chore: include static assets in binary

backend/resources/email-templates/components/email_html.tmpl

@@ -0,0 +1,14 @@
+{{ define "root" }}
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    {{ template "style" . }}
+</head>
+<body>
+    <div class="container">
+        {{ template "base" . }}
+    </div>
+</body>
+</html>
+{{ end }}

backend/resources/email-templates/components/email_text.tmpl

@@ -0,0 +1,7 @@
+{{- define "root" -}}
+{{- template "base" . -}}
+{{- end }}
+
+
+--
+This is automatically sent email from {{.AppName}}.

backend/resources/email-templates/components/style_html.tmpl

@@ -0,0 +1,80 @@
+{{ define "style" }}
+<style>
+  body {
+    font-family: Arial, sans-serif;
+    background-color: #f0f0f0;
+    color: #333;
+    margin: 0;
+    padding: 0;
+  }
+  .container {
+    background-color: #fff;
+    color: #333;
+    padding: 32px;
+    border-radius: 10px;
+    max-width: 600px;
+    margin: 40px auto;
+    box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+  }
+  .header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: 24px;
+  }
+  .header .logo {
+    display: flex;
+    align-items: center;
+    gap: 8px;
+  }
+  .header .logo img {
+    width: 32px;
+    height: 32px;
+    object-fit: cover;
+  }
+  .header h1 {
+    font-size: 1.5rem;
+    font-weight: bold;
+  }
+  .warning {
+    background-color: #ffd966;
+    color: #7f6000;
+    padding: 4px 12px;
+    border-radius: 50px;
+    font-size: 0.875rem;
+  }
+  .content {
+    background-color: #fafafa;
+    color: #333;
+    padding: 24px;
+    border-radius: 10px;
+  }
+  .content h2 {
+    font-size: 1.25rem;
+    font-weight: bold;
+    margin-bottom: 16px;
+  }
+  .grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 16px;
+    margin-bottom: 16px;
+  }
+  .grid div {
+    display: flex;
+    flex-direction: column;
+  }
+  .grid p {
+    margin: 0;
+  }
+  .label {
+    color: #888;
+    font-size: 0.875rem;
+    margin-bottom: 4px;
+  }
+  .message {
+    font-size: 1rem;
+    line-height: 1.5;
+  }
+</style>
+{{ end }}

backend/resources/email-templates/login-with-new-device_html.tmpl

@@ -0,0 +1,36 @@
+{{ define "base" }}
+    <div class="header">
+        <div class="logo">
+            <img src="{{ .LogoURL }}" alt="Pocket ID"/>
+            <h1>{{ .AppName }}</h1>
+        </div>
+        <div class="warning">Warning</div>
+    </div>
+    <div class="content">
+        <h2>New Sign-In Detected</h2>
+        <div class="grid">
+            {{ if and .Data.City .Data.Country }}
+            <div>
+                <p class="label">Approximate Location</p>
+                <p>{{ .Data.City }}, {{ .Data.Country }}</p>
+            </div>
+            {{ end }}
+            <div>
+                <p class="label">IP Address</p>
+                <p>{{ .Data.IPAddress }}</p>
+            </div>
+            <div>
+                <p class="label">Device</p>
+                <p>{{ .Data.Device }}</p>
+            </div>
+            <div>
+                <p class="label">Sign-In Time</p>
+                <p>{{ .Data.DateTime.Format "2006-01-02 15:04:05 UTC" }}</p>
+            </div>
+        </div>
+        <p class="message">
+            This sign-in was detected from a new device or location. If you recognize this activity, you can
+            safely ignore this message. If not, please review your account and security settings.
+        </p>
+    </div>
+{{ end -}}

backend/resources/email-templates/login-with-new-device_text.tmpl

@@ -0,0 +1,15 @@
+{{ define "base" -}}
+New Sign-In Detected
+====================
+
+{{ if and .Data.City .Data.Country }}
+Approximate Location: {{ .Data.City }}, {{ .Data.Country }}
+{{ end }}
+IP Address: {{ .Data.IPAddress }}
+Device:     {{ .Data.Device }}
+Time:       {{ .Data.DateTime.Format "2006-01-02 15:04:05 UTC"}}
+
+This sign-in was detected from a new device or location. If you recognize
+this activity, you can safely ignore this message. If not, please review
+your account and security settings.
+{{ end -}}

backend/resources/email-templates/test_html.tmpl

@@ -0,0 +1,11 @@
+{{ define "base" -}}
+    <div class="header">
+        <div class="logo">
+            <img src="{{ .LogoURL }}" alt="Pocket ID"/>
+            <h1>{{ .AppName }}</h1>
+        </div>
+    </div>
+    <div class="content">
+        <p>This is a test email.</p>
+    </div>
+{{ end -}}

backend/resources/email-templates/test_text.tmpl

@@ -0,0 +1,3 @@
+{{ define "base" -}}
+This is a test email.
+{{ end -}}

backend/resources/files.go

@@ -0,0 +1,8 @@
+package resources
+
+import "embed"
+
+// Embedded file systems for the project
+
+//go:embed email-templates images migrations
+var FS embed.FS

backend/resources/images/logo.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="a" viewBox="0 0 1015 1015"><path d="M506.6,0c209.52,0,379.98,170.45,379.98,379.96,0,82.33-25.9,160.68-74.91,226.54-48.04,64.59-113.78,111.51-190.13,135.71l-21.1,6.7-50.29-248.04,13.91-6.73c45.41-21.95,74.76-68.71,74.76-119.11,0-72.91-59.31-132.23-132.21-132.23s-132.23,59.32-132.23,132.23c0,50.4,29.36,97.16,74.77,119.11l13.65,6.61-81.01,499.24h-226.36V0h351.18Z"/><style>@media (prefers-color-scheme:dark){#a path{fill:#fff}}@media (prefers-color-scheme:light){#a path{fill:#000}}</style></svg>

backend/resources/images/logoDark.svg

@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="a" viewBox="0 0 1015 1015">
+    <path fill="white" d="M506.6,0c209.52,0,379.98,170.45,379.98,379.96,0,82.33-25.9,160.68-74.91,226.54-48.04,64.59-113.78,111.51-190.13,135.71l-21.1,6.7-50.29-248.04,13.91-6.73c45.41-21.95,74.76-68.71,74.76-119.11,0-72.91-59.31-132.23-132.21-132.23s-132.23,59.32-132.23,132.23c0,50.4,29.36,97.16,74.77,119.11l13.65,6.61-81.01,499.24h-226.36V0h351.18Z"/>
+</svg>

backend/resources/images/logoLight.svg

@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" id="a" viewBox="0 0 1015 1015">
+    <path fill="black" d="M506.6,0c209.52,0,379.98,170.45,379.98,379.96,0,82.33-25.9,160.68-74.91,226.54-48.04,64.59-113.78,111.51-190.13,135.71l-21.1,6.7-50.29-248.04,13.91-6.73c45.41-21.95,74.76-68.71,74.76-119.11,0-72.91-59.31-132.23-132.21-132.23s-132.23,59.32-132.23,132.23c0,50.4,29.36,97.16,74.77,119.11l13.65,6.61-81.01,499.24h-226.36V0h351.18Z"/>
+</svg>

backend/resources/migrations/postgres/20241211111554_init.up.sql

@@ -0,0 +1,126 @@
+CREATE TABLE app_config_variables
+(
+    key           VARCHAR(100) NOT NULL PRIMARY KEY,
+    value         TEXT NOT NULL,
+    type          VARCHAR(20) NOT NULL,
+    is_public     BOOLEAN DEFAULT FALSE NOT NULL,
+    is_internal   BOOLEAN DEFAULT FALSE NOT NULL,
+    default_value TEXT
+);
+
+CREATE TABLE user_groups
+(
+    id            UUID NOT NULL PRIMARY KEY,
+    created_at    TIMESTAMPTZ,
+    friendly_name VARCHAR(255) NOT NULL,
+    name          VARCHAR(255) NOT NULL UNIQUE
+);
+
+CREATE TABLE users
+(
+    id         UUID NOT NULL PRIMARY KEY,
+    created_at TIMESTAMPTZ,
+    username   VARCHAR(255) NOT NULL UNIQUE,
+    email      VARCHAR(255) NOT NULL UNIQUE,
+    first_name VARCHAR(100),
+    last_name  VARCHAR(100),
+    is_admin   BOOLEAN DEFAULT FALSE NOT NULL
+);
+
+CREATE TABLE audit_logs
+(
+    id         UUID NOT NULL PRIMARY KEY,
+    created_at TIMESTAMPTZ,
+    event      VARCHAR(100) NOT NULL,
+    ip_address INET NOT NULL,
+    data       JSONB NOT NULL,
+    user_id    UUID REFERENCES users ON DELETE SET NULL,
+    user_agent TEXT,
+    country    VARCHAR(100),
+    city       VARCHAR(100)
+);
+
+CREATE TABLE custom_claims
+(
+    id            UUID NOT NULL PRIMARY KEY,
+    created_at    TIMESTAMPTZ,
+    key           VARCHAR(255) NOT NULL,
+    value         TEXT NOT NULL,
+    user_id       UUID REFERENCES users ON DELETE CASCADE,
+    user_group_id UUID REFERENCES user_groups ON DELETE CASCADE,
+    CONSTRAINT custom_claims_unique UNIQUE (key, user_id, user_group_id),
+    CHECK (user_id IS NOT NULL OR user_group_id IS NOT NULL)
+);
+
+CREATE TABLE oidc_authorization_codes
+(
+    id                           UUID NOT NULL PRIMARY KEY,
+    created_at                   TIMESTAMPTZ,
+    code                         VARCHAR(255) NOT NULL UNIQUE,
+    scope                        TEXT NOT NULL,
+    nonce                        VARCHAR(255),
+    expires_at                   TIMESTAMPTZ NOT NULL,
+    user_id                      UUID NOT NULL REFERENCES users ON DELETE CASCADE,
+    client_id                    UUID NOT NULL,
+    code_challenge               VARCHAR(255),
+    code_challenge_method_sha256 BOOLEAN
+);
+
+CREATE TABLE oidc_clients
+(
+    id            UUID NOT NULL PRIMARY KEY,
+    created_at    TIMESTAMPTZ,
+    name          VARCHAR(255),
+    secret        TEXT,
+    callback_urls JSONB,
+    image_type    VARCHAR(10),
+    created_by_id UUID REFERENCES users ON DELETE SET NULL,
+    is_public     BOOLEAN DEFAULT FALSE
+);
+
+CREATE TABLE one_time_access_tokens
+(
+    id         UUID NOT NULL PRIMARY KEY,
+    created_at TIMESTAMPTZ,
+    token      VARCHAR(255) NOT NULL UNIQUE,
+    expires_at TIMESTAMPTZ NOT NULL,
+    user_id    UUID NOT NULL REFERENCES users ON DELETE CASCADE
+);
+
+CREATE TABLE user_authorized_oidc_clients
+(
+    scope     VARCHAR(255),
+    user_id   UUID NOT NULL REFERENCES users ON DELETE CASCADE,
+    client_id UUID NOT NULL REFERENCES oidc_clients ON DELETE CASCADE,
+    PRIMARY KEY (user_id, client_id)
+);
+
+CREATE TABLE user_groups_users
+(
+    user_id       UUID NOT NULL REFERENCES users ON DELETE CASCADE,
+    user_group_id UUID NOT NULL REFERENCES user_groups ON DELETE CASCADE,
+    PRIMARY KEY (user_id, user_group_id)
+);
+
+CREATE TABLE webauthn_credentials
+(
+    id               UUID NOT NULL PRIMARY KEY,
+    created_at       TIMESTAMPTZ,
+    name             VARCHAR(255) NOT NULL,
+    credential_id    BYTEA NOT NULL UNIQUE,
+    public_key       BYTEA NOT NULL,
+    attestation_type VARCHAR(20) NOT NULL,
+    transport        JSONB NOT NULL,
+    user_id          UUID REFERENCES users ON DELETE CASCADE,
+    backup_eligible  BOOLEAN DEFAULT FALSE NOT NULL,
+    backup_state     BOOLEAN DEFAULT FALSE NOT NULL
+);
+
+CREATE TABLE webauthn_sessions
+(
+    id                UUID NOT NULL PRIMARY KEY,
+    created_at        TIMESTAMPTZ,
+    challenge         VARCHAR(255) NOT NULL UNIQUE,
+    expires_at        TIMESTAMPTZ NOT NULL,
+    user_verification VARCHAR(255) NOT NULL
+);

backend/resources/migrations/sqlite/20240731203656_init.up.sql

@@ -0,0 +1,80 @@
+CREATE TABLE users
+(
+    id         TEXT                  NOT NULL PRIMARY KEY,
+    created_at DATETIME,
+    username   TEXT                  NOT NULL UNIQUE,
+    email      TEXT                  NOT NULL UNIQUE,
+    first_name TEXT,
+    last_name  TEXT,
+    is_admin   NUMERIC DEFAULT FALSE NOT NULL
+);
+
+CREATE TABLE oidc_authorization_codes
+(
+    id         TEXT     NOT NULL PRIMARY KEY,
+    created_at DATETIME,
+    code       TEXT     NOT NULL UNIQUE,
+    scope      TEXT     NOT NULL,
+    nonce      TEXT,
+    expires_at DATETIME NOT NULL,
+    user_id    TEXT     NOT NULL REFERENCES users,
+    client_id  TEXT     NOT NULL
+);
+
+CREATE TABLE oidc_clients
+(
+    id            TEXT NOT NULL PRIMARY KEY,
+    created_at    DATETIME,
+    name          TEXT,
+    secret        TEXT,
+    callback_url  TEXT,
+    image_type    TEXT,
+    created_by_id TEXT REFERENCES users
+);
+
+CREATE TABLE one_time_access_tokens
+(
+    id         TEXT     NOT NULL PRIMARY KEY,
+    created_at DATETIME,
+    token      TEXT     NOT NULL UNIQUE,
+    expires_at DATETIME NOT NULL,
+    user_id    TEXT     NOT NULL REFERENCES users
+);
+
+CREATE TABLE user_authorized_oidc_clients
+(
+    scope     TEXT,
+    user_id   TEXT,
+    client_id TEXT REFERENCES oidc_clients,
+    PRIMARY KEY (user_id, client_id)
+);
+
+CREATE TABLE webauthn_credentials
+(
+    id               TEXT NOT NULL PRIMARY KEY,
+    created_at       DATETIME,
+    name             TEXT NOT NULL,
+    credential_id    TEXT NOT NULL UNIQUE,
+    public_key       BLOB NOT NULL,
+    attestation_type TEXT NOT NULL,
+    transport        BLOB NOT NULL,
+    user_id          TEXT REFERENCES users
+);
+
+CREATE TABLE webauthn_sessions
+(
+    id                TEXT     NOT NULL PRIMARY KEY,
+    created_at        DATETIME,
+    challenge         TEXT     NOT NULL UNIQUE,
+    expires_at           DATETIME NOT NULL,
+    user_verification TEXT     NOT NULL
+);
+
+CREATE TABLE application_configuration_variables
+(
+    key         TEXT                  NOT NULL PRIMARY KEY,
+    value       TEXT                  NOT NULL,
+    type        TEXT                  NOT NULL,
+    is_public   NUMERIC DEFAULT FALSE NOT NULL,
+    is_internal NUMERIC DEFAULT FALSE NOT NULL
+);

backend/resources/migrations/sqlite/20240813211251_passkey_backup_flags..up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE webauthn_credentials ADD COLUMN backup_eligible BOOLEAN NOT NULL DEFAULT FALSE;
+ALTER TABLE webauthn_credentials ADD COLUMN backup_state BOOLEAN NOT NULL DEFAULT FALSE;

backend/resources/migrations/sqlite/20240813211251_passkey_backup_flags.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE webauthn_credentials DROP COLUMN backup_eligible;
+ALTER TABLE webauthn_credentials DROP COLUMN backup_state;

backend/resources/migrations/sqlite/20240817191051_rename_config_table.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE app_config_variables
+    RENAME TO application_configuration_variables;

backend/resources/migrations/sqlite/20240817191051_rename_config_table.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE application_configuration_variables
+    RENAME TO app_config_variables;

backend/resources/migrations/sqlite/20240820205521_multiple_callback_urls.down.sql

@@ -0,0 +1,23 @@
+create table oidc_clients
+(
+    id            TEXT not null primary key,
+    created_at    DATETIME,
+    name          TEXT,
+    secret        TEXT,
+    callback_url  TEXT,
+    image_type    TEXT,
+    created_by_id TEXT
+        references users
+);
+
+insert into oidc_clients(id, created_at, name, secret, callback_url, image_type, created_by_id)
+select id,
+       created_at,
+       name,
+       secret,
+       json_extract(callback_urls, '$[0]'),
+       image_type,
+       created_by_id
+from oidc_clients_dg_tmp;
+
+drop table oidc_clients_dg_tmp;

backend/resources/migrations/sqlite/20240820205521_multiple_callback_urls.up.sql

@@ -0,0 +1,26 @@
+create table oidc_clients_dg_tmp
+(
+    id            TEXT not null primary key,
+    created_at    DATETIME,
+    name          TEXT,
+    secret        TEXT,
+    callback_urls BLOB,
+    image_type    TEXT,
+    created_by_id TEXT
+        references users
+);
+
+insert into oidc_clients_dg_tmp(id, created_at, name, secret, callback_urls, image_type, created_by_id)
+select id,
+       created_at,
+       name,
+       secret,
+       CAST('["' || callback_url || '"]' AS BLOB),
+       image_type,
+       created_by_id
+from oidc_clients;
+
+drop table oidc_clients;
+
+alter table oidc_clients_dg_tmp
+    rename to oidc_clients;

backend/resources/migrations/sqlite/20240908123031_audit_log.down.sql

@@ -0,0 +1 @@
+DROP TABLE audit_logs;

backend/resources/migrations/sqlite/20240908123031_audit_log.up.sql

@@ -0,0 +1,10 @@
+CREATE TABLE audit_logs
+(
+    id               TEXT NOT NULL PRIMARY KEY,
+    created_at       DATETIME,
+    event            TEXT NOT NULL,
+    ip_address       TEXT NOT NULL,
+    user_agent       TEXT NOT NULL,
+    data             BLOB NOT NULL,
+    user_id          TEXT REFERENCES users
+);

backend/resources/migrations/sqlite/20240924202721_user_groups.down.sql

@@ -0,0 +1,2 @@
+DROP TABLE user_groups;
+DROP TABLE user_groups_users;

backend/resources/migrations/sqlite/20240924202721_user_groups.up.sql

@@ -0,0 +1,16 @@
+CREATE TABLE user_groups
+(
+    id           TEXT NOT NULL PRIMARY KEY,
+    created_at   DATETIME,
+    friendly_name TEXT NOT NULL,
+    name        TEXT NOT NULL UNIQUE
+);
+
+CREATE TABLE user_groups_users
+(
+    user_id  TEXT NOT NULL,
+    user_group_id TEXT NOT NULL,
+    PRIMARY KEY (user_id, user_group_id),
+    FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
+    FOREIGN KEY (user_group_id) REFERENCES user_groups (id) ON DELETE CASCADE
+);

backend/resources/migrations/sqlite/20241004092030_audit_log_location.down.sql

@@ -0,0 +1,2 @@
+ALTER TABLE audit_logs DROP COLUMN country;
+ALTER TABLE audit_logs DROP COLUMN city;

backend/resources/migrations/sqlite/20241004092030_audit_log_location.up.sql

@@ -0,0 +1,2 @@
+ALTER TABLE audit_logs ADD COLUMN country TEXT;
+ALTER TABLE audit_logs ADD COLUMN city TEXT;

backend/resources/migrations/sqlite/20241023072742_unix-timestamps.down.sql

@@ -0,0 +1,28 @@
+-- Convert the Unix timestamps back to DATETIME format
+
+UPDATE user_groups
+SET created_at = datetime(created_at, 'unixepoch');
+
+UPDATE users
+SET created_at = datetime(created_at, 'unixepoch');
+
+UPDATE audit_logs
+SET created_at = datetime(created_at, 'unixepoch');
+
+UPDATE oidc_authorization_codes
+SET created_at = datetime(created_at, 'unixepoch'),
+    expires_at = datetime(expires_at, 'unixepoch');
+
+UPDATE oidc_clients
+SET created_at = datetime(created_at, 'unixepoch');
+
+UPDATE one_time_access_tokens
+SET created_at = datetime(created_at, 'unixepoch'),
+    expires_at = datetime(expires_at, 'unixepoch');
+
+UPDATE webauthn_credentials
+SET created_at = datetime(created_at, 'unixepoch');
+
+UPDATE webauthn_sessions
+SET created_at = datetime(created_at, 'unixepoch'),
+    expires_at = datetime(expires_at, 'unixepoch');

backend/resources/migrations/sqlite/20241023072742_unix-timestamps.up.sql

@@ -0,0 +1,27 @@
+-- Convert the DATETIME fields to Unix timestamps (in seconds)
+UPDATE user_groups
+SET created_at = strftime('%s', created_at);
+
+UPDATE users
+SET created_at = strftime('%s', created_at);
+
+UPDATE audit_logs
+SET created_at = strftime('%s', created_at);
+
+UPDATE oidc_authorization_codes
+SET created_at = strftime('%s', created_at),
+    expires_at = strftime('%s', expires_at);
+
+UPDATE oidc_clients
+SET created_at = strftime('%s', created_at);
+
+UPDATE one_time_access_tokens
+SET created_at = strftime('%s', created_at),
+    expires_at = strftime('%s', expires_at);
+
+UPDATE webauthn_credentials
+SET created_at = strftime('%s', created_at);
+
+UPDATE webauthn_sessions
+SET created_at = strftime('%s', created_at),
+    expires_at = strftime('%s', expires_at);

backend/resources/migrations/sqlite/20241025214824_app_config_default_value.down.sql

@@ -0,0 +1 @@
+ALTER TABLE app_config_variables DROP COLUMN default_value;

backend/resources/migrations/sqlite/20241025214824_app_config_default_value.up.sql

@@ -0,0 +1 @@
+ALTER TABLE app_config_variables ADD COLUMN default_value TEXT;

backend/resources/migrations/sqlite/20241028064959_custom_claims.down.sql

@@ -0,0 +1 @@
+DROP TABLE custom_claims;

backend/resources/migrations/sqlite/20241028064959_custom_claims.up.sql

@@ -0,0 +1,15 @@
+CREATE TABLE custom_claims
+(
+    id            TEXT NOT NULL PRIMARY KEY,
+    created_at    DATETIME,
+    key           TEXT NOT NULL,
+    value         TEXT NOT NULL,
+
+    user_id       TEXT,
+    user_group_id TEXT,
+    FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE,
+    FOREIGN KEY (user_group_id) REFERENCES user_groups (id) ON DELETE CASCADE,
+
+    CONSTRAINT custom_claims_unique UNIQUE (key, user_id, user_group_id),
+    CHECK (user_id IS NOT NULL OR user_group_id IS NOT NULL)
+);

backend/resources/migrations/sqlite/20241115131129_pkce.down.sql

@@ -0,0 +1,3 @@
+ALTER TABLE oidc_authorization_codes DROP COLUMN code_challenge;
+ALTER TABLE oidc_authorization_codes DROP COLUMN code_challenge_method_sha256;
+ALTER TABLE oidc_clients DROP COLUMN is_public;

backend/resources/migrations/sqlite/20241115131129_pkce.up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE oidc_authorization_codes ADD COLUMN code_challenge TEXT;
+ALTER TABLE oidc_authorization_codes ADD COLUMN code_challenge_method_sha256 NUMERIC;
+ALTER TABLE oidc_clients ADD COLUMN is_public BOOLEAN DEFAULT FALSE;