122 lines
3.6 KiB
Go
122 lines
3.6 KiB
Go
package lib
|
|
|
|
import "database/sql"
|
|
|
|
// VaultField represents a single field within a vault entry.
|
|
type VaultField struct {
|
|
Label string `json:"label"`
|
|
Value string `json:"value"`
|
|
Kind string `json:"kind"` // text|password|totp|url|file
|
|
Section string `json:"section,omitempty"`
|
|
L2 bool `json:"l2,omitempty"` // true = client-side decrypt only
|
|
}
|
|
|
|
// VaultFile represents an attached file.
|
|
type VaultFile struct {
|
|
Name string `json:"name"`
|
|
MimeType string `json:"mime_type"`
|
|
Size int64 `json:"size"`
|
|
Data []byte `json:"data"`
|
|
}
|
|
|
|
// VaultData is the JSON structure packed into Entry.Data.
|
|
type VaultData struct {
|
|
Title string `json:"title"`
|
|
Type string `json:"type"`
|
|
Fields []VaultField `json:"fields"`
|
|
URLs []string `json:"urls,omitempty"`
|
|
Tags []string `json:"tags,omitempty"`
|
|
Expires string `json:"expires,omitempty"` // YYYY-MM-DD
|
|
Notes string `json:"notes,omitempty"`
|
|
Files []VaultFile `json:"files,omitempty"`
|
|
}
|
|
|
|
// Entry is the core data model — single table for all vault items.
|
|
type Entry struct {
|
|
EntryID string `json:"entry_id"`
|
|
ParentID string `json:"parent_id"` // folder entry_id, or "" for root
|
|
Type string `json:"type"` // credential|note|identity|card|ssh_key|totp|folder|custom
|
|
Title string `json:"title"` // plaintext for UI
|
|
TitleIdx []byte `json:"-"` // HMAC-SHA256 blind index for search
|
|
Data []byte `json:"-"` // packed: zstd + AES-256-GCM
|
|
DataLevel int `json:"data_level"` // 1=L1, 2=L2
|
|
CreatedAt int64 `json:"created_at"`
|
|
UpdatedAt int64 `json:"updated_at"`
|
|
Version int `json:"version"` // optimistic locking
|
|
DeletedAt *int64 `json:"deleted_at,omitempty"`
|
|
|
|
// Unpacked field (not stored directly, populated after decrypt)
|
|
VaultData *VaultData `json:"data,omitempty"`
|
|
}
|
|
|
|
// Session represents an authenticated session.
|
|
type Session struct {
|
|
Token string `json:"token"`
|
|
CreatedAt int64 `json:"created_at"`
|
|
ExpiresAt int64 `json:"expires_at"`
|
|
Actor string `json:"actor"` // web|extension|mcp
|
|
}
|
|
|
|
// AuditEvent represents a security audit log entry.
|
|
type AuditEvent struct {
|
|
EventID string `json:"event_id"`
|
|
EntryID string `json:"entry_id,omitempty"`
|
|
Title string `json:"title,omitempty"` // snapshot of entry title
|
|
Action string `json:"action"` // read|fill|ai_read|create|update|delete|import|export
|
|
Actor string `json:"actor"` // web|extension|mcp
|
|
IPAddr string `json:"ip_addr,omitempty"`
|
|
CreatedAt int64 `json:"created_at"`
|
|
}
|
|
|
|
// WebAuthnCredential stores a registered WebAuthn credential.
|
|
type WebAuthnCredential struct {
|
|
CredID string `json:"cred_id"`
|
|
Name string `json:"name"`
|
|
PublicKey []byte `json:"public_key"`
|
|
PRFSalt []byte `json:"prf_salt"`
|
|
SignCount int `json:"sign_count"`
|
|
CreatedAt int64 `json:"created_at"`
|
|
}
|
|
|
|
// DB wraps the database connection.
|
|
type DB struct {
|
|
Conn *sql.DB
|
|
}
|
|
|
|
// Entry types
|
|
const (
|
|
TypeCredential = "credential"
|
|
TypeCard = "card"
|
|
TypeIdentity = "identity"
|
|
TypeNote = "note"
|
|
TypeSSHKey = "ssh_key"
|
|
TypeTOTP = "totp"
|
|
TypeFolder = "folder"
|
|
TypeCustom = "custom"
|
|
)
|
|
|
|
// Data levels
|
|
const (
|
|
DataLevelL1 = 1 // Server-side encrypted (AI-readable)
|
|
DataLevelL2 = 2 // Client-side only (WebAuthn PRF)
|
|
)
|
|
|
|
// Actor types
|
|
const (
|
|
ActorWeb = "web"
|
|
ActorExtension = "extension"
|
|
ActorMCP = "mcp"
|
|
)
|
|
|
|
// Action types
|
|
const (
|
|
ActionRead = "read"
|
|
ActionFill = "fill"
|
|
ActionAIRead = "ai_read"
|
|
ActionCreate = "create"
|
|
ActionUpdate = "update"
|
|
ActionDelete = "delete"
|
|
ActionImport = "import"
|
|
ActionExport = "export"
|
|
)
|