authkit/store_users.go

package authkit

import (
	"context"
	"database/sql"
	"errors"
	"strings"
	"time"

	"git.juancwu.dev/juancwu/errx"
	"github.com/google/uuid"
)

func (a *Auth) storeCreateUser(ctx context.Context, u *User) error {
	const op = "authkit.storeCreateUser"
	if u.ID == uuid.Nil {
		u.ID = uuid.New()
	}
	if u.EmailNormalized == "" {
		u.EmailNormalized = strings.ToLower(strings.TrimSpace(u.Email))
	}
	now := a.now()
	if u.CreatedAt.IsZero() {
		u.CreatedAt = now
	}
	if u.UpdatedAt.IsZero() {
		u.UpdatedAt = now
	}
	_, err := a.db.ExecContext(ctx, a.q.createUser,
		uuidArg(u.ID), u.Email, u.EmailNormalized, nullableTime(u.EmailVerifiedAt),
		nullableString(u.PasswordHash), u.SessionVersion,
		nullableTime(u.LastLoginAt), u.CreatedAt, u.UpdatedAt)
	if err != nil {
		if isUniqueViolation(err) {
			return errx.Wrap(op, ErrEmailTaken)
		}
		return errx.Wrap(op, err)
	}
	return nil
}

func (a *Auth) storeGetUserByID(ctx context.Context, id uuid.UUID) (*User, error) {
	const op = "authkit.storeGetUserByID"
	u, err := scanUser(a.db.QueryRowContext(ctx, a.q.getUserByID, uuidArg(id)))
	if err != nil {
		return nil, errx.Wrap(op, mapNotFound(err, ErrUserNotFound))
	}
	return u, nil
}

func (a *Auth) storeGetUserByEmail(ctx context.Context, normalizedEmail string) (*User, error) {
	const op = "authkit.storeGetUserByEmail"
	u, err := scanUser(a.db.QueryRowContext(ctx, a.q.getUserByEmail, normalizedEmail))
	if err != nil {
		return nil, errx.Wrap(op, mapNotFound(err, ErrUserNotFound))
	}
	return u, nil
}

func (a *Auth) storeUpdateUser(ctx context.Context, u *User) error {
	const op = "authkit.storeUpdateUser"
	u.UpdatedAt = a.now()
	tag, err := a.db.ExecContext(ctx, a.q.updateUser,
		u.Email, u.EmailNormalized, nullableTime(u.EmailVerifiedAt),
		nullableString(u.PasswordHash), u.SessionVersion,
		nullableTime(u.LastLoginAt), u.UpdatedAt, uuidArg(u.ID))
	if err != nil {
		return errx.Wrap(op, err)
	}
	n, _ := tag.RowsAffected()
	if n == 0 {
		return errx.Wrap(op, ErrUserNotFound)
	}
	return nil
}

func (a *Auth) storeDeleteUser(ctx context.Context, id uuid.UUID) error {
	const op = "authkit.storeDeleteUser"
	tag, err := a.db.ExecContext(ctx, a.q.deleteUser, uuidArg(id))
	if err != nil {
		return errx.Wrap(op, err)
	}
	n, _ := tag.RowsAffected()
	if n == 0 {
		return errx.Wrap(op, ErrUserNotFound)
	}
	return nil
}

func (a *Auth) storeSetPassword(ctx context.Context, userID uuid.UUID, encodedHash string) error {
	const op = "authkit.storeSetPassword"
	tag, err := a.db.ExecContext(ctx, a.q.setPassword,
		nullableString(encodedHash), a.now(), uuidArg(userID))
	if err != nil {
		return errx.Wrap(op, err)
	}
	n, _ := tag.RowsAffected()
	if n == 0 {
		return errx.Wrap(op, ErrUserNotFound)
	}
	return nil
}

func (a *Auth) storeSetEmailVerified(ctx context.Context, userID uuid.UUID, at time.Time) error {
	const op = "authkit.storeSetEmailVerified"
	tag, err := a.db.ExecContext(ctx, a.q.setEmailVerified, at, a.now(), uuidArg(userID))
	if err != nil {
		return errx.Wrap(op, err)
	}
	n, _ := tag.RowsAffected()
	if n == 0 {
		return errx.Wrap(op, ErrUserNotFound)
	}
	return nil
}

func (a *Auth) storeBumpSessionVersion(ctx context.Context, userID uuid.UUID) (int, error) {
	const op = "authkit.storeBumpSessionVersion"
	var v int
	if err := a.db.QueryRowContext(ctx, a.q.bumpSessionVersion,
		a.now(), uuidArg(userID)).Scan(&v); err != nil {
		return 0, errx.Wrap(op, mapNotFound(err, ErrUserNotFound))
	}
	return v, nil
}

func scanUser(row rowScanner) (*User, error) {
	var (
		u             User
		idStr         string
		passwordHash  sql.NullString
		emailVerified sql.NullTime
		lastLogin     sql.NullTime
	)
	if err := row.Scan(&idStr, &u.Email, &u.EmailNormalized, &emailVerified,
		&passwordHash, &u.SessionVersion, &lastLogin,
		&u.CreatedAt, &u.UpdatedAt); err != nil {
		return nil, err
	}
	id, err := scanUUID(idStr)
	if err != nil {
		return nil, err
	}
	u.ID = id
	u.PasswordHash = scanNullString(passwordHash)
	u.EmailVerifiedAt = scanNullTimePtr(emailVerified)
	u.LastLoginAt = scanNullTimePtr(lastLogin)
	return &u, nil
}

// mapNotFound translates sql.ErrNoRows into the supplied authkit sentinel so
// callers get reliable errors.Is targets through errx wrapping.
func mapNotFound(err error, sentinel error) error {
	if errors.Is(err, sql.ErrNoRows) {
		return sentinel
	}
	return err
}