Delete deletes all user tokens and revokes all ciphers. This is a destructive operation and should only be used as a last resort, for example, if the database encryption key has been lost.
(ctx context.Context, log slog.Logger, sqlDB *sql.DB)
| 396 | // as a last resort, for example, if the database encryption key has been |
| 397 | // lost. |
| 398 | func Delete(ctx context.Context, log slog.Logger, sqlDB *sql.DB) error { |
| 399 | store := database.New(sqlDB) |
| 400 | _, err := sqlDB.ExecContext(ctx, sqlDeleteEncryptedUserTokens) |
| 401 | if err != nil { |
| 402 | return xerrors.Errorf("delete encrypted tokens and AI provider keys: %w", err) |
| 403 | } |
| 404 | log.Info(ctx, "deleted encrypted user tokens and AI provider API keys") |
| 405 | |
| 406 | log.Info(ctx, "revoking all active keys") |
| 407 | keys, err := store.GetDBCryptKeys(ctx) |
| 408 | if err != nil { |
| 409 | return xerrors.Errorf("get db crypt keys: %w", err) |
| 410 | } |
| 411 | for _, k := range keys { |
| 412 | if !k.ActiveKeyDigest.Valid { |
| 413 | continue |
| 414 | } |
| 415 | if err := store.RevokeDBCryptKey(ctx, k.ActiveKeyDigest.String); err != nil { |
| 416 | return xerrors.Errorf("revoke key: %w", err) |
| 417 | } |
| 418 | log.Info(ctx, "revoked unused key", slog.F("digest", k.ActiveKeyDigest.String)) |
| 419 | } |
| 420 | |
| 421 | return nil |
| 422 | } |
no test coverage detected