security sections are fully functional

internal/models/access_token.go

@@ -0,0 +1,17 @@
+package models
+
+import "time"
+
+// RepoAccessToken grants scoped API (and git) access to a specific repo.
+// Stored as a SHA-256 hash; the raw token is shown once on creation.
+type RepoAccessToken struct {
+	ID        int64      `xorm:"'id' pk autoincr"`
+	RepoID    int64      `xorm:"'repo_id' notnull index"`
+	CreatorID int64      `xorm:"'creator_id' notnull"`
+	Title     string     `xorm:"'title' notnull"`
+	TokenHash string     `xorm:"'token_hash' notnull unique"`
+	Scopes    string     `xorm:"'scopes' notnull"` // "read" | "read,write"
+	ExpiresAt *time.Time `xorm:"'expires_at'"`
+	LastUsed  *time.Time `xorm:"'last_used_at'"`
+	CreatedAt time.Time  `xorm:"'created_at' created"`
+}

internal/models/deploy_key.go

@@ -0,0 +1,15 @@
+package models
+
+import "time"
+
+// RepoDeployKey is an HTTP token that grants git access to a specific repo.
+// Stored as a SHA-256 hash; the raw token is shown once on creation.
+type RepoDeployKey struct {
+	ID        int64      `xorm:"'id' pk autoincr"`
+	RepoID    int64      `xorm:"'repo_id' notnull index"`
+	Title     string     `xorm:"'title' notnull"`
+	TokenHash string     `xorm:"'token_hash' notnull unique"`
+	ReadOnly  bool       `xorm:"'read_only' default true"`
+	LastUsed  *time.Time `xorm:"'last_used_at'"`
+	CreatedAt time.Time  `xorm:"'created_at' created"`
+}

internal/models/migrations/001_init.go

@@ -19,5 +19,8 @@ func Run(engine *xorm.Engine) error {
 	if err := Run002(engine); err != nil {
 		return err
 	}
-	return Run003(engine)
+	if err := Run003(engine); err != nil {
+		return err
+	}
+	return Run004(engine)
 }

internal/models/migrations/004_keys_tokens.go

@@ -0,0 +1,13 @@
+package migrations
+
+import (
+	"github.com/forgeo/forgebucket/internal/models"
+	"xorm.io/xorm"
+)
+
+func Run004(engine *xorm.Engine) error {
+	return engine.Sync2(
+		&models.RepoDeployKey{},
+		&models.RepoAccessToken{},
+	)
+}