string) error // GetUserClaims retrieves additional user information/claims GetUserClaims(ctx context.Context, userID string) (map[string]string, error) // Name returns the provider name for identification Name() string } // RateLimitProvider defines the interface for rate limiting operations type RateLimitProvider interface { // Allow checks if a request should be allowed for the given identifier Allow(ctx context.Context, identifier string) (bool, error) // Remaining returns the number of remaining requests for the identifier Remaining(ctx context.Context, identifier string) (int, error) // Reset returns when the rate limit will reset for the identifier Reset(ctx context.Context, identifier string) (time.Time, error) } // MetricsProvider defines the interface for metrics collection type MetricsProvider interface { // IncrementCounter increments a counter metric IncrementCounter(ctx context.Context, name string, labels map[string]string) // RecordHistogram records a value in a histogram RecordHistogram(ctx context.Context, name string, value float64, labels map[string]string) // SetGauge sets a gauge metric value SetGauge(ctx context.Context, name string, value float64, labels map[string]string) // RecordDuration records the duration of an operation RecordDuration(ctx context.Context, name string, duration time.Duration, labels map[string]string) } // AuditRepository defines the interface for audit event storage operations type AuditRepository interface { // Create stores a new audit event Create(ctx context.Context, event *audit.AuditEvent) error // Query retrieves audit events based on filter criteria Query(ctx context.Context, filter *audit.AuditFilter) ([]*audit.AuditEvent, error) // GetStats returns aggregated statistics for audit events GetStats(ctx context.Context, filter *audit.AuditStatsFilter) (*audit.AuditStats, error) // DeleteOldEvents removes audit events older than the specified time DeleteOldEvents(ctx context.Context, olderThan time.Time) (int, error) // GetByID retrieves a specific audit event by its ID GetByID(ctx context.Context, eventID uuid.UUID) (*audit.AuditEvent, error) // GetByRequestID retrieves all audit events for a specific request GetByRequestID(ctx context.Context, requestID string) ([]*audit.AuditEvent, error) // GetBySession retrieves all audit events for a specific session GetBySession(ctx context.Context, sessionID string) ([]*audit.AuditEvent, error) // GetByActor retrieves audit events for a specific actor GetByActor(ctx context.Context, actorID string, limit, offset int) ([]*audit.AuditEvent, error) // GetByResource retrieves audit events for a specific resource GetByResource(ctx context.Context, resourceType, resourceID string, limit, offset int) ([]*audit.AuditEvent, error) }