Auth Service Data Models
User
Represents a registered user. Maps to the users table.
| Field | Type | DB Column | Description |
|---|---|---|---|
id | Integer | id | Primary Key |
email | String(128) | email | Unique email address (required, indexed) |
name | String(128) | name | User's display name |
phone | String(128) | phone | Phone number |
login | String(128) | login | Alternative login identifier |
hashedpassword | String(128) | hashedpassword | Bcrypt hash of password |
readonly | Boolean | readonly | User has read-only access |
administrator | Boolean | administrator | Admin privileges |
map | String(128) | map | Preferred map layer |
latitude | Float | latitude | Default map center latitude |
longitude | Float | longitude | Default map center longitude |
zoom | Integer | zoom | Default map zoom level |
totpkey | String(128) | totpkey | TOTP secret key for 2FA |
_disabled | Integer | disabled | 0 = Active, 1 = Disabled |
expirationtime | DateTime | expirationtime | Account expiration time |
devicelimit | Integer | devicelimit | Max devices (-1 = unlimited) |
userlimit | Integer | userlimit | Max sub-users |
devicereadonly | Boolean | devicereadonly | Devices are read-only |
limitcommands | Boolean | limitcommands | Commands are limited |
fixedemail | Boolean | fixedemail | Email cannot be changed |
attributes | String(4000) | attributes | JSON metadata |
email_verified | Boolean | email_verified | Is email verified? |
verification_token | String(128) | verification_token | Token for email verification (indexed) |
verification_token_expires | DateTime | verification_token_expires | Token expiration time |
two_factor_type | String(20) | two_factor_type | 'none', 'totp', or 'email' |
backup_codes | String(4000) | backup_codes | JSON list of hashed backup codes |
Computed Properties
| Property | Type | Description |
|---|---|---|
disabled | Boolean | Derived from _disabled column |
is_active | Boolean | True if not disabled AND not expired |
has_totp | Boolean | True if totpkey is set |
Methods
| Method | Returns | Description |
|---|---|---|
get_attributes() | dict | Parses attributes JSON, returns {} on error |
to_dict() | dict | Returns user data safe for API responses |
to_dict() Output
{
"id": 1,
"email": "user@example.com",
"name": "John Doe",
"phone": "+1234567890",
"administrator": false,
"disabled": false,
"readonly": false,
"deviceReadonly": false,
"limitCommands": false,
"expirationTime": "2025-12-31T23:59:59+00:00",
"attributes": {}
}
Keystore
Stores the RSA key pair for signing JWTs. Maps to the keystore table.
| Field | Type | Description |
|---|---|---|
id | Integer | Primary Key |
publickey | Bytes | RSA Public Key (PEM format) |
privatekey | Bytes | RSA Private Key (PEM format) |
Note: There should be exactly one row in this table. The keys are used for RS256 JWT signing and verification.