bretton.dev / coves
A community based topic aggregation platform built on atproto
fork atom

feat(communities): update model and repository for V2.0 password encryption

Update Community model and PostgreSQL repository to use encrypted passwords
instead of bcrypt hashes, supporting session recovery when tokens expire.

Changes:
- Community model: PDSPasswordHash → PDSPassword (stores encrypted data)
- Repository: Update queries to encrypt/decrypt passwords using pgp_sym_encrypt
- Add CASE statements for safe NULL handling in encryption/decryption
- Remove unused key fields (PDS manages all keys in V2.0)

Database operations:
- CREATE: Encrypts password before storage
- GetByDID: Decrypts password for service layer use
- Maintains backward compatibility with NULL password values

Security: Encrypted passwords allow session recovery while maintaining
data-at-rest encryption via PostgreSQL's pgcrypto.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

bretton.dev 4a4389e0 c7a6626f

options
unified split
Changed files
+42 -20
internal
core
communities
community.go
db
postgres
community_repo.go
+9 -7
internal/core/communities/community.go 
···

       
9

       
9

       
 

       
type Community struct {


     

       
10

       
10

       
 

       
	CreatedAt              time.Time `json:"createdAt" db:"created_at"`


     

       
11

       
11

       
 

       
	UpdatedAt              time.Time `json:"updatedAt" db:"updated_at"`


     

       
12

       

       
-

       
	PDSAccessToken         string    `json:"-" db:"pds_access_token"`


     

       
13

       

       
-

       
	FederatedID            string    `json:"federatedId,omitempty" db:"federated_id"`


     

       

       
12

       
+

       
	RecordURI              string    `json:"recordUri,omitempty" db:"record_uri"`


     

       

       
13

       
+

       
	FederatedFrom          string    `json:"federatedFrom,omitempty" db:"federated_from"`


     

       
14

       
14

       
 

       
	DisplayName            string    `json:"displayName" db:"display_name"`


     

       
15

       
15

       
 

       
	Description            string    `json:"description" db:"description"`


     

       
16

       
16

       
 

       
	PDSURL                 string    `json:"-" db:"pds_url"`


     
···

       
20

       
20

       
 

       
	CreatedByDID           string    `json:"createdByDid" db:"created_by_did"`


     

       
21

       
21

       
 

       
	HostedByDID            string    `json:"hostedByDid" db:"hosted_by_did"`


     

       
22

       
22

       
 

       
	PDSEmail               string    `json:"-" db:"pds_email"`


     

       
23

       

       
-

       
	PDSPasswordHash        string    `json:"-" db:"pds_password_hash"`


     

       

       
23

       
+

       
	PDSPassword            string    `json:"-" db:"pds_password_encrypted"`


     

       
24

       
24

       
 

       
	Name                   string    `json:"name" db:"name"`


     

       
25

       
25

       
 

       
	RecordCID              string    `json:"recordCid,omitempty" db:"record_cid"`


     

       
26

       

       
-

       
	RecordURI              string    `json:"recordUri,omitempty" db:"record_uri"`


     

       
27

       

       
-

       
	Visibility             string    `json:"visibility" db:"visibility"`


     

       
28

       

       
-

       
	DID                    string    `json:"did" db:"did"`


     

       

       
26

       
+

       
	FederatedID            string    `json:"federatedId,omitempty" db:"federated_id"`


     

       

       
27

       
+

       
	PDSAccessToken         string    `json:"-" db:"pds_access_token"`


     

       

       
28

       
+

       
	SigningKeyPEM          string    `json:"-" db:"signing_key_encrypted"`


     

       
29

       
29

       
 

       
	ModerationType         string    `json:"moderationType,omitempty" db:"moderation_type"`


     

       
30

       
30

       
 

       
	Handle                 string    `json:"handle" db:"handle"`


     

       
31

       
31

       
 

       
	PDSRefreshToken        string    `json:"-" db:"pds_refresh_token"`


     

       
32

       

       
-

       
	FederatedFrom          string    `json:"federatedFrom,omitempty" db:"federated_from"`


     

       

       
32

       
+

       
	Visibility             string    `json:"visibility" db:"visibility"`


     

       

       
33

       
+

       
	RotationKeyPEM         string    `json:"-" db:"rotation_key_encrypted"`


     

       

       
34

       
+

       
	DID                    string    `json:"did" db:"did"`


     

       
33

       
35

       
 

       
	ContentWarnings        []string  `json:"contentWarnings,omitempty" db:"content_warnings"`


     

       
34

       
36

       
 

       
	DescriptionFacets      []byte    `json:"descriptionFacets,omitempty" db:"description_facets"`


     

       
35

       
37

       
 

       
	PostCount              int       `json:"postCount" db:"post_count"`
+33 -13
internal/db/postgres/community_repo.go 
···

       
26

       
26

       
 

       
		INSERT INTO communities (


     

       
27

       
27

       
 

       
			did, handle, name, display_name, description, description_facets,


     

       
28

       
28

       
 

       
			avatar_cid, banner_cid, owner_did, created_by_did, hosted_by_did,


     

       
29

       

       
-

       
			pds_email, pds_password_hash,


     

       

       
29

       
+

       
			pds_email, pds_password_encrypted,


     

       
30

       
30

       
 

       
			pds_access_token_encrypted, pds_refresh_token_encrypted, pds_url,


     

       
31

       
31

       
 

       
			visibility, allow_external_discovery, moderation_type, content_warnings,


     

       
32

       
32

       
 

       
			member_count, subscriber_count, post_count,


     
···

       
34

       
34

       
 

       
			record_uri, record_cid


     

       
35

       
35

       
 

       
		) VALUES (


     

       
36

       
36

       
 

       
			$1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11,


     

       
37

       

       
-

       
			$12, $13,


     

       

       
37

       
+

       
			$12,


     

       

       
38

       
+

       
			CASE WHEN $13 != '' THEN pgp_sym_encrypt($13, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END,


     

       
38

       
39

       
 

       
			CASE WHEN $14 != '' THEN pgp_sym_encrypt($14, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END,


     

       
39

       
40

       
 

       
			CASE WHEN $15 != '' THEN pgp_sym_encrypt($15, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)) ELSE NULL END,


     

       
40

       
41

       
 

       
			$16,


     
···

       
63

       
64

       
 

       
		community.OwnerDID,


     

       
64

       
65

       
 

       
		community.CreatedByDID,


     

       
65

       
66

       
 

       
		community.HostedByDID,


     

       
66

       

       
-

       
		// V2: PDS credentials for community account


     

       

       
67

       
+

       
		// V2.0: PDS credentials for community account (encrypted at rest)


     

       
67

       
68

       
 

       
		nullString(community.PDSEmail),


     

       
68

       

       
-

       
		nullString(community.PDSPasswordHash),


     

       
69

       

       
-

       
		nullString(community.PDSAccessToken),


     

       
70

       

       
-

       
		nullString(community.PDSRefreshToken),


     

       

       
69

       
+

       
		nullString(community.PDSPassword),      // Encrypted by pgp_sym_encrypt


     

       

       
70

       
+

       
		nullString(community.PDSAccessToken),   // Encrypted by pgp_sym_encrypt


     

       

       
71

       
+

       
		nullString(community.PDSRefreshToken),  // Encrypted by pgp_sym_encrypt


     

       
71

       
72

       
 

       
		nullString(community.PDSURL),


     

       

       
73

       
+

       
		// V2.0: No key columns - PDS manages all keys


     

       
72

       
74

       
 

       
		community.Visibility,


     

       
73

       
75

       
 

       
		community.AllowExternalDiscovery,


     

       
74

       
76

       
 

       
		nullString(community.ModerationType),


     
···

       
102

       
104

       
 

       
// GetByDID retrieves a community by its DID


     

       
103

       
105

       
 

       
// Note: PDS credentials are included (for internal service use only)


     

       
104

       
106

       
 

       
// Handlers MUST use json:"-" tags to prevent credential exposure in APIs


     

       

       
107

       
+

       
//


     

       

       
108

       
+

       
// V2.0: Key columns not included - PDS manages all keys


     

       
105

       
109

       
 

       
func (r *postgresCommunityRepo) GetByDID(ctx context.Context, did string) (*communities.Community, error) {


     

       
106

       
110

       
 

       
	community := &communities.Community{}


     

       
107

       
111

       
 

       
	query := `


     

       
108

       
112

       
 

       
		SELECT id, did, handle, name, display_name, description, description_facets,


     

       
109

       
113

       
 

       
			avatar_cid, banner_cid, owner_did, created_by_did, hosted_by_did,


     

       
110

       

       
-

       
			pds_email, pds_password_hash,


     

       
111

       

       
-

       
			COALESCE(pgp_sym_decrypt(pds_access_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)), '') as pds_access_token,


     

       
112

       

       
-

       
			COALESCE(pgp_sym_decrypt(pds_refresh_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1)), '') as pds_refresh_token,


     

       

       
114

       
+

       
			pds_email,


     

       

       
115

       
+

       
			CASE


     

       

       
116

       
+

       
				WHEN pds_password_encrypted IS NOT NULL


     

       

       
117

       
+

       
				THEN pgp_sym_decrypt(pds_password_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1))


     

       

       
118

       
+

       
				ELSE NULL


     

       

       
119

       
+

       
			END as pds_password,


     

       

       
120

       
+

       
			CASE


     

       

       
121

       
+

       
				WHEN pds_access_token_encrypted IS NOT NULL


     

       

       
122

       
+

       
				THEN pgp_sym_decrypt(pds_access_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1))


     

       

       
123

       
+

       
				ELSE NULL


     

       

       
124

       
+

       
			END as pds_access_token,


     

       

       
125

       
+

       
			CASE


     

       

       
126

       
+

       
				WHEN pds_refresh_token_encrypted IS NOT NULL


     

       

       
127

       
+

       
				THEN pgp_sym_decrypt(pds_refresh_token_encrypted, (SELECT encode(key_data, 'hex') FROM encryption_keys WHERE id = 1))


     

       

       
128

       
+

       
				ELSE NULL


     

       

       
129

       
+

       
			END as pds_refresh_token,


     

       
113

       
130

       
 

       
			pds_url,


     

       
114

       
131

       
 

       
			visibility, allow_external_discovery, moderation_type, content_warnings,


     

       
115

       
132

       
 

       
			member_count, subscriber_count, post_count,


     
···

       
120

       
137

       
 

       



     

       
121

       
138

       
 

       
	var displayName, description, avatarCID, bannerCID, moderationType sql.NullString


     

       
122

       
139

       
 

       
	var federatedFrom, federatedID, recordURI, recordCID sql.NullString


     

       
123

       

       
-

       
	var pdsEmail, pdsPasswordHash, pdsAccessToken, pdsRefreshToken, pdsURL sql.NullString


     

       

       
140

       
+

       
	var pdsEmail, pdsPassword, pdsAccessToken, pdsRefreshToken, pdsURL sql.NullString


     

       
124

       
141

       
 

       
	var descFacets []byte


     

       
125

       
142

       
 

       
	var contentWarnings []string


     

       
126

       
143

       
 

       



     
···

       
129

       
146

       
 

       
		&displayName, &description, &descFacets,


     

       
130

       
147

       
 

       
		&avatarCID, &bannerCID,


     

       
131

       
148

       
 

       
		&community.OwnerDID, &community.CreatedByDID, &community.HostedByDID,


     

       
132

       

       
-

       
		// V2: PDS credentials


     

       
133

       

       
-

       
		&pdsEmail, &pdsPasswordHash, &pdsAccessToken, &pdsRefreshToken, &pdsURL,


     

       

       
149

       
+

       
		// V2.0: PDS credentials (decrypted from pgp_sym_encrypt)


     

       

       
150

       
+

       
		&pdsEmail, &pdsPassword, &pdsAccessToken, &pdsRefreshToken, &pdsURL,


     

       
134

       
151

       
 

       
		&community.Visibility, &community.AllowExternalDiscovery,


     

       
135

       
152

       
 

       
		&moderationType, pq.Array(&contentWarnings),


     

       
136

       
153

       
 

       
		&community.MemberCount, &community.SubscriberCount, &community.PostCount,


     
···

       
152

       
169

       
 

       
	community.AvatarCID = avatarCID.String


     

       
153

       
170

       
 

       
	community.BannerCID = bannerCID.String


     

       
154

       
171

       
 

       
	community.PDSEmail = pdsEmail.String


     

       
155

       

       
-

       
	community.PDSPasswordHash = pdsPasswordHash.String


     

       

       
172

       
+

       
	community.PDSPassword = pdsPassword.String


     

       
156

       
173

       
 

       
	community.PDSAccessToken = pdsAccessToken.String


     

       
157

       
174

       
 

       
	community.PDSRefreshToken = pdsRefreshToken.String


     

       
158

       
175

       
 

       
	community.PDSURL = pdsURL.String


     

       

       
176

       
+

       
	// V2.0: No key fields - PDS manages all keys


     

       

       
177

       
+

       
	community.RotationKeyPEM = "" // Empty - PDS-managed


     

       

       
178

       
+

       
	community.SigningKeyPEM = ""  // Empty - PDS-managed


     

       
159

       
179

       
 

       
	community.ModerationType = moderationType.String


     

       
160

       
180

       
 

       
	community.ContentWarnings = contentWarnings


     

       
161

       
181

       
 

       
	community.FederatedFrom = federatedFrom.String