Documentation ¶
Index ¶
- Variables
- func CanSendWithRateLimit(emailTemplateID string, userProfileUUID uuid.UUID, rateLimit *time.Duration, ...) (bool, error)
- func CreateRequestToJoinTeam(txn *sql.Tx, teamUUID uuid.UUID, email string, fingerprint fpr.Fingerprint, ...) (*uuid.UUID, error)
- func CreateSecret(recipientFingerprint fpr.Fingerprint, armoredEncryptedSecret string, ...) (*uuid.UUID, error)
- func CreateVerification(txn *sql.Tx, email string, fp fpr.Fingerprint, userAgent string, ...) (*uuid.UUID, error)
- func DeletePublicKey(fingerprint fpr.Fingerprint) (found bool, err error)
- func DeleteRequestToJoinTeam(txn *sql.Tx, requestUUID uuid.UUID) (found bool, err error)
- func DeleteSecret(secretUUID uuid.UUID, recipientFingerprint fpr.Fingerprint) (found bool, err error)
- func DeleteTeam(txn *sql.Tx, teamUUID uuid.UUID) (found bool, err error)
- func DropAllTheTables() error
- func GetArmoredPublicKeyForEmail(txn *sql.Tx, email string) (armoredPublicKey string, found bool, err error)
- func GetArmoredPublicKeyForFingerprint(fingerprint fpr.Fingerprint) (armoredPublicKey string, found bool, err error)
- func GetSecrets(recipientFingerprint fpr.Fingerprint) ([]*secret, error)
- func GetTimeLastSent(txn *sql.Tx, emailTemplateID string, userProfileUUID uuid.UUID) (*time.Time, error)
- func HasActiveVerificationForEmail(txn *sql.Tx, email string) (bool, error)
- func Initialize(databaseURL string) error
- func LinkEmailToFingerprint(txn *sql.Tx, email string, fingerprint fpr.Fingerprint, ...) error
- func ListExpiredKeys() (expiredKeys []expiredKey, err error)
- func ListKeysExpiring() (keys []keyExpiring, err error)
- func MarkVerificationAsVerified(txn *sql.Tx, secretUUID uuid.UUID, userAgent string, ipAddress string) error
- func Migrate() error
- func MustReadDatabaseURL() string
- func Ping() error
- func QueryEmailVerifiedForFingerprint(txn *sql.Tx, email string, fingerprint fpr.Fingerprint) (bool, error)
- func RecordSentEmail(txn *sql.Tx, emailTemplateID string, userProfileUUID uuid.UUID, now time.Time) error
- func RunInTransaction(fn func(txn *sql.Tx) error) error
- func StoreSingleUseNumber(txn *sql.Tx, singleUseUUID uuid.UUID, now time.Time) error
- func TeamExists(txn *sql.Tx, teamUUID uuid.UUID) (bool, error)
- func UpsertPublicKey(txn *sql.Tx, armoredPublicKey string) error
- func UpsertTeam(txn *sql.Tx, team Team) error
- func VerifySingleUseNumberNotStored(singleUseUUID uuid.UUID) error
- type EmailVerification
- type RequestToJoinTeam
- type Team
- type UserProfile
Constants ¶
This section is empty.
Variables ¶
var ErrNotFound = fmt.Errorf("not found")
ErrNotFound indicates that the requested item wasn't found in the database (but the query was successful)
Functions ¶
func CanSendWithRateLimit ¶
func CanSendWithRateLimit( emailTemplateID string, userProfileUUID uuid.UUID, rateLimit *time.Duration, now time.Time, ) (bool, error)
CanSendWithRateLimit looks up the last time we sent a given (user profile + email template) combination in the database, and returns whether we're past the given rateLimit duration.
For example, if we want to ensure we don't send `template_1` to `profile_1` more than once per hour, we could use it like this:
> canSendWithRateLimit(profile_1, template_1, time.Duration(1) * time.Hour)
note that a rateLimit of `nil` means *unlimited* and will always return true. *use with care!*
for emails intended to be sent only once (e.g. onboarding emails), consider using 1 year. this way, we avoid completely stale information, and the person will get an (infrequent) reminder that we still hold their information, giving them an opportunity to ask us to delete it.
func CreateRequestToJoinTeam ¶
func CreateRequestToJoinTeam( txn *sql.Tx, teamUUID uuid.UUID, email string, fingerprint fpr.Fingerprint, now time.Time) (*uuid.UUID, error)
CreateRequestToJoinTeam creates a new request to add the given email and key fingerprint to the team. It's only allowed to have a single request per {team, email} pair. Attempts to create a second request for the same {team, email} but *different* fingerprint will fail.
func CreateSecret ¶
func CreateSecret(recipientFingerprint fpr.Fingerprint, armoredEncryptedSecret string, now time.Time) (*uuid.UUID, error)
CreateSecret stores the armoredEncryptedSecret (which must be encrypted to the given `recipientFingerprint`) against the recipient public key.
func CreateVerification ¶
func CreateVerification( txn *sql.Tx, email string, fp fpr.Fingerprint, userAgent string, ipAddress string, now time.Time, ) (*uuid.UUID, error)
CreateVerification creates an email_verification for the given email address. `email` is the exact (not canonicalized) email address we're going to send the email to `fingerprint` is the fingerprint of the public key to link this email to `userAgent` is from the upsert request (probably Fluidkeys) `ipAddress` is the IP of the client that made the upsert request
func DeletePublicKey ¶
func DeletePublicKey(fingerprint fpr.Fingerprint) (found bool, err error)
DeletePublicKey deletes a key by its fingerprint, returning found=true if a matching key was found and deleted. Note that any linked emails and stored secrets will also be deleted. If there was no matching key (e.g. it was already deleted), found is false and error is nil. An error is returned only if something failed e.g. a database error.
func DeleteRequestToJoinTeam ¶
DeleteRequestToJoinTeam deletes the given request to join team (by UUID)
func DeleteSecret ¶
func DeleteSecret(secretUUID uuid.UUID, recipientFingerprint fpr.Fingerprint) (found bool, err error)
DeleteSecret deletes the given secret (by UUID) if the recipientFingerprint matches the secret, or returns an error if not.
func DeleteTeam ¶
DeleteTeam deletes the team with the given UUID and returns true if it was deleted, or false if the team was not found.
func DropAllTheTables ¶
func DropAllTheTables() error
DropAllTheTables drops all the tables in the database. It's intendeded only for use in development, so before doing anything it checks that the current database is called `fkapi_test` or `travis`
func GetArmoredPublicKeyForEmail ¶
func GetArmoredPublicKeyForEmail(txn *sql.Tx, email string) ( armoredPublicKey string, found bool, err error)
GetArmoredPublicKeyForEmail returns an ASCII-armored public key for the given email, if the email address has been verified.
func GetArmoredPublicKeyForFingerprint ¶
func GetArmoredPublicKeyForFingerprint(fingerprint fpr.Fingerprint) (armoredPublicKey string, found bool, err error)
GetArmoredPublicKeyForFingerprint returns an ASCII-armored public key for the given fingerprint, regardless of whether the email addresses in the key have been verified.
func GetSecrets ¶
func GetSecrets(recipientFingerprint fpr.Fingerprint) ([]*secret, error)
GetSecrets returns a slice of secrets for the given public key fingerprint
func GetTimeLastSent ¶
func GetTimeLastSent(txn *sql.Tx, emailTemplateID string, userProfileUUID uuid.UUID) ( *time.Time, error)
GetTimeLastSent returns the most recent the given email type was sent to the given key, or nil if there's no record of it being sent
func HasActiveVerificationForEmail ¶
HasActiveVerificationForEmail returns whether we recently sent a verification email to the given email address, and if that verification is still valid, e.g. not expired
func Initialize ¶
Initialize initialises a postgres database from the given databaseURL
func LinkEmailToFingerprint ¶
func LinkEmailToFingerprint( txn *sql.Tx, email string, fingerprint fpr.Fingerprint, verificationUUID *uuid.UUID) error
LinkEmailToFingerprint records that the given public key should be returned when queried for the given email address. If there is no public key in the database matching the fingerprint, an error will be returned.
func ListExpiredKeys ¶
func ListExpiredKeys() (expiredKeys []expiredKey, err error)
ListExpiredKeys returns all PGP keys that have expired. It populates VerifiedEmail with any email on the key that's verified, preferably the "primary" UID but falling back to any verified email.
func ListKeysExpiring ¶
func ListKeysExpiring() (keys []keyExpiring, err error)
ListKeysExpiring lists keys expiring in the next 15 days
func MarkVerificationAsVerified ¶
func MarkVerificationAsVerified(txn *sql.Tx, secretUUID uuid.UUID, userAgent string, ipAddress string) error
MarkVerificationAsVerified sets the user agent and IP address from the verifying HTTP request. Typically this is a browser from someone opening a link in their email.
func Migrate ¶
func Migrate() error
Migrate runs all the database migration queries (create table etc)
func MustReadDatabaseURL ¶
func MustReadDatabaseURL() string
MustReadDatabaseURL returns the value of DATABASE_URL from the environment or panics if it wasn't found
func QueryEmailVerifiedForFingerprint ¶
func QueryEmailVerifiedForFingerprint(txn *sql.Tx, email string, fingerprint fpr.Fingerprint) (bool, error)
QueryEmailVerifiedForFingerprint returns true if the given email is verified for the given fingerprint.
func RecordSentEmail ¶
func RecordSentEmail(txn *sql.Tx, emailTemplateID string, userProfileUUID uuid.UUID, now time.Time) error
RecordSentEmail records that the given email type was sent to the given key
func RunInTransaction ¶
RunInTransaction begins a new transaction and calls the given `fn` function with the transaction. If fn returns an error, the transaction will be rolled back and the samme error will be returned by RunInTransaction If fn returns error=nil, the transaction will be committed (although that can fail, in which case an err is returned)
func StoreSingleUseNumber ¶
StoreSingleUseNumber saves the given singleUseUUID to the database with the given now time. txn is a database transaction, or nil to run outside of a transaction
func TeamExists ¶
TeamExists returns true if the team with the given UUID already exists in the database
func UpsertPublicKey ¶
UpsertPublicKey either inserts or updates a public key based on the fingerprint. For updates, any foreign key relationships are maintained. txn is a database transaction, or nil to run outside of a transaction
func UpsertTeam ¶
UpsertTeam creates a team in the database. If a team already exists with team.UUID it updates the team.
func VerifySingleUseNumberNotStored ¶
VerifySingleUseNumberNotStored returns an error if the given singleUseUUID already exists in the database
Types ¶
type EmailVerification ¶
type EmailVerification struct { UUID *uuid.UUID EmailSentTo string KeyFingerprint fingerprint.Fingerprint }
EmailVerification represents the data in the email_verifications database table
func GetVerification ¶
GetVerification returns the email and fingerprint of a currently-active email_verification for the given secret UUID token.
type RequestToJoinTeam ¶
type RequestToJoinTeam struct { UUID uuid.UUID CreatedAt time.Time Email string Fingerprint fpr.Fingerprint }
RequestToJoinTeam represents a request to join a team in the database.
func GetRequestToJoinTeam ¶
func GetRequestToJoinTeam(txn *sql.Tx, teamUUID uuid.UUID, email string) ( *RequestToJoinTeam, error)
GetRequestToJoinTeam searches for an existing request for the given team UUID and email address combination.
func GetRequestsToJoinTeam ¶
GetRequestsToJoinTeam returns a slice of RequestToJoinTeams.