No One Can Stop Me Now

services/setec-manager/internal/db/users.go

@@ -0,0 +1,124 @@
+package db
+
+import (
+	"database/sql"
+	"time"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+type ManagerUser struct {
+	ID           int64      `json:"id"`
+	Username     string     `json:"username"`
+	PasswordHash string     `json:"-"`
+	Role         string     `json:"role"`
+	ForceChange  bool       `json:"force_change"`
+	LastLogin    *time.Time `json:"last_login"`
+	CreatedAt    time.Time  `json:"created_at"`
+}
+
+func (d *DB) ListManagerUsers() ([]ManagerUser, error) {
+	rows, err := d.conn.Query(`SELECT id, username, password_hash, role, force_change,
+		last_login, created_at FROM manager_users ORDER BY username`)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	var users []ManagerUser
+	for rows.Next() {
+		var u ManagerUser
+		if err := rows.Scan(&u.ID, &u.Username, &u.PasswordHash, &u.Role,
+			&u.ForceChange, &u.LastLogin, &u.CreatedAt); err != nil {
+			return nil, err
+		}
+		users = append(users, u)
+	}
+	return users, rows.Err()
+}
+
+func (d *DB) GetManagerUser(username string) (*ManagerUser, error) {
+	var u ManagerUser
+	err := d.conn.QueryRow(`SELECT id, username, password_hash, role, force_change,
+		last_login, created_at FROM manager_users WHERE username = ?`, username).
+		Scan(&u.ID, &u.Username, &u.PasswordHash, &u.Role,
+			&u.ForceChange, &u.LastLogin, &u.CreatedAt)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	return &u, err
+}
+
+func (d *DB) GetManagerUserByID(id int64) (*ManagerUser, error) {
+	var u ManagerUser
+	err := d.conn.QueryRow(`SELECT id, username, password_hash, role, force_change,
+		last_login, created_at FROM manager_users WHERE id = ?`, id).
+		Scan(&u.ID, &u.Username, &u.PasswordHash, &u.Role,
+			&u.ForceChange, &u.LastLogin, &u.CreatedAt)
+	if err == sql.ErrNoRows {
+		return nil, nil
+	}
+	return &u, err
+}
+
+func (d *DB) CreateManagerUser(username, password, role string) (int64, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return 0, err
+	}
+
+	result, err := d.conn.Exec(`INSERT INTO manager_users (username, password_hash, role)
+		VALUES (?, ?, ?)`, username, string(hash), role)
+	if err != nil {
+		return 0, err
+	}
+	return result.LastInsertId()
+}
+
+func (d *DB) UpdateManagerUserPassword(id int64, password string) error {
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	if err != nil {
+		return err
+	}
+	_, err = d.conn.Exec(`UPDATE manager_users SET password_hash=?, force_change=FALSE WHERE id=?`,
+		string(hash), id)
+	return err
+}
+
+func (d *DB) UpdateManagerUserRole(id int64, role string) error {
+	_, err := d.conn.Exec(`UPDATE manager_users SET role=? WHERE id=?`, role, id)
+	return err
+}
+
+func (d *DB) DeleteManagerUser(id int64) error {
+	_, err := d.conn.Exec(`DELETE FROM manager_users WHERE id=?`, id)
+	return err
+}
+
+func (d *DB) UpdateLoginTimestamp(id int64) error {
+	_, err := d.conn.Exec(`UPDATE manager_users SET last_login=CURRENT_TIMESTAMP WHERE id=?`, id)
+	return err
+}
+
+func (d *DB) ManagerUserCount() (int, error) {
+	var count int
+	err := d.conn.QueryRow(`SELECT COUNT(*) FROM manager_users`).Scan(&count)
+	return count, err
+}
+
+func (d *DB) AuthenticateUser(username, password string) (*ManagerUser, error) {
+	u, err := d.GetManagerUser(username)
+	if err != nil {
+		return nil, err
+	}
+	if u == nil {
+		return nil, nil
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(u.PasswordHash), []byte(password)); err != nil {
+		return nil, nil
+	}
+
+	d.UpdateLoginTimestamp(u.ID)
+	return u, nil
+}