-- login_requests: pending scan-login (QR) approvals (AUTH.md 2.3, 4). poll_secret -- is stored as its SHA-256 (the new device holds the plaintext); approval_code -- travels in the QR. Short-lived; reaped by DeleteExpiredLoginRequests. -- -- ASCII only: sqlc 1.31.x miscomputes byte offsets on multibyte comments and -- corrupts every generated SQL const in the file. Keep this file pure ASCII. -- name: CreateLoginRequest :exec INSERT INTO login_requests (id, poll_secret, approval_code, status, new_device_name, new_device_type, user_agent, request_ip, created_at, expires_at) VALUES (?, ?, ?, 'pending', ?, ?, ?, ?, ?, ?); -- name: GetLoginRequest :one SELECT id, poll_secret, approval_code, status, new_device_name, new_device_type, user_agent, request_ip, approver_user_id, grant_scope, grant_persist, created_at, expires_at, approved_at FROM login_requests WHERE id = ?; -- ApproveLoginRequest flips pending -> approved and records who approved it plus -- the granted scope/persistence. execrows so the handler can tell whether it -- actually transitioned (0 = already consumed / denied / gone). -- name: ApproveLoginRequest :execrows UPDATE login_requests SET status = 'approved', approver_user_id = ?, grant_scope = ?, grant_persist = ?, approved_at = ? WHERE id = ? AND status = 'pending'; -- name: DenyLoginRequest :execrows UPDATE login_requests SET status = 'denied' WHERE id = ? AND status = 'pending'; -- ConsumeLoginRequest flips approved -> consumed when the new device collects its -- session, making the request single-use. -- name: ConsumeLoginRequest :execrows UPDATE login_requests SET status = 'consumed' WHERE id = ? AND status = 'approved'; -- name: DeleteExpiredLoginRequests :execrows DELETE FROM login_requests WHERE expires_at < ?;