zitadel/internal/query/user_personal_access_token.go

package query

import (
	"context"
	"database/sql"
	errs "errors"
	"time"

	sq "github.com/Masterminds/squirrel"
	"github.com/lib/pq"

	"github.com/zitadel/zitadel/internal/api/authz"

	"github.com/zitadel/zitadel/internal/query/projection"

	"github.com/zitadel/zitadel/internal/errors"
)

var (
	personalAccessTokensTable = table{
		name: projection.PersonalAccessTokenProjectionTable,
	}
	PersonalAccessTokenColumnID = Column{
		name:  projection.PersonalAccessTokenColumnID,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnUserID = Column{
		name:  projection.PersonalAccessTokenColumnUserID,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnExpiration = Column{
		name:  projection.PersonalAccessTokenColumnExpiration,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnScopes = Column{
		name:  projection.PersonalAccessTokenColumnScopes,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnCreationDate = Column{
		name:  projection.PersonalAccessTokenColumnCreationDate,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnChangeDate = Column{
		name:  projection.PersonalAccessTokenColumnChangeDate,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnResourceOwner = Column{
		name:  projection.PersonalAccessTokenColumnResourceOwner,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnInstanceID = Column{
		name:  projection.PersonalAccessTokenColumnInstanceID,
		table: personalAccessTokensTable,
	}
	PersonalAccessTokenColumnSequence = Column{
		name:  projection.PersonalAccessTokenColumnSequence,
		table: personalAccessTokensTable,
	}
)

type PersonalAccessTokens struct {
	SearchResponse
	PersonalAccessTokens []*PersonalAccessToken
}

type PersonalAccessToken struct {
	ID            string
	CreationDate  time.Time
	ChangeDate    time.Time
	ResourceOwner string
	Sequence      uint64

	UserID     string
	Expiration time.Time
	Scopes     []string
}

type PersonalAccessTokenSearchQueries struct {
	SearchRequest
	Queries []SearchQuery
}

func (q *Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk bool, id string, queries ...SearchQuery) (*PersonalAccessToken, error) {
	if shouldTriggerBulk {
		projection.PersonalAccessTokenProjection.TriggerBulk(ctx)
	}

	query, scan := preparePersonalAccessTokenQuery()
	for _, q := range queries {
		query = q.toQuery(query)
	}
	stmt, args, err := query.Where(sq.Eq{
		PersonalAccessTokenColumnID.identifier():         id,
		PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
	}).ToSql()
	if err != nil {
		return nil, errors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment")
	}

	row := q.client.QueryRowContext(ctx, stmt, args...)
	return scan(row)
}

func (q *Queries) SearchPersonalAccessTokens(ctx context.Context, queries *PersonalAccessTokenSearchQueries) (personalAccessTokens *PersonalAccessTokens, err error) {
	query, scan := preparePersonalAccessTokensQuery()
	stmt, args, err := queries.toQuery(query).
		Where(sq.Eq{
			PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
		}).ToSql()
	if err != nil {
		return nil, errors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest")
	}

	rows, err := q.client.QueryContext(ctx, stmt, args...)
	if err != nil {
		return nil, errors.ThrowInternal(err, "QUERY-Bmz63", "Errors.Internal")
	}
	personalAccessTokens, err = scan(rows)
	if err != nil {
		return nil, err
	}
	personalAccessTokens.LatestSequence, err = q.latestSequence(ctx, personalAccessTokensTable)
	return personalAccessTokens, err
}

func NewPersonalAccessTokenResourceOwnerSearchQuery(value string) (SearchQuery, error) {
	return NewTextQuery(PersonalAccessTokenColumnResourceOwner, value, TextEquals)
}

func NewPersonalAccessTokenUserIDSearchQuery(value string) (SearchQuery, error) {
	return NewTextQuery(PersonalAccessTokenColumnUserID, value, TextEquals)
}

func (r *PersonalAccessTokenSearchQueries) AppendMyResourceOwnerQuery(orgID string) error {
	query, err := NewPersonalAccessTokenResourceOwnerSearchQuery(orgID)
	if err != nil {
		return err
	}
	r.Queries = append(r.Queries, query)
	return nil
}

func (q *PersonalAccessTokenSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
	query = q.SearchRequest.toQuery(query)
	for _, q := range q.Queries {
		query = q.toQuery(query)
	}
	return query
}

func preparePersonalAccessTokenQuery() (sq.SelectBuilder, func(*sql.Row) (*PersonalAccessToken, error)) {
	return sq.Select(
			PersonalAccessTokenColumnID.identifier(),
			PersonalAccessTokenColumnCreationDate.identifier(),
			PersonalAccessTokenColumnChangeDate.identifier(),
			PersonalAccessTokenColumnResourceOwner.identifier(),
			PersonalAccessTokenColumnSequence.identifier(),
			PersonalAccessTokenColumnUserID.identifier(),
			PersonalAccessTokenColumnExpiration.identifier(),
			PersonalAccessTokenColumnScopes.identifier()).
			From(personalAccessTokensTable.identifier()).PlaceholderFormat(sq.Dollar),
		func(row *sql.Row) (*PersonalAccessToken, error) {
			p := new(PersonalAccessToken)
			scopes := pq.StringArray{}
			err := row.Scan(
				&p.ID,
				&p.CreationDate,
				&p.ChangeDate,
				&p.ResourceOwner,
				&p.Sequence,
				&p.UserID,
				&p.Expiration,
				&scopes,
			)
			p.Scopes = scopes
			if err != nil {
				if errs.Is(err, sql.ErrNoRows) {
					return nil, errors.ThrowNotFound(err, "QUERY-fk2fs", "Errors.PersonalAccessToken.NotFound")
				}
				return nil, errors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal")
			}
			return p, nil
		}
}

func preparePersonalAccessTokensQuery() (sq.SelectBuilder, func(*sql.Rows) (*PersonalAccessTokens, error)) {
	return sq.Select(
			PersonalAccessTokenColumnID.identifier(),
			PersonalAccessTokenColumnCreationDate.identifier(),
			PersonalAccessTokenColumnChangeDate.identifier(),
			PersonalAccessTokenColumnResourceOwner.identifier(),
			PersonalAccessTokenColumnSequence.identifier(),
			PersonalAccessTokenColumnUserID.identifier(),
			PersonalAccessTokenColumnExpiration.identifier(),
			PersonalAccessTokenColumnScopes.identifier(),
			countColumn.identifier()).
			From(personalAccessTokensTable.identifier()).PlaceholderFormat(sq.Dollar),
		func(rows *sql.Rows) (*PersonalAccessTokens, error) {
			personalAccessTokens := make([]*PersonalAccessToken, 0)
			var count uint64
			for rows.Next() {
				token := new(PersonalAccessToken)
				scopes := pq.StringArray{}
				err := rows.Scan(
					&token.ID,
					&token.CreationDate,
					&token.ChangeDate,
					&token.ResourceOwner,
					&token.Sequence,
					&token.UserID,
					&token.Expiration,
					&scopes,
					&count,
				)
				if err != nil {
					return nil, err
				}
				token.Scopes = scopes
				personalAccessTokens = append(personalAccessTokens, token)
			}

			if err := rows.Close(); err != nil {
				return nil, errors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows")
			}

			return &PersonalAccessTokens{
				PersonalAccessTokens: personalAccessTokens,
				SearchResponse: SearchResponse{
					Count: count,
				},
			}, nil
		}
}
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`package query`

			`import (`
			`"context"`
			`"database/sql"`
			`errs "errors"`
			`"time"`

			`sq "github.com/Masterminds/squirrel"`
			`"github.com/lib/pq"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/api/authz"`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/query/projection"`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/errors"`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`)`

			`var (`
			`personalAccessTokensTable = table{`
			`name: projection.PersonalAccessTokenProjectionTable,`
			`}`
			`PersonalAccessTokenColumnID = Column{`
			`name: projection.PersonalAccessTokenColumnID,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnUserID = Column{`
			`name: projection.PersonalAccessTokenColumnUserID,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnExpiration = Column{`
			`name: projection.PersonalAccessTokenColumnExpiration,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnScopes = Column{`
			`name: projection.PersonalAccessTokenColumnScopes,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnCreationDate = Column{`
			`name: projection.PersonalAccessTokenColumnCreationDate,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnChangeDate = Column{`
			`name: projection.PersonalAccessTokenColumnChangeDate,`
			`table: personalAccessTokensTable,`
			`}`
			`PersonalAccessTokenColumnResourceOwner = Column{`
			`name: projection.PersonalAccessTokenColumnResourceOwner,`
			`table: personalAccessTokensTable,`
			`}`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00			`PersonalAccessTokenColumnInstanceID = Column{`
			`name: projection.PersonalAccessTokenColumnInstanceID,`
			`table: personalAccessTokensTable,`
			`}`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`PersonalAccessTokenColumnSequence = Column{`
			`name: projection.PersonalAccessTokenColumnSequence,`
			`table: personalAccessTokensTable,`
			`}`
			`)`

			`type PersonalAccessTokens struct {`
			`SearchResponse`
			`PersonalAccessTokens []*PersonalAccessToken`
			`}`

			`type PersonalAccessToken struct {`
			`ID string`
			`CreationDate time.Time`
			`ChangeDate time.Time`
			`ResourceOwner string`
			`Sequence uint64`

			`UserID string`
			`Expiration time.Time`
			`Scopes []string`
			`}`

			`type PersonalAccessTokenSearchQueries struct {`
			`SearchRequest`
			`Queries []SearchQuery`
			`}`

fix(query): realtime data on defined requests (#3726) * feat: directly specify factors on addCustomLoginPolicy and return on LoginPolicy responses * fix proto * update login policy * feat: directly specify idp on addCustomLoginPolicy and return on LoginPolicy responses * fix: tests * fix(projection): trigger bulk * refactor: clean projection pkg * instance should bulk * fix(query): should trigger bulk on id calls * tests * build prerelease * fix: add shouldTriggerBulk * fix: test Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Max Peintner <max@caos.ch> 2022-06-14 05:51:00 +00:00			`func (q Queries) PersonalAccessTokenByID(ctx context.Context, shouldTriggerBulk bool, id string, queries ...SearchQuery) (PersonalAccessToken, error) {`
			`if shouldTriggerBulk {`
			`projection.PersonalAccessTokenProjection.TriggerBulk(ctx)`
			`}`

feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`query, scan := preparePersonalAccessTokenQuery()`
			`for _, q := range queries {`
			`query = q.toQuery(query)`
			`}`
			`stmt, args, err := query.Where(sq.Eq{`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00			`PersonalAccessTokenColumnID.identifier(): id,`
feat: handle instance from context (#3382) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-29 09:53:19 +00:00			`PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`}).ToSql()`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "QUERY-Dgfb4", "Errors.Query.SQLStatment")`
			`}`

			`row := q.client.QueryRowContext(ctx, stmt, args...)`
			`return scan(row)`
			`}`

			`func (q Queries) SearchPersonalAccessTokens(ctx context.Context, queries PersonalAccessTokenSearchQueries) (personalAccessTokens *PersonalAccessTokens, err error) {`
			`query, scan := preparePersonalAccessTokensQuery()`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00			`stmt, args, err := queries.toQuery(query).`
			`Where(sq.Eq{`
feat: handle instance from context (#3382) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * fix tokens view * fix steps.yaml and defaults.yaml * fix projections * change instance context to interface * instance interceptors and additional events in setup * cleanup * tests for interceptors * fix label policy * add todo * single api endpoint in environment.json Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-29 09:53:19 +00:00			`PersonalAccessTokenColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),`
feat: projections auto create their tables (#3324) * begin init checks for projections * first projection checks * debug notification providers with query fixes * more projections and first index * more projections * more projections * finish projections * fix tests (remove db name) * create tables in setup * fix logging / error handling * add tenant to views * rename tenant to instance_id * add instance_id to all projections * add instance_id to all queries * correct instance_id on projections * add instance_id to failed_events * use separate context for instance * implement features projection * implement features projection * remove unique constraint from setup when migration failed * add error to failed setup event * add instance_id to primary keys * fix IAM projection * remove old migrations folder * fix keysFromYAML test 2022-03-23 08:02:39 +00:00			`}).ToSql()`
feat: add personal access tokens for service users (#2974) * feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2022-02-08 08:37:28 +00:00			`if err != nil {`
			`return nil, errors.ThrowInvalidArgument(err, "QUERY-Hjw2w", "Errors.Query.InvalidRequest")`
			`}`

			`rows, err := q.client.QueryContext(ctx, stmt, args...)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "QUERY-Bmz63", "Errors.Internal")`
			`}`
			`personalAccessTokens, err = scan(rows)`
			`if err != nil {`
			`return nil, err`
			`}`
			`personalAccessTokens.LatestSequence, err = q.latestSequence(ctx, personalAccessTokensTable)`
			`return personalAccessTokens, err`
			`}`

			`func NewPersonalAccessTokenResourceOwnerSearchQuery(value string) (SearchQuery, error) {`
			`return NewTextQuery(PersonalAccessTokenColumnResourceOwner, value, TextEquals)`
			`}`

			`func NewPersonalAccessTokenUserIDSearchQuery(value string) (SearchQuery, error) {`
			`return NewTextQuery(PersonalAccessTokenColumnUserID, value, TextEquals)`
			`}`

			`func (r *PersonalAccessTokenSearchQueries) AppendMyResourceOwnerQuery(orgID string) error {`
			`query, err := NewPersonalAccessTokenResourceOwnerSearchQuery(orgID)`
			`if err != nil {`
			`return err`
			`}`
			`r.Queries = append(r.Queries, query)`
			`return nil`
			`}`

			`func (q *PersonalAccessTokenSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {`
			`query = q.SearchRequest.toQuery(query)`
			`for _, q := range q.Queries {`
			`query = q.toQuery(query)`
			`}`
			`return query`
			`}`

			`func preparePersonalAccessTokenQuery() (sq.SelectBuilder, func(sql.Row) (PersonalAccessToken, error)) {`
			`return sq.Select(`
			`PersonalAccessTokenColumnID.identifier(),`
			`PersonalAccessTokenColumnCreationDate.identifier(),`
			`PersonalAccessTokenColumnChangeDate.identifier(),`
			`PersonalAccessTokenColumnResourceOwner.identifier(),`
			`PersonalAccessTokenColumnSequence.identifier(),`
			`PersonalAccessTokenColumnUserID.identifier(),`
			`PersonalAccessTokenColumnExpiration.identifier(),`
			`PersonalAccessTokenColumnScopes.identifier()).`
			`From(personalAccessTokensTable.identifier()).PlaceholderFormat(sq.Dollar),`
			`func(row sql.Row) (PersonalAccessToken, error) {`
			`p := new(PersonalAccessToken)`
			`scopes := pq.StringArray{}`
			`err := row.Scan(`
			`&p.ID,`
			`&p.CreationDate,`
			`&p.ChangeDate,`
			`&p.ResourceOwner,`
			`&p.Sequence,`
			`&p.UserID,`
			`&p.Expiration,`
			`&scopes,`
			`)`
			`p.Scopes = scopes`
			`if err != nil {`
			`if errs.Is(err, sql.ErrNoRows) {`
			`return nil, errors.ThrowNotFound(err, "QUERY-fk2fs", "Errors.PersonalAccessToken.NotFound")`
			`}`
			`return nil, errors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal")`
			`}`
			`return p, nil`
			`}`
			`}`

			`func preparePersonalAccessTokensQuery() (sq.SelectBuilder, func(sql.Rows) (PersonalAccessTokens, error)) {`
			`return sq.Select(`
			`PersonalAccessTokenColumnID.identifier(),`
			`PersonalAccessTokenColumnCreationDate.identifier(),`
			`PersonalAccessTokenColumnChangeDate.identifier(),`
			`PersonalAccessTokenColumnResourceOwner.identifier(),`
			`PersonalAccessTokenColumnSequence.identifier(),`
			`PersonalAccessTokenColumnUserID.identifier(),`
			`PersonalAccessTokenColumnExpiration.identifier(),`
			`PersonalAccessTokenColumnScopes.identifier(),`
			`countColumn.identifier()).`
			`From(personalAccessTokensTable.identifier()).PlaceholderFormat(sq.Dollar),`
			`func(rows sql.Rows) (PersonalAccessTokens, error) {`
			`personalAccessTokens := make([]*PersonalAccessToken, 0)`
			`var count uint64`
			`for rows.Next() {`
			`token := new(PersonalAccessToken)`
			`scopes := pq.StringArray{}`
			`err := rows.Scan(`
			`&token.ID,`
			`&token.CreationDate,`
			`&token.ChangeDate,`
			`&token.ResourceOwner,`
			`&token.Sequence,`
			`&token.UserID,`
			`&token.Expiration,`
			`&scopes,`
			`&count,`
			`)`
			`if err != nil {`
			`return nil, err`
			`}`
			`token.Scopes = scopes`
			`personalAccessTokens = append(personalAccessTokens, token)`
			`}`

			`if err := rows.Close(); err != nil {`
			`return nil, errors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows")`
			`}`

			`return &PersonalAccessTokens{`
			`PersonalAccessTokens: personalAccessTokens,`
			`SearchResponse: SearchResponse{`
			`Count: count,`
			`},`
			`}, nil`
			`}`
			`}`