torfstack
diff --git a/‎.github/workflows/pr.yaml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/pr.yaml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎backend/convert/fromdb/fromdb.go‎
Lines changed: 35 additions & 10 deletions b/‎backend/convert/fromdb/fromdb.go‎
Lines changed: 35 additions & 10 deletions
diff --git a/‎backend/convert/todb/todb.go‎
Lines changed: 27 additions & 2 deletions b/‎backend/convert/todb/todb.go‎
Lines changed: 27 additions & 2 deletions
diff --git a/‎backend/db/interfaces.go‎
Lines changed: 13 additions & 5 deletions b/‎backend/db/interfaces.go‎
Lines changed: 13 additions & 5 deletions
@@ -11,7 +11,7 @@ concurrency:
 
 jobs:
   tests:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
@@ -20,7 +20,7 @@ jobs:
       - name: setup golang
         uses: actions/setup-go@v5
         with:
-          go-version: '^1.24.4'
+          go-version: '^1.25.1'
       - name: Set up gotestfmt
         uses: gotesttools/gotestfmt-action@v2
         with:
@@ -37,7 +37,7 @@ jobs:
           path: /tmp/gotest.log
           if-no-files-found: error
   linter:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     permissions:
       contents: read
     steps:
@@ -46,7 +46,7 @@ jobs:
       - name: setup golang
         uses: actions/setup-go@v5
         with:
-          go-version: '^1.24.4'
+          go-version: '^1.25.1'
       - name: run linter
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v8
 
@@ -11,7 +11,7 @@ COPY frontend .
 RUN ["npm", "run", "build"]
 RUN ["npm", "prune", "--production"]
 
-FROM golang:1.24.4 AS builder
+FROM golang:1.25.1 AS builder
 
 WORKDIR /opt/synod
 
 
@@ -7,8 +7,8 @@ import (
 	sqlc "github.com/torfstack/synod/sql/gen"
 )
 
-func Secret(in sqlc.Secret) models.Secret {
-	return models.Secret{
+func Secret(in sqlc.Secret) models.EncryptedSecret {
+	return models.EncryptedSecret{
 		ID:    &in.ID,
 		Value: string(in.Value),
 		Key:   in.Key,
@@ -17,20 +17,45 @@ func Secret(in sqlc.Secret) models.Secret {
 	}
 }
 
-func Secrets(in []sqlc.Secret) models.Secrets {
-	out := make([]models.Secret, len(in))
+func Secrets(in []sqlc.Secret) []models.EncryptedSecret {
+	out := make([]models.EncryptedSecret, len(in))
 	for i, s := range in {
 		out[i] = Secret(s)
 	}
 	return out
 }
 
-func User(in sqlc.User) models.User {
-	return models.User{
-		ID:       &in.ID,
-		Subject:  in.Subject,
-		Email:    in.Email,
-		FullName: in.FullName,
+func User(in sqlc.User) models.ExistingUser {
+	return models.ExistingUser{
+		ID: in.ID,
+		User: models.User{
+			Subject:  in.Subject,
+			Email:    in.Email,
+			FullName: in.FullName,
+		},
+	}
+}
+
+func KeyPair(in sqlc.Key) models.UserKeyPair {
+	userKeyPair := models.UserKeyPair{
+		ID:      &in.ID,
+		Type:    models.KeyType(in.Type),
+		UserID:  in.UserID,
+		Public:  in.Public,
+		Private: in.Private,
+	}
+	if in.PasswordID.Valid {
+		userKeyPair.PasswordID = &in.PasswordID.Int64
+	}
+	return userKeyPair
+}
+
+func HashedPassword(in sqlc.Password) models.HashedPassword {
+	return models.HashedPassword{
+		ID:         &in.ID,
+		Hash:       in.Hash,
+		Salt:       in.Salt,
+		Iterations: in.Iterations,
 	}
 }
 
 
@@ -1,6 +1,7 @@
 package todb
 
 import (
+	"github.com/jackc/pgx/v5/pgtype"
 	"github.com/torfstack/synod/backend/models"
 	sqlc "github.com/torfstack/synod/sql/gen"
 )
@@ -15,7 +16,7 @@ func Secret(in models.Secret) sqlc.Secret {
 	}
 }
 
-func InsertSecretParams(in models.Secret, userID int64) sqlc.InsertSecretParams {
+func InsertSecretParams(in models.EncryptedSecret, userID int64) sqlc.InsertSecretParams {
 	return sqlc.InsertSecretParams{
 		Value:  []byte(in.Value),
 		Key:    in.Key,
@@ -25,7 +26,7 @@ func InsertSecretParams(in models.Secret, userID int64) sqlc.InsertSecretParams
 	}
 }
 
-func UpdateSecretParams(in models.Secret, userID int64) sqlc.UpdateSecretParams {
+func UpdateSecretParams(in models.EncryptedSecret, userID int64) sqlc.UpdateSecretParams {
 	return sqlc.UpdateSecretParams{
 		ID:     *in.ID,
 		Value:  []byte(in.Value),
@@ -44,6 +45,30 @@ func InsertUserParams(in models.User) sqlc.InsertUserParams {
 	}
 }
 
+func InsertKeysParams(in models.UserKeyPair) sqlc.InsertKeysParams {
+	params := sqlc.InsertKeysParams{
+		UserID:  in.UserID,
+		Type:    int32(in.Type),
+		Public:  in.Public,
+		Private: in.Private,
+	}
+	if in.PasswordID != nil {
+		params.PasswordID = pgtype.Int8{
+			Int64: *in.PasswordID,
+			Valid: true,
+		}
+	}
+	return params
+}
+
+func InsertPasswordParams(in models.HashedPassword) sqlc.InsertPasswordParams {
+	return sqlc.InsertPasswordParams{
+		Hash:       in.Hash,
+		Salt:       in.Salt,
+		Iterations: in.Iterations,
+	}
+}
+
 func tagsString(tags []string) string {
 	if len(tags) == 0 {
 		return ""
 
@@ -7,13 +7,21 @@ import (
 )
 
 type Database interface {
-	WithTx(ctx context.Context) (Database, Transaction)
+	WithTx(ctx context.Context, withTx func(Database) error) error
 
 	DoesUserExist(ctx context.Context, username string) (bool, error)
-	InsertUser(ctx context.Context, params models.User) error
-	SelectUserByName(ctx context.Context, username string) (models.User, error)
-	UpsertSecret(ctx context.Context, secret models.Secret, userID int64) error
-	SelectSecrets(ctx context.Context, userID int64) ([]models.Secret, error)
+	InsertUser(ctx context.Context, user models.User) (models.ExistingUser, error)
+	SelectUserByName(ctx context.Context, username string) (models.ExistingUser, error)
+
+	UpsertSecret(ctx context.Context, secret models.EncryptedSecret, userID int64) (models.EncryptedSecret, error)
+	SelectSecrets(ctx context.Context, userID int64) ([]models.EncryptedSecret, error)
+
+	InsertKeys(ctx context.Context, pair models.UserKeyPair) (models.UserKeyPair, error)
+	SelectKeys(ctx context.Context, userID int64) (models.UserKeyPair, error)
+	HasKeys(ctx context.Context, userID int64) (bool, error)
+
+	InsertPassword(ctx context.Context, password models.HashedPassword) (models.HashedPassword, error)
+	SelectPassword(ctx context.Context, passwordID int64) (models.HashedPassword, error)
 }
 
 type Transaction interface {