feat(communities): update model and repository for V2.0 password encryption

A community based topic aggregation platform built on atproto

Update Community model and PostgreSQL repository to use encrypted passwords
instead of bcrypt hashes, supporting session recovery when tokens expire.

Changes:
- Community model: PDSPasswordHash → PDSPassword (stores encrypted data)
- Repository: Update queries to encrypt/decrypt passwords using pgp_sym_encrypt
- Add CASE statements for safe NULL handling in encryption/decryption
- Remove unused key fields (PDS manages all keys in V2.0)

Database operations:
- CREATE: Encrypts password before storage
- GetByDID: Decrypts password for service layer use
- Maintains backward compatibility with NULL password values

Security: Encrypted passwords allow session recovery while maintaining
data-at-rest encryption via PostgreSQL's pgcrypto.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev 5 months ago 4a4389e0 c7a6626f

+42 -20

2 changed files

expand all

internal

core

communities

community.go

postgres

community_repo.go

+9 -7

internal/core/communities/community.go

··· 9 9 type Community struct { 10 10 CreatedAt time.Time `json:"createdAt" db:"created_at"` 11 11 UpdatedAt time.Time `json:"updatedAt" db:"updated_at"` 12 - PDSAccessToken string `json:"-" db:"pds_access_token"` 13 - FederatedID string `json:"federatedId,omitempty" db:"federated_id"` 12 + RecordURI string `json:"recordUri,omitempty" db:"record_uri"` 13 + FederatedFrom string `json:"federatedFrom,omitempty" db:"federated_from"` 14 14 DisplayName string `json:"displayName" db:"display_name"` 15 15 Description string `json:"description" db:"description"` 16 16 PDSURL string `json:"-" db:"pds_url"` ··· 20 20 CreatedByDID string `json:"createdByDid" db:"created_by_did"` 21 21 HostedByDID string `json:"hostedByDid" db:"hosted_by_did"` 22 22 PDSEmail string `json:"-" db:"pds_email"` 23 - PDSPasswordHash string `json:"-" db:"pds_password_hash"` 23 + PDSPassword string `json:"-" db:"pds_password_encrypted"` 24 24 Name string `json:"name" db:"name"` 25 25 RecordCID string `json:"recordCid,omitempty" db:"record_cid"` 26 - RecordURI string `json:"recordUri,omitempty" db:"record_uri"` 27 - Visibility string `json:"visibility" db:"visibility"` 28 - DID string `json:"did" db:"did"` 26 + FederatedID string `json:"federatedId,omitempty" db:"federated_id"` 27 + PDSAccessToken string `json:"-" db:"pds_access_token"` 28 + SigningKeyPEM string `json:"-" db:"signing_key_encrypted"` 29 29 ModerationType string `json:"moderationType,omitempty" db:"moderation_type"` 30 30 Handle string `json:"handle" db:"handle"` 31 31 PDSRefreshToken string `json:"-" db:"pds_refresh_token"` 32 - FederatedFrom string `json:"federatedFrom,omitempty" db:"federated_from"` 32 + Visibility string `json:"visibility" db:"visibility"` 33 + RotationKeyPEM string `json:"-" db:"rotation_key_encrypted"` 34 + DID string `json:"did" db:"did"` 33 35 ContentWarnings []string `json:"contentWarnings,omitempty" db:"content_warnings"` 34 36 DescriptionFacets []byte `json:"descriptionFacets,omitempty" db:"description_facets"` 35 37 PostCount int `json:"postCount" db:"post_count"`

+33 -13

internal/db/postgres/community_repo.go

··· 26 26 INSERT INTO communities ( 27 27 did, handle, name, display_name, description, description_facets, 28 28 avatar_cid, banner_cid, owner_did, created_by_did, hosted_by_did, 29 - pds_email, pds_password_hash, 29 + pds_email, pds_password_encrypted, 30 30 pds_access_token_encrypted, pds_refresh_token_encrypted, pds_url, 31 31 visibility, allow_external_discovery, moderation_type, content_warnings, 32 32 member_count, subscriber_count, post_count, ··· 34 34 record_uri, record_cid 35 35 ) VALUES ( 36 36 $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, 37 - $12, $13, 37 + $12, 38 + CASE WHEN $13 != '' THEN pgp_sym_encrypt($13, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END, 38 39 CASE WHEN $14 != '' THEN pgp_sym_encrypt($14, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END, 39 40 CASE WHEN $15 != '' THEN pgp_sym_encrypt($15, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END, 40 41 $16, ··· 63 64 community.OwnerDID, 64 65 community.CreatedByDID, 65 66 community.HostedByDID, 66 - // V2: PDS credentials for community account 67 + // V2.0: PDS credentials for community account (encrypted at rest) 67 68 nullString(community.PDSEmail), 68 - nullString(community.PDSPasswordHash), 69 - nullString(community.PDSAccessToken), 70 - nullString(community.PDSRefreshToken), 69 + nullString(community.PDSPassword), // Encrypted by pgp_sym_encrypt 70 + nullString(community.PDSAccessToken), // Encrypted by pgp_sym_encrypt 71 + nullString(community.PDSRefreshToken), // Encrypted by pgp_sym_encrypt 71 72 nullString(community.PDSURL), 73 + // V2.0: No key columns - PDS manages all keys 72 74 community.Visibility, 73 75 community.AllowExternalDiscovery, 74 76 nullString(community.ModerationType), ··· 102 104 // GetByDID retrieves a community by its DID 103 105 // Note: PDS credentials are included (for internal service use only) 104 106 // Handlers MUST use json:"-" tags to prevent credential exposure in APIs 107 + // 108 + // V2.0: Key columns not included - PDS manages all keys 105 109 func (r *postgresCommunityRepo) GetByDID(ctx context.Context, did string) (*communities.Community, error) { 106 110 community := &communities.Community{} 107 111 query := ` 108 112 SELECT id, did, handle, name, display_name, description, description_facets, 109 113 avatar_cid, banner_cid, owner_did, created_by_did, hosted_by_did, 110 - pds_email, pds_password_hash, 111 - COALESCE(pgp_sym_decrypt(pds_access_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)), '') as pds_access_token, 112 - COALESCE(pgp_sym_decrypt(pds_refresh_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)), '') as pds_refresh_token, 114 + pds_email, 115 + CASE 116 + WHEN pds_password_encrypted IS NOT NULL 117 + THEN pgp_sym_decrypt(pds_password_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) 118 + ELSE NULL 119 + END as pds_password, 120 + CASE 121 + WHEN pds_access_token_encrypted IS NOT NULL 122 + THEN pgp_sym_decrypt(pds_access_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) 123 + ELSE NULL 124 + END as pds_access_token, 125 + CASE 126 + WHEN pds_refresh_token_encrypted IS NOT NULL 127 + THEN pgp_sym_decrypt(pds_refresh_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) 128 + ELSE NULL 129 + END as pds_refresh_token, 113 130 pds_url, 114 131 visibility, allow_external_discovery, moderation_type, content_warnings, 115 132 member_count, subscriber_count, post_count, ··· 120 137 121 138 var displayName, description, avatarCID, bannerCID, moderationType sql.NullString 122 139 var federatedFrom, federatedID, recordURI, recordCID sql.NullString 123 - var pdsEmail, pdsPasswordHash, pdsAccessToken, pdsRefreshToken, pdsURL sql.NullString 140 + var pdsEmail, pdsPassword, pdsAccessToken, pdsRefreshToken, pdsURL sql.NullString 124 141 var descFacets []byte 125 142 var contentWarnings []string 126 143 ··· 129 146 &displayName, &description, &descFacets, 130 147 &avatarCID, &bannerCID, 131 148 &community.OwnerDID, &community.CreatedByDID, &community.HostedByDID, 132 - // V2: PDS credentials 133 - &pdsEmail, &pdsPasswordHash, &pdsAccessToken, &pdsRefreshToken, &pdsURL, 149 + // V2.0: PDS credentials (decrypted from pgp_sym_encrypt) 150 + &pdsEmail, &pdsPassword, &pdsAccessToken, &pdsRefreshToken, &pdsURL, 134 151 &community.Visibility, &community.AllowExternalDiscovery, 135 152 &moderationType, pq.Array(&contentWarnings), 136 153 &community.MemberCount, &community.SubscriberCount, &community.PostCount, ··· 152 169 community.AvatarCID = avatarCID.String 153 170 community.BannerCID = bannerCID.String 154 171 community.PDSEmail = pdsEmail.String 155 - community.PDSPasswordHash = pdsPasswordHash.String 172 + community.PDSPassword = pdsPassword.String 156 173 community.PDSAccessToken = pdsAccessToken.String 157 174 community.PDSRefreshToken = pdsRefreshToken.String 158 175 community.PDSURL = pdsURL.String 176 + // V2.0: No key fields - PDS manages all keys 177 + community.RotationKeyPEM = "" // Empty - PDS-managed 178 + community.SigningKeyPEM = "" // Empty - PDS-managed 159 179 community.ModerationType = moderationType.String 160 180 community.ContentWarnings = contentWarnings 161 181 community.FederatedFrom = federatedFrom.String