feat: add user role support to database and queries;

fix: add max length validation for refresh token in RefreshRequest; refactor: use named constants for cache durations in AuthService; refactor: select all user columns in GetValidUserByLoginCredentials query;
2025-07-17 04:31:25 +03:00
parent b986d45d82
commit 249bbe4a98
6 changed files with 59 additions and 35 deletions
--- a/backend/internal/database/query.sql.go
+++ b/backend/internal/database/query.sql.go
@@ -236,7 +236,7 @@ func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (S

 const createUser = `-- name: CreateUser :one
 INSERT INTO users(username, verified)
-VALUES ($1, false) RETURNING id, username, verified, registration_date, deleted
+VALUES ($1, false) RETURNING id, username, verified, registration_date, role, deleted
 `

 func (q *Queries) CreateUser(ctx context.Context, username string) (User, error) {
@@ -247,6 +247,7 @@ func (q *Queries) CreateUser(ctx context.Context, username string) (User, error)
 		&i.Username,
 		&i.Verified,
 		&i.RegistrationDate,
+		&i.Role,
 		&i.Deleted,
 	)
 	return i, err
@@ -264,7 +265,7 @@ WITH deleted_rows AS (
         AND linfo.email = $2::text
     ))
    AND verified IS FALSE
-  RETURNING id, username, verified, registration_date, deleted
+  RETURNING id, username, verified, registration_date, role, deleted
 )
 SELECT COUNT(*) AS deleted_count FROM deleted_rows
 `
@@ -543,7 +544,7 @@ func (q *Queries) GetUnexpiredTerminatedSessionsGuidsPaginated(ctx context.Conte
 }

 const getUser = `-- name: GetUser :one
-SELECT id, username, verified, registration_date, deleted FROM users
+SELECT id, username, verified, registration_date, role, deleted FROM users
 WHERE id = $1
 `

@@ -555,6 +556,7 @@ func (q *Queries) GetUser(ctx context.Context, id int64) (User, error) {
 		&i.Username,
 		&i.Verified,
 		&i.RegistrationDate,
+		&i.Role,
 		&i.Deleted,
 	)
 	return i, err
@@ -630,7 +632,7 @@ func (q *Queries) GetUserBansByUsername(ctx context.Context, username string) ([
 }

 const getUserByEmail = `-- name: GetUserByEmail :one
-SELECT users.id, users.username, users.verified, users.registration_date, users.deleted FROM users
+SELECT users.id, users.username, users.verified, users.registration_date, users.role, users.deleted FROM users
 JOIN login_informations linfo ON linfo.user_id = users.id
 WHERE linfo.email = $1::text
 `
@@ -643,13 +645,14 @@ func (q *Queries) GetUserByEmail(ctx context.Context, email string) (User, error
 		&i.Username,
 		&i.Verified,
 		&i.RegistrationDate,
+		&i.Role,
 		&i.Deleted,
 	)
 	return i, err
 }

 const getUserByUsername = `-- name: GetUserByUsername :one
-SELECT id, username, verified, registration_date, deleted FROM users 
+SELECT id, username, verified, registration_date, role, deleted FROM users 
 WHERE username = $1
 `

@@ -661,6 +664,7 @@ func (q *Queries) GetUserByUsername(ctx context.Context, username string) (User,
 		&i.Username,
 		&i.Verified,
 		&i.RegistrationDate,
+		&i.Role,
 		&i.Deleted,
 	)
 	return i, err
@@ -698,7 +702,7 @@ func (q *Queries) GetValidConfirmationCodeByCode(ctx context.Context, arg GetVal
 }

 const getValidConfirmationCodesByUsername = `-- name: GetValidConfirmationCodesByUsername :many
-SELECT confirmation_codes.id, user_id, code_type, code_hash, expires_at, used, confirmation_codes.deleted, users.id, username, verified, registration_date, users.deleted FROM confirmation_codes
+SELECT confirmation_codes.id, user_id, code_type, code_hash, expires_at, used, confirmation_codes.deleted, users.id, username, verified, registration_date, role, users.deleted FROM confirmation_codes
 JOIN users on users.id = confirmation_codes.user_id
 WHERE 
  users.username = $1::text AND
@@ -724,6 +728,7 @@ type GetValidConfirmationCodesByUsernameRow struct {
 	Username         string
 	Verified         *bool
 	RegistrationDate pgtype.Timestamp
+	Role             int32
 	Deleted_2        *bool
 }

@@ -748,6 +753,7 @@ func (q *Queries) GetValidConfirmationCodesByUsername(ctx context.Context, arg G
 			&i.Username,
 			&i.Verified,
 			&i.RegistrationDate,
+			&i.Role,
 			&i.Deleted_2,
 		); err != nil {
 			return nil, err
@@ -762,8 +768,7 @@ func (q *Queries) GetValidConfirmationCodesByUsername(ctx context.Context, arg G

 const getValidUserByLoginCredentials = `-- name: GetValidUserByLoginCredentials :one
 SELECT
-  users.id,
-  users.username,
+  users.id, users.username, users.verified, users.registration_date, users.role, users.deleted,
  linfo.password_hash,
  linfo.totp_encrypted
 FROM users
@@ -783,10 +788,14 @@ type GetValidUserByLoginCredentialsParams struct {
 }

 type GetValidUserByLoginCredentialsRow struct {
-	ID            int64
-	Username      string
-	PasswordHash  string
-	TotpEncrypted *string
+	ID               int64
+	Username         string
+	Verified         *bool
+	RegistrationDate pgtype.Timestamp
+	Role             int32
+	Deleted          *bool
+	PasswordHash     string
+	TotpEncrypted    *string
 }

 func (q *Queries) GetValidUserByLoginCredentials(ctx context.Context, arg GetValidUserByLoginCredentialsParams) (GetValidUserByLoginCredentialsRow, error) {
@@ -795,6 +804,10 @@ func (q *Queries) GetValidUserByLoginCredentials(ctx context.Context, arg GetVal
 	err := row.Scan(
 		&i.ID,
 		&i.Username,
+		&i.Verified,
+		&i.RegistrationDate,
+		&i.Role,
+		&i.Deleted,
 		&i.PasswordHash,
 		&i.TotpEncrypted,
 	)