internal/repository/user_repository.go

package repository

import (
	"context"
	"database/sql"
	"errors"

	"code.nochebuena.dev/go/rbac"
	"code.nochebuena.dev/go/sqlite"
	"code.nochebuena.dev/go/xerrors"
	"code.nochebuena.dev/go/todo-api/internal/domain"
)

// UserRepository defines persistence operations for users and their role bits.
type UserRepository interface {
	FindAll(ctx context.Context) ([]domain.User, error)
	FindByID(ctx context.Context, id string) (domain.User, error)
	Create(ctx context.Context, user domain.User) (domain.User, error)
	SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error
}

type userRepository struct {
	db sqlite.Client
}

// NewUserRepository returns a SQLite-backed UserRepository.
func NewUserRepository(db sqlite.Client) UserRepository {
	return &userRepository{db: db}
}

func (r *userRepository) FindAll(ctx context.Context) ([]domain.User, error) {
	rows, err := r.db.GetExecutor(ctx).QueryContext(ctx,
		`SELECT id, name, email, created_at FROM users ORDER BY created_at DESC`,
	)
	if err != nil {
		return nil, r.db.HandleError(err)
	}
	defer rows.Close()

	var users []domain.User
	for rows.Next() {
		var u domain.User
		if err := rows.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
			return nil, err
		}
		users = append(users, u)
	}
	if err := rows.Err(); err != nil {
		return nil, err
	}
	if users == nil {
		users = []domain.User{}
	}
	return users, nil
}

func (r *userRepository) FindByID(ctx context.Context, id string) (domain.User, error) {
	row := r.db.GetExecutor(ctx).QueryRowContext(ctx,
		`SELECT id, name, email, created_at FROM users WHERE id = ?`, id,
	)
	var u domain.User
	if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			return domain.User{}, xerrors.New(xerrors.ErrNotFound, "user not found")
		}
		return domain.User{}, r.db.HandleError(err)
	}
	return u, nil
}

func (r *userRepository) Create(ctx context.Context, user domain.User) (domain.User, error) {
	row := r.db.GetExecutor(ctx).QueryRowContext(ctx,
		`INSERT INTO users (id, name, email) VALUES (?, ?, ?)
		 RETURNING id, name, email, created_at`,
		user.ID, user.Name, user.Email,
	)
	var u domain.User
	if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
		return domain.User{}, r.db.HandleError(err)
	}
	return u, nil
}

func (r *userRepository) SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error {
	_, err := r.db.GetExecutor(ctx).ExecContext(ctx,
		`INSERT INTO user_role (user_id, resource, permissions) VALUES (?, ?, ?)
		 ON CONFLICT (user_id, resource) DO UPDATE SET permissions = excluded.permissions`,
		userID, resource, int64(mask),
	)
	return err
}
feat(todo-api): add full-stack POC demonstrating micro-lib v0.9.0 Runnable REST API exercising every micro-lib tier in a containerless setup: N-layer architecture, SQLite persistence, header-based auth simulating Firebase output, and bit-mask RBAC enforcement. What's included: - cmd/todo-api: minimal main delegating to application.Run - internal/application: full object graph wiring — launcher, sqlite, httpserver, httpmw stack, routes in BeforeStart - internal/domain: User entity, ResourceTodos constant, PermReadTodo/PermWriteTodo bit positions - internal/repository: TodoRepository, UserRepository, DBPermissionProvider (SQLite via modernc) - internal/service: TodoService, UserService with interface-based dependencies - internal/handler: TodoHandler, UserHandler using httputil adapters and valid for input validation - internal/middleware: Auth (X-User-ID → rbac.Identity) and Require (bit-mask permission gate) - logAdapter: bridges logz.Logger.With return type to httpmw.Logger interface - SQLite schema: users, user_role (bitmask), todos; migrations run in BeforeStart - Routes: POST /users (open), GET+POST /todos (RBAC), GET /users (RBAC) Tested-via: todo-api POC integration Reviewed-against: docs/adr/ 2026-03-19 13:55:08 +00:00			`package repository`

			`import (`
			`"context"`
			`"database/sql"`
			`"errors"`

			`"code.nochebuena.dev/go/rbac"`
			`"code.nochebuena.dev/go/sqlite"`
			`"code.nochebuena.dev/go/xerrors"`
			`"code.nochebuena.dev/go/todo-api/internal/domain"`
			`)`

			`// UserRepository defines persistence operations for users and their role bits.`
			`type UserRepository interface {`
			`FindAll(ctx context.Context) ([]domain.User, error)`
			`FindByID(ctx context.Context, id string) (domain.User, error)`
			`Create(ctx context.Context, user domain.User) (domain.User, error)`
			`SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error`
			`}`

			`type userRepository struct {`
			`db sqlite.Client`
			`}`

			`// NewUserRepository returns a SQLite-backed UserRepository.`
			`func NewUserRepository(db sqlite.Client) UserRepository {`
			`return &userRepository{db: db}`
			`}`

			`func (r *userRepository) FindAll(ctx context.Context) ([]domain.User, error) {`
			`rows, err := r.db.GetExecutor(ctx).QueryContext(ctx,`
			`SELECT id, name, email, created_at FROM users ORDER BY created_at DESC`,
			`)`
			`if err != nil {`
			`return nil, r.db.HandleError(err)`
			`}`
			`defer rows.Close()`

			`var users []domain.User`
			`for rows.Next() {`
			`var u domain.User`
			`if err := rows.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {`
			`return nil, err`
			`}`
			`users = append(users, u)`
			`}`
			`if err := rows.Err(); err != nil {`
			`return nil, err`
			`}`
			`if users == nil {`
			`users = []domain.User{}`
			`}`
			`return users, nil`
			`}`

			`func (r *userRepository) FindByID(ctx context.Context, id string) (domain.User, error) {`
			`row := r.db.GetExecutor(ctx).QueryRowContext(ctx,`
			`SELECT id, name, email, created_at FROM users WHERE id = ?`, id,
			`)`
			`var u domain.User`
			`if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {`
			`if errors.Is(err, sql.ErrNoRows) {`
			`return domain.User{}, xerrors.New(xerrors.ErrNotFound, "user not found")`
			`}`
			`return domain.User{}, r.db.HandleError(err)`
			`}`
			`return u, nil`
			`}`

			`func (r *userRepository) Create(ctx context.Context, user domain.User) (domain.User, error) {`
			`row := r.db.GetExecutor(ctx).QueryRowContext(ctx,`
			`INSERT INTO users (id, name, email) VALUES (?, ?, ?)
			RETURNING id, name, email, created_at`,
			`user.ID, user.Name, user.Email,`
			`)`
			`var u domain.User`
			`if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {`
			`return domain.User{}, r.db.HandleError(err)`
			`}`
			`return u, nil`
			`}`

			`func (r *userRepository) SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error {`
			`_, err := r.db.GetExecutor(ctx).ExecContext(ctx,`
			`INSERT INTO user_role (user_id, resource, permissions) VALUES (?, ?, ?)
			ON CONFLICT (user_id, resource) DO UPDATE SET permissions = excluded.permissions`,
			`userID, resource, int64(mask),`
			`)`
			`return err`
			`}`