-- name: GetAllPasswordTokensForUser :many
-- GetAllPasswordTokensForUser retrieves all password tokens without checking expiration.
SELECT * FROM password_tokens
WHERE password_token_user = ?;

-- name: GetValidPasswordToken :one
-- GetValidPasswordToken returns only valid password tokens for the provided
-- user, and only if the created_at time is greater than the provided time.
SELECT * FROM password_tokens
WHERE
    id = ?
    AND password_token_user = ?
    AND datetime(created_at) > datetime(?)
LIMIT 1;

-- name: CreatePasswordToken :one
INSERT INTO password_tokens (
    hash, password_token_user
) VALUES (
    ?, ?
) RETURNING *;

-- name: UpdatePasswordTokenCreatedAt :exec
UPDATE password_tokens
SET created_at = ?
WHERE id = ?;

-- name: DeletePasswordTokens :exec
DELETE FROM password_tokens
WHERE password_token_user = ?;