1
0
Fork 0
mirror of https://github.com/binwiederhier/ntfy.git synced 2024-11-05 03:14:16 +01:00
ntfy/user/manager.go

1372 lines
47 KiB
Go
Raw Normal View History

2023-02-09 21:24:12 +01:00
// Package user deals with authentication and authorization against topics
package user
2022-01-23 06:02:16 +01:00
2022-01-31 17:44:58 +01:00
import (
2022-12-26 04:29:55 +01:00
"database/sql"
"encoding/json"
2022-01-31 17:44:58 +01:00
"errors"
2022-12-26 04:29:55 +01:00
"fmt"
_ "github.com/mattn/go-sqlite3" // SQLite driver
2023-01-16 05:29:46 +01:00
"github.com/stripe/stripe-go/v74"
2022-12-26 04:29:55 +01:00
"golang.org/x/crypto/bcrypt"
"heckel.io/ntfy/log"
"heckel.io/ntfy/util"
2023-01-29 02:29:06 +01:00
"net/netip"
2022-12-26 04:29:55 +01:00
"strings"
"sync"
"time"
2022-01-31 17:44:58 +01:00
)
2022-01-23 06:02:16 +01:00
2022-12-26 04:29:55 +01:00
const (
tierIDPrefix = "ti_"
tierIDLength = 8
syncTopicPrefix = "st_"
syncTopicLength = 16
userIDPrefix = "u_"
userIDLength = 12
2023-01-28 15:03:14 +01:00
userAuthIntentionalSlowDownHash = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match DefaultUserPasswordBcryptCost
2023-01-23 04:21:30 +01:00
userHardDeleteAfterDuration = 7 * 24 * time.Hour
tokenPrefix = "tk_"
tokenLength = 32
2023-01-30 03:42:40 +01:00
tokenMaxCount = 20 // Only keep this many tokens in the table per user
2023-02-09 21:24:12 +01:00
tag = "user_manager"
2022-12-26 04:29:55 +01:00
)
2023-01-29 02:43:06 +01:00
// Default constants that may be overridden by configs
2023-01-28 15:03:14 +01:00
const (
DefaultUserStatsQueueWriterInterval = 33 * time.Second
DefaultUserPasswordBcryptCost = 10
)
2022-12-31 16:16:14 +01:00
var (
2023-01-01 21:21:43 +01:00
errNoTokenProvided = errors.New("no token provided")
errTopicOwnedByOthers = errors.New("topic owned by others")
2023-01-06 02:22:34 +01:00
errNoRows = errors.New("no rows found")
2022-12-31 16:16:14 +01:00
)
2022-12-26 04:29:55 +01:00
// Manager-related queries
const (
2022-12-29 19:08:47 +01:00
createTablesQueriesNoTx = `
CREATE TABLE IF NOT EXISTS tier (
2023-02-09 21:24:12 +01:00
id TEXT PRIMARY KEY,
2022-12-26 04:29:55 +01:00
code TEXT NOT NULL,
2023-01-09 21:40:46 +01:00
name TEXT NOT NULL,
2022-12-26 04:29:55 +01:00
messages_limit INT NOT NULL,
messages_expiry_duration INT NOT NULL,
2022-12-26 04:29:55 +01:00
emails_limit INT NOT NULL,
reservations_limit INT NOT NULL,
2022-12-26 04:29:55 +01:00
attachment_file_size_limit INT NOT NULL,
attachment_total_size_limit INT NOT NULL,
2023-01-14 12:43:44 +01:00
attachment_expiry_duration INT NOT NULL,
attachment_bandwidth_limit INT NOT NULL,
2023-01-14 12:43:44 +01:00
stripe_price_id TEXT
2022-12-26 04:29:55 +01:00
);
2023-01-14 12:43:44 +01:00
CREATE UNIQUE INDEX idx_tier_code ON tier (code);
CREATE UNIQUE INDEX idx_tier_price_id ON tier (stripe_price_id);
2022-12-26 04:29:55 +01:00
CREATE TABLE IF NOT EXISTS user (
id TEXT PRIMARY KEY,
2023-01-23 04:21:30 +01:00
tier_id TEXT,
2022-12-26 04:29:55 +01:00
user TEXT NOT NULL,
pass TEXT NOT NULL,
2023-01-10 03:53:21 +01:00
role TEXT CHECK (role IN ('anonymous', 'admin', 'user')) NOT NULL,
prefs JSON NOT NULL DEFAULT '{}',
sync_topic TEXT NOT NULL,
stats_messages INT NOT NULL DEFAULT (0),
stats_emails INT NOT NULL DEFAULT (0),
2023-01-14 12:43:44 +01:00
stripe_customer_id TEXT,
2023-01-16 05:29:46 +01:00
stripe_subscription_id TEXT,
stripe_subscription_status TEXT,
2023-01-16 16:35:12 +01:00
stripe_subscription_paid_until INT,
stripe_subscription_cancel_at INT,
2023-01-23 04:21:30 +01:00
created INT NOT NULL,
deleted INT,
FOREIGN KEY (tier_id) REFERENCES tier (id)
2022-12-26 04:29:55 +01:00
);
CREATE UNIQUE INDEX idx_user ON user (user);
2023-01-14 12:43:44 +01:00
CREATE UNIQUE INDEX idx_user_stripe_customer_id ON user (stripe_customer_id);
CREATE UNIQUE INDEX idx_user_stripe_subscription_id ON user (stripe_subscription_id);
2022-12-26 04:29:55 +01:00
CREATE TABLE IF NOT EXISTS user_access (
user_id TEXT NOT NULL,
2022-12-26 04:29:55 +01:00
topic TEXT NOT NULL,
read INT NOT NULL,
write INT NOT NULL,
2023-02-09 21:24:12 +01:00
owner_user_id INT,
2022-12-26 04:29:55 +01:00
PRIMARY KEY (user_id, topic),
2023-01-05 21:20:44 +01:00
FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
2023-01-01 21:21:43 +01:00
);
2022-12-26 04:29:55 +01:00
CREATE TABLE IF NOT EXISTS user_token (
user_id TEXT NOT NULL,
2022-12-26 04:29:55 +01:00
token TEXT NOT NULL,
2023-01-28 05:10:59 +01:00
label TEXT NOT NULL,
2023-01-29 02:29:06 +01:00
last_access INT NOT NULL,
last_origin TEXT NOT NULL,
2022-12-26 04:29:55 +01:00
expires INT NOT NULL,
PRIMARY KEY (user_id, token),
FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
);
CREATE TABLE IF NOT EXISTS schemaVersion (
id INT PRIMARY KEY,
version INT NOT NULL
);
2023-01-23 04:21:30 +01:00
INSERT INTO user (id, user, pass, role, sync_topic, created)
2023-02-09 21:24:12 +01:00
VALUES ('` + everyoneID + `', '*', '', 'anonymous', '', UNIXEPOCH())
2023-01-10 03:53:21 +01:00
ON CONFLICT (id) DO NOTHING;
2022-12-26 04:29:55 +01:00
`
2022-12-29 19:08:47 +01:00
createTablesQueries = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
2023-01-05 21:20:44 +01:00
builtinStartupQueries = `
PRAGMA foreign_keys = ON;
`
selectUserByIDQuery = `
SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_price_id
FROM user u
LEFT JOIN tier t on t.id = u.tier_id
2023-02-09 21:24:12 +01:00
WHERE u.id = ?
`
2022-12-26 04:29:55 +01:00
selectUserByNameQuery = `
SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_price_id
2022-12-26 04:29:55 +01:00
FROM user u
2023-01-17 16:09:37 +01:00
LEFT JOIN tier t on t.id = u.tier_id
2023-01-23 04:21:30 +01:00
WHERE user = ?
2022-12-26 04:29:55 +01:00
`
selectUserByTokenQuery = `
SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_price_id
2022-12-26 04:29:55 +01:00
FROM user u
2023-01-29 02:29:06 +01:00
JOIN user_token tk on u.id = tk.user_id
2023-01-17 16:09:37 +01:00
LEFT JOIN tier t on t.id = u.tier_id
2023-01-29 02:29:06 +01:00
WHERE tk.token = ? AND (tk.expires = 0 OR tk.expires >= ?)
2022-12-26 04:29:55 +01:00
`
2023-01-14 12:43:44 +01:00
selectUserByStripeCustomerIDQuery = `
SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_price_id
2023-01-14 12:43:44 +01:00
FROM user u
2023-01-17 16:09:37 +01:00
LEFT JOIN tier t on t.id = u.tier_id
2023-01-14 12:43:44 +01:00
WHERE u.stripe_customer_id = ?
`
2022-12-26 04:29:55 +01:00
selectTopicPermsQuery = `
SELECT read, write
FROM user_access a
JOIN user u ON u.id = a.user_id
2023-01-03 02:08:37 +01:00
WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic
ORDER BY u.user DESC
2022-12-26 04:29:55 +01:00
`
2022-01-26 04:30:53 +01:00
2023-01-10 03:53:21 +01:00
insertUserQuery = `
2023-02-09 21:24:12 +01:00
INSERT INTO user (id, user, pass, role, sync_topic, created)
2023-01-23 04:21:30 +01:00
VALUES (?, ?, ?, ?, ?, ?)
2023-01-10 03:53:21 +01:00
`
2022-12-28 19:28:28 +01:00
selectUsernamesQuery = `
2023-02-09 21:24:12 +01:00
SELECT user
FROM user
2022-12-28 19:28:28 +01:00
ORDER BY
CASE role
WHEN 'admin' THEN 1
WHEN 'anonymous' THEN 3
ELSE 2
END, user
`
2023-01-11 04:51:51 +01:00
updateUserPassQuery = `UPDATE user SET pass = ? WHERE user = ?`
updateUserRoleQuery = `UPDATE user SET role = ? WHERE user = ?`
2023-02-09 21:24:12 +01:00
updateUserPrefsQuery = `UPDATE user SET prefs = ? WHERE id = ?`
updateUserStatsQuery = `UPDATE user SET stats_messages = ?, stats_emails = ? WHERE id = ?`
2023-01-11 04:51:51 +01:00
updateUserStatsResetAllQuery = `UPDATE user SET stats_messages = 0, stats_emails = 0`
2023-01-23 04:21:30 +01:00
updateUserDeletedQuery = `UPDATE user SET deleted = ? WHERE id = ?`
deleteUsersMarkedQuery = `DELETE FROM user WHERE deleted < ?`
2023-01-11 04:51:51 +01:00
deleteUserQuery = `DELETE FROM user WHERE user = ?`
2022-12-26 04:29:55 +01:00
2022-12-28 19:28:28 +01:00
upsertUserAccessQuery = `
2023-02-09 21:24:12 +01:00
INSERT INTO user_access (user_id, topic, read, write, owner_user_id)
2023-01-01 21:21:43 +01:00
VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
2023-02-09 21:24:12 +01:00
ON CONFLICT (user_id, topic)
2023-01-01 21:21:43 +01:00
DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
`
selectUserAccessQuery = `
2023-01-03 02:08:37 +01:00
SELECT topic, read, write
2023-02-09 21:24:12 +01:00
FROM user_access
WHERE user_id = (SELECT id FROM user WHERE user = ?)
2023-01-01 21:21:43 +01:00
ORDER BY write DESC, read DESC, topic
`
2023-01-03 02:08:37 +01:00
selectUserReservationsQuery = `
SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
FROM user_access a_user
LEFT JOIN user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
WHERE a_user.user_id = a_user.owner_user_id
AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
ORDER BY a_user.topic
`
2023-01-06 03:15:10 +01:00
selectUserReservationsCountQuery = `
SELECT COUNT(*)
FROM user_access
WHERE user_id = owner_user_id AND owner_user_id = (SELECT id FROM user WHERE user = ?)
`
2023-01-06 16:45:38 +01:00
selectUserHasReservationQuery = `
SELECT COUNT(*)
FROM user_access
2023-02-09 21:24:12 +01:00
WHERE user_id = owner_user_id
2023-01-06 16:45:38 +01:00
AND owner_user_id = (SELECT id FROM user WHERE user = ?)
2023-02-09 21:24:12 +01:00
AND topic = ?
2023-01-06 16:45:38 +01:00
`
2023-01-01 21:21:43 +01:00
selectOtherAccessCountQuery = `
2023-01-06 02:22:34 +01:00
SELECT COUNT(*)
2023-01-01 21:21:43 +01:00
FROM user_access
WHERE (topic = ? OR ? LIKE topic)
AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
2022-12-28 19:28:28 +01:00
`
2023-01-09 21:40:46 +01:00
deleteAllAccessQuery = `DELETE FROM user_access`
deleteUserAccessQuery = `
2023-02-09 21:24:12 +01:00
DELETE FROM user_access
2023-01-09 21:40:46 +01:00
WHERE user_id = (SELECT id FROM user WHERE user = ?)
OR owner_user_id = (SELECT id FROM user WHERE user = ?)
`
deleteTopicAccessQuery = `
2023-02-09 21:24:12 +01:00
DELETE FROM user_access
WHERE (user_id = (SELECT id FROM user WHERE user = ?) OR owner_user_id = (SELECT id FROM user WHERE user = ?))
2023-01-09 21:40:46 +01:00
AND topic = ?
`
2022-12-26 04:29:55 +01:00
2023-01-29 02:29:06 +01:00
selectTokenCountQuery = `SELECT COUNT(*) FROM user_token WHERE user_id = ?`
selectTokensQuery = `SELECT token, label, last_access, last_origin, expires FROM user_token WHERE user_id = ?`
selectTokenQuery = `SELECT token, label, last_access, last_origin, expires FROM user_token WHERE user_id = ? AND token = ?`
insertTokenQuery = `INSERT INTO user_token (user_id, token, label, last_access, last_origin, expires) VALUES (?, ?, ?, ?, ?, ?)`
updateTokenExpiryQuery = `UPDATE user_token SET expires = ? WHERE user_id = ? AND token = ?`
updateTokenLabelQuery = `UPDATE user_token SET label = ? WHERE user_id = ? AND token = ?`
updateTokenLastAccessQuery = `UPDATE user_token SET last_access = ?, last_origin = ? WHERE token = ?`
deleteTokenQuery = `DELETE FROM user_token WHERE user_id = ? AND token = ?`
deleteAllTokenQuery = `DELETE FROM user_token WHERE user_id = ?`
deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires > 0 AND expires < ?`
deleteExcessTokensQuery = `
2023-01-06 02:22:34 +01:00
DELETE FROM user_token
WHERE (user_id, token) NOT IN (
SELECT user_id, token
FROM user_token
WHERE user_id = ?
2023-02-09 21:24:12 +01:00
ORDER BY expires DESC
2023-01-06 02:22:34 +01:00
LIMIT ?
)
`
insertTierQuery = `
INSERT INTO tier (id, code, name, messages_limit, messages_expiry_duration, emails_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_price_id)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
`
2023-02-07 04:38:22 +01:00
updateTierQuery = `
2023-02-09 21:24:12 +01:00
UPDATE tier
2023-02-07 04:38:22 +01:00
SET name = ?, messages_limit = ?, messages_expiry_duration = ?, emails_limit = ?, reservations_limit = ?, attachment_file_size_limit = ?, attachment_total_size_limit = ?, attachment_expiry_duration = ?, attachment_bandwidth_limit = ?, stripe_price_id = ?
WHERE code = ?
`
selectTiersQuery = `
SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_price_id
2023-01-17 16:09:37 +01:00
FROM tier
`
2023-01-14 12:43:44 +01:00
selectTierByCodeQuery = `
SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_price_id
2023-01-14 12:43:44 +01:00
FROM tier
WHERE code = ?
`
selectTierByPriceIDQuery = `
SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_price_id
2023-01-14 12:43:44 +01:00
FROM tier
WHERE stripe_price_id = ?
`
updateUserTierQuery = `UPDATE user SET tier_id = (SELECT id FROM tier WHERE code = ?) WHERE user = ?`
2023-01-09 21:40:46 +01:00
deleteUserTierQuery = `UPDATE user SET tier_id = null WHERE user = ?`
2023-02-07 04:38:22 +01:00
deleteTierQuery = `DELETE FROM tier WHERE code = ?`
2023-01-14 12:43:44 +01:00
2023-01-16 05:29:46 +01:00
updateBillingQuery = `
2023-02-09 21:24:12 +01:00
UPDATE user
2023-01-16 16:35:12 +01:00
SET stripe_customer_id = ?, stripe_subscription_id = ?, stripe_subscription_status = ?, stripe_subscription_paid_until = ?, stripe_subscription_cancel_at = ?
2023-01-16 05:29:46 +01:00
WHERE user = ?
`
2022-12-26 04:29:55 +01:00
)
2022-12-03 21:20:59 +01:00
2022-12-26 04:29:55 +01:00
// Schema management queries
const (
2022-12-29 19:08:47 +01:00
currentSchemaVersion = 2
2022-12-26 04:29:55 +01:00
insertSchemaVersion = `INSERT INTO schemaVersion VALUES (1, ?)`
2022-12-29 19:08:47 +01:00
updateSchemaVersion = `UPDATE schemaVersion SET version = ? WHERE id = 1`
2022-12-26 04:29:55 +01:00
selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
2022-12-29 19:08:47 +01:00
// 1 -> 2 (complex migration!)
migrate1To2RenameUserTableQueryNoTx = `
ALTER TABLE user RENAME TO user_old;
`
migrate1To2SelectAllOldUsernamesNoTx = `SELECT user FROM user_old`
migrate1To2InsertUserNoTx = `
2023-02-09 21:24:12 +01:00
INSERT INTO user (id, user, pass, role, sync_topic, created)
2023-01-23 04:21:30 +01:00
SELECT ?, user, pass, role, ?, UNIXEPOCH() FROM user_old WHERE user = ?
`
2022-12-29 19:08:47 +01:00
migrate1To2InsertFromOldTablesAndDropNoTx = `
INSERT INTO user_access (user_id, topic, read, write)
SELECT u.id, a.topic, a.read, a.write
FROM user u
JOIN access a ON u.user = a.user;
DROP TABLE access;
DROP TABLE user_old;
`
2022-12-26 04:29:55 +01:00
)
2022-01-23 06:02:16 +01:00
2023-02-09 21:24:12 +01:00
var (
migrations = map[int]func(db *sql.DB) error{
1: migrateFrom1,
}
)
2022-12-28 04:14:14 +01:00
// Manager is an implementation of Manager. It stores users and access control list
2022-12-26 04:29:55 +01:00
// in a SQLite database.
2022-12-28 04:14:14 +01:00
type Manager struct {
2023-01-06 02:22:34 +01:00
db *sql.DB
2023-01-29 02:29:06 +01:00
defaultAccess Permission // Default permission if no ACL matches
statsQueue map[string]*Stats // "Queue" to asynchronously write user stats to the database (UserID -> Stats)
tokenQueue map[string]*TokenUpdate // "Queue" to asynchronously write token access stats to the database (Token ID -> TokenUpdate)
bcryptCost int // Makes testing easier
2023-01-06 02:22:34 +01:00
mu sync.Mutex
2022-12-26 04:29:55 +01:00
}
2022-01-26 04:30:53 +01:00
2022-12-28 04:14:14 +01:00
var _ Auther = (*Manager)(nil)
2022-12-26 04:29:55 +01:00
2022-12-28 04:14:14 +01:00
// NewManager creates a new Manager instance
2023-01-29 02:29:06 +01:00
func NewManager(filename, startupQueries string, defaultAccess Permission, bcryptCost int, queueWriterInterval time.Duration) (*Manager, error) {
2022-12-26 04:29:55 +01:00
db, err := sql.Open("sqlite3", filename)
if err != nil {
return nil, err
}
2022-12-29 19:08:47 +01:00
if err := setupDB(db); err != nil {
2022-12-26 04:29:55 +01:00
return nil, err
}
2023-01-05 21:20:44 +01:00
if err := runStartupQueries(db, startupQueries); err != nil {
return nil, err
}
2022-12-28 04:14:14 +01:00
manager := &Manager{
2023-01-06 02:22:34 +01:00
db: db,
defaultAccess: defaultAccess,
2023-01-27 15:59:16 +01:00
statsQueue: make(map[string]*Stats),
2023-01-29 02:29:06 +01:00
tokenQueue: make(map[string]*TokenUpdate),
2023-01-28 15:03:14 +01:00
bcryptCost: bcryptCost,
2022-12-26 04:29:55 +01:00
}
2023-01-29 02:29:06 +01:00
go manager.asyncQueueWriter(queueWriterInterval)
2022-12-26 04:29:55 +01:00
return manager, nil
}
2022-01-26 04:30:53 +01:00
2023-01-23 04:21:30 +01:00
// Authenticate checks username and password and returns a User if correct, and the user has not been
// marked as deleted. The method returns in constant-ish time, regardless of whether the user exists or
// the password is correct or incorrect.
2022-12-28 04:14:14 +01:00
func (a *Manager) Authenticate(username, password string) (*User, error) {
2022-12-26 04:29:55 +01:00
if username == Everyone {
return nil, ErrUnauthenticated
}
user, err := a.User(username)
if err != nil {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Field("user_name", username).Err(err).Trace("Authentication of user failed (1)")
bcrypt.CompareHashAndPassword([]byte(userAuthIntentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
2022-12-26 04:29:55 +01:00
return nil, ErrUnauthenticated
2023-01-23 04:21:30 +01:00
} else if user.Deleted {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Field("user_name", username).Trace("Authentication of user failed (2): user marked deleted")
2023-01-23 04:21:30 +01:00
bcrypt.CompareHashAndPassword([]byte(userAuthIntentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
return nil, ErrUnauthenticated
} else if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Field("user_name", username).Err(err).Trace("Authentication of user failed (3)")
2022-12-26 04:29:55 +01:00
return nil, ErrUnauthenticated
}
return user, nil
}
2022-01-26 04:30:53 +01:00
2022-12-28 19:28:28 +01:00
// AuthenticateToken checks if the token exists and returns the associated User if it does.
// The method sets the User.Token value to the token that was used for authentication.
2022-12-28 04:14:14 +01:00
func (a *Manager) AuthenticateToken(token string) (*User, error) {
2022-12-28 19:46:18 +01:00
if len(token) != tokenLength {
return nil, ErrUnauthenticated
}
2022-12-26 04:29:55 +01:00
user, err := a.userByToken(token)
if err != nil {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Field("token", token).Err(err).Trace("Authentication of token failed")
2022-12-26 04:29:55 +01:00
return nil, ErrUnauthenticated
}
user.Token = token
return user, nil
}
2022-01-26 04:30:53 +01:00
2022-12-28 19:28:28 +01:00
// CreateToken generates a random token for the given user and returns it. The token expires
2023-01-28 05:10:59 +01:00
// after a fixed duration unless ChangeToken is called. This function also prunes tokens for the
2023-01-06 02:22:34 +01:00
// given user, if there are too many of them.
2023-01-29 02:29:06 +01:00
func (a *Manager) CreateToken(userID, label string, expires time.Time, origin netip.Addr) (*Token, error) {
2023-01-28 05:10:59 +01:00
token := util.RandomStringPrefix(tokenPrefix, tokenLength)
2023-01-06 02:22:34 +01:00
tx, err := a.db.Begin()
if err != nil {
return nil, err
}
defer tx.Rollback()
2023-01-29 02:29:06 +01:00
access := time.Now()
if _, err := tx.Exec(insertTokenQuery, userID, token, label, access.Unix(), origin.String(), expires.Unix()); err != nil {
2023-01-06 02:22:34 +01:00
return nil, err
}
2023-01-28 05:10:59 +01:00
rows, err := tx.Query(selectTokenCountQuery, userID)
2023-01-06 02:22:34 +01:00
if err != nil {
return nil, err
}
defer rows.Close()
if !rows.Next() {
return nil, errNoRows
}
var tokenCount int
if err := rows.Scan(&tokenCount); err != nil {
return nil, err
}
if tokenCount >= tokenMaxCount {
// This pruning logic is done in two queries for efficiency. The SELECT above is a lookup
// on two indices, whereas the query below is a full table scan.
2023-01-28 05:10:59 +01:00
if _, err := tx.Exec(deleteExcessTokensQuery, userID, tokenMaxCount); err != nil {
2023-01-06 02:22:34 +01:00
return nil, err
}
}
if err := tx.Commit(); err != nil {
2022-12-26 04:29:55 +01:00
return nil, err
}
return &Token{
2023-01-29 02:29:06 +01:00
Value: token,
Label: label,
LastAccess: access,
LastOrigin: origin,
Expires: expires,
2022-12-26 04:29:55 +01:00
}, nil
}
2022-01-26 04:30:53 +01:00
2023-01-28 13:40:29 +01:00
// Tokens returns all existing tokens for the user with the given user ID
2023-01-28 05:10:59 +01:00
func (a *Manager) Tokens(userID string) ([]*Token, error) {
rows, err := a.db.Query(selectTokensQuery, userID)
if err != nil {
return nil, err
}
defer rows.Close()
tokens := make([]*Token, 0)
for {
token, err := a.readToken(rows)
if err == ErrTokenNotFound {
break
} else if err != nil {
return nil, err
}
tokens = append(tokens, token)
2022-12-31 16:16:14 +01:00
}
2023-01-28 05:10:59 +01:00
return tokens, nil
}
2023-01-28 13:40:29 +01:00
// Token returns a specific token for a user
2023-01-28 05:10:59 +01:00
func (a *Manager) Token(userID, token string) (*Token, error) {
rows, err := a.db.Query(selectTokenQuery, userID, token)
if err != nil {
return nil, err
}
defer rows.Close()
return a.readToken(rows)
}
func (a *Manager) readToken(rows *sql.Rows) (*Token, error) {
2023-01-29 02:29:06 +01:00
var token, label, lastOrigin string
var lastAccess, expires int64
2023-01-28 05:10:59 +01:00
if !rows.Next() {
return nil, ErrTokenNotFound
}
2023-01-29 02:29:06 +01:00
if err := rows.Scan(&token, &label, &lastAccess, &lastOrigin, &expires); err != nil {
2023-01-28 05:10:59 +01:00
return nil, err
} else if err := rows.Err(); err != nil {
2022-12-26 04:29:55 +01:00
return nil, err
}
2023-01-29 02:29:06 +01:00
lastOriginIP, err := netip.ParseAddr(lastOrigin)
if err != nil {
lastOriginIP = netip.IPv4Unspecified()
}
2022-12-26 04:29:55 +01:00
return &Token{
2023-01-29 02:29:06 +01:00
Value: token,
Label: label,
LastAccess: time.Unix(lastAccess, 0),
LastOrigin: lastOriginIP,
Expires: time.Unix(expires, 0),
2022-12-26 04:29:55 +01:00
}, nil
}
2022-01-26 04:30:53 +01:00
2023-01-28 05:10:59 +01:00
// ChangeToken updates a token's label and/or expiry date
func (a *Manager) ChangeToken(userID, token string, label *string, expires *time.Time) (*Token, error) {
if token == "" {
return nil, errNoTokenProvided
}
tx, err := a.db.Begin()
if err != nil {
return nil, err
}
defer tx.Rollback()
if label != nil {
if _, err := tx.Exec(updateTokenLabelQuery, *label, userID, token); err != nil {
return nil, err
}
}
if expires != nil {
if _, err := tx.Exec(updateTokenExpiryQuery, expires.Unix(), userID, token); err != nil {
return nil, err
}
}
if err := tx.Commit(); err != nil {
return nil, err
}
return a.Token(userID, token)
}
2022-12-28 19:28:28 +01:00
// RemoveToken deletes the token defined in User.Token
2023-01-28 05:10:59 +01:00
func (a *Manager) RemoveToken(userID, token string) error {
if token == "" {
return errNoTokenProvided
2022-12-26 04:29:55 +01:00
}
2023-01-28 05:10:59 +01:00
if _, err := a.db.Exec(deleteTokenQuery, userID, token); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
return nil
}
2022-01-26 04:30:53 +01:00
2022-12-28 19:28:28 +01:00
// RemoveExpiredTokens deletes all expired tokens from the database
2022-12-28 04:14:14 +01:00
func (a *Manager) RemoveExpiredTokens() error {
2022-12-26 04:29:55 +01:00
if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
return err
}
return nil
}
2022-01-26 04:30:53 +01:00
2023-01-23 04:21:30 +01:00
// RemoveDeletedUsers deletes all users that have been marked deleted for
func (a *Manager) RemoveDeletedUsers() error {
if _, err := a.db.Exec(deleteUsersMarkedQuery, time.Now().Unix()); err != nil {
return err
}
return nil
}
2022-12-28 21:51:09 +01:00
// ChangeSettings persists the user settings
2023-02-09 21:24:12 +01:00
func (a *Manager) ChangeSettings(userID string, prefs *Prefs) error {
b, err := json.Marshal(prefs)
2022-12-26 04:29:55 +01:00
if err != nil {
return err
}
2023-02-09 21:24:12 +01:00
if _, err := a.db.Exec(updateUserPrefsQuery, string(b), userID); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
return nil
2022-01-23 06:54:18 +01:00
}
2023-01-11 04:51:51 +01:00
// ResetStats resets all user stats in the user database. This touches all users.
func (a *Manager) ResetStats() error {
2023-01-29 02:29:06 +01:00
a.mu.Lock() // Includes database query to avoid races!
2023-01-11 04:51:51 +01:00
defer a.mu.Unlock()
if _, err := a.db.Exec(updateUserStatsResetAllQuery); err != nil {
return err
}
2023-01-27 15:59:16 +01:00
a.statsQueue = make(map[string]*Stats)
2023-01-11 04:51:51 +01:00
return nil
}
2023-02-09 21:24:12 +01:00
// EnqueueUserStats adds the user to a queue which writes out user stats (messages, emails, ..) in
2022-12-28 21:51:09 +01:00
// batches at a regular interval
2023-02-09 21:24:12 +01:00
func (a *Manager) EnqueueUserStats(userID string, stats *Stats) {
2022-12-26 04:29:55 +01:00
a.mu.Lock()
defer a.mu.Unlock()
2023-01-27 15:59:16 +01:00
a.statsQueue[userID] = stats
2022-12-08 03:26:18 +01:00
}
2023-01-29 02:29:06 +01:00
// EnqueueTokenUpdate adds the token update to a queue which writes out token access times
// in batches at a regular interval
func (a *Manager) EnqueueTokenUpdate(tokenID string, update *TokenUpdate) {
a.mu.Lock()
defer a.mu.Unlock()
a.tokenQueue[tokenID] = update
}
func (a *Manager) asyncQueueWriter(interval time.Duration) {
2022-12-29 17:09:45 +01:00
ticker := time.NewTicker(interval)
2022-12-26 04:29:55 +01:00
for range ticker.C {
if err := a.writeUserStatsQueue(); err != nil {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Err(err).Warn("Writing user stats queue failed")
2022-12-26 04:29:55 +01:00
}
2023-01-29 02:29:06 +01:00
if err := a.writeTokenUpdateQueue(); err != nil {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Err(err).Warn("Writing token update queue failed")
2023-01-29 02:29:06 +01:00
}
2022-12-26 04:29:55 +01:00
}
}
2022-12-28 04:14:14 +01:00
func (a *Manager) writeUserStatsQueue() error {
2022-12-26 04:29:55 +01:00
a.mu.Lock()
if len(a.statsQueue) == 0 {
a.mu.Unlock()
2023-02-09 21:24:12 +01:00
log.Tag(tag).Trace("No user stats updates to commit")
2022-12-26 04:29:55 +01:00
return nil
}
statsQueue := a.statsQueue
2023-01-27 15:59:16 +01:00
a.statsQueue = make(map[string]*Stats)
2022-12-26 04:29:55 +01:00
a.mu.Unlock()
tx, err := a.db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
2023-02-09 21:24:12 +01:00
log.Tag(tag).Debug("Writing user stats queue for %d user(s)", len(statsQueue))
2023-01-27 15:59:16 +01:00
for userID, update := range statsQueue {
2023-02-06 05:34:27 +01:00
log.
2023-02-09 21:24:12 +01:00
Tag(tag).
2023-02-06 05:34:27 +01:00
Fields(log.Context{
"user_id": userID,
"messages_count": update.Messages,
"emails_count": update.Emails,
}).
Trace("Updating stats for user %s", userID)
2023-01-27 15:59:16 +01:00
if _, err := tx.Exec(updateUserStatsQuery, update.Messages, update.Emails, userID); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
}
return tx.Commit()
2022-12-08 03:26:18 +01:00
}
2023-01-29 02:29:06 +01:00
func (a *Manager) writeTokenUpdateQueue() error {
a.mu.Lock()
if len(a.tokenQueue) == 0 {
a.mu.Unlock()
2023-02-09 21:24:12 +01:00
log.Tag(tag).Trace("No token updates to commit")
2023-01-29 02:29:06 +01:00
return nil
}
tokenQueue := a.tokenQueue
a.tokenQueue = make(map[string]*TokenUpdate)
a.mu.Unlock()
tx, err := a.db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
2023-02-09 21:24:12 +01:00
log.Tag(tag).Debug("Writing token update queue for %d token(s)", len(tokenQueue))
2023-01-29 02:29:06 +01:00
for tokenID, update := range tokenQueue {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Trace("Updating token %s with last access time %v", tokenID, update.LastAccess.Unix())
2023-01-29 02:29:06 +01:00
if _, err := tx.Exec(updateTokenLastAccessQuery, update.LastAccess.Unix(), update.LastOrigin.String(), tokenID); err != nil {
return err
}
}
return tx.Commit()
}
2022-12-26 04:29:55 +01:00
// Authorize returns nil if the given user has access to the given topic using the desired
// permission. The user param may be nil to signal an anonymous user.
2022-12-28 04:14:14 +01:00
func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
2022-12-26 04:29:55 +01:00
if user != nil && user.Role == RoleAdmin {
return nil // Admin can do everything
}
username := Everyone
if user != nil {
username = user.Name
}
// Select the read/write permissions for this user/topic combo. The query may return two
2023-01-01 21:21:43 +01:00
// rows (one for everyone, and one for the user), but prioritizes the user.
2023-01-03 02:08:37 +01:00
rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
2022-12-26 04:29:55 +01:00
if err != nil {
return err
}
defer rows.Close()
if !rows.Next() {
return a.resolvePerms(a.defaultAccess, perm)
2022-12-26 04:29:55 +01:00
}
var read, write bool
if err := rows.Scan(&read, &write); err != nil {
return err
} else if err := rows.Err(); err != nil {
return err
}
return a.resolvePerms(NewPermission(read, write), perm)
2022-12-26 04:29:55 +01:00
}
2022-12-18 20:35:05 +01:00
func (a *Manager) resolvePerms(base, perm Permission) error {
if perm == PermissionRead && base.IsRead() {
2022-12-26 04:29:55 +01:00
return nil
} else if perm == PermissionWrite && base.IsWrite() {
2022-12-26 04:29:55 +01:00
return nil
}
return ErrUnauthorized
}
2022-12-18 20:35:05 +01:00
// AddUser adds a user with the given username, password and role
2023-01-23 04:21:30 +01:00
func (a *Manager) AddUser(username, password string, role Role) error {
2022-12-26 04:29:55 +01:00
if !AllowedUsername(username) || !AllowedRole(role) {
return ErrInvalidArgument
}
2023-01-28 15:03:14 +01:00
hash, err := bcrypt.GenerateFromPassword([]byte(password), a.bcryptCost)
2022-12-26 04:29:55 +01:00
if err != nil {
return err
}
userID := util.RandomStringPrefix(userIDPrefix, userIDLength)
syncTopic, now := util.RandomStringPrefix(syncTopicPrefix, syncTopicLength), time.Now().Unix()
2023-01-23 04:21:30 +01:00
if _, err = a.db.Exec(insertUserQuery, userID, username, hash, role, syncTopic, now); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
return nil
2022-12-17 21:17:52 +01:00
}
2022-12-26 04:29:55 +01:00
// RemoveUser deletes the user with the given username. The function returns nil on success, even
// if the user did not exist in the first place.
2022-12-28 04:14:14 +01:00
func (a *Manager) RemoveUser(username string) error {
2022-12-26 04:29:55 +01:00
if !AllowedUsername(username) {
return ErrInvalidArgument
}
2023-01-05 21:20:44 +01:00
// Rows in user_access, user_token, etc. are deleted via foreign keys
if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
2022-12-29 19:08:47 +01:00
return err
}
2023-01-05 21:20:44 +01:00
return nil
2022-12-08 03:26:18 +01:00
}
2023-01-23 04:21:30 +01:00
// MarkUserRemoved sets the deleted flag on the user, and deletes all access tokens. This prevents
// successful auth via Authenticate. A background process will delete the user at a later date.
func (a *Manager) MarkUserRemoved(user *User) error {
if !AllowedUsername(user.Name) {
return ErrInvalidArgument
}
tx, err := a.db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
2023-02-09 21:24:12 +01:00
if _, err := tx.Exec(deleteUserAccessQuery, user.Name, user.Name); err != nil {
2023-01-23 04:21:30 +01:00
return err
}
if _, err := tx.Exec(deleteAllTokenQuery, user.ID); err != nil {
return err
}
if _, err := tx.Exec(updateUserDeletedQuery, time.Now().Add(userHardDeleteAfterDuration).Unix(), user.ID); err != nil {
return err
}
return tx.Commit()
}
2022-12-26 04:29:55 +01:00
// Users returns a list of users. It always also returns the Everyone user ("*").
2022-12-28 04:14:14 +01:00
func (a *Manager) Users() ([]*User, error) {
2022-12-26 04:29:55 +01:00
rows, err := a.db.Query(selectUsernamesQuery)
if err != nil {
return nil, err
}
defer rows.Close()
usernames := make([]string, 0)
for rows.Next() {
var username string
if err := rows.Scan(&username); err != nil {
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
usernames = append(usernames, username)
}
rows.Close()
users := make([]*User, 0)
for _, username := range usernames {
user, err := a.User(username)
if err != nil {
return nil, err
}
users = append(users, user)
}
return users, nil
2022-01-24 05:02:39 +01:00
}
2023-01-14 12:43:44 +01:00
// User returns the user with the given username if it exists, or ErrUserNotFound otherwise.
2022-12-26 04:29:55 +01:00
// You may also pass Everyone to retrieve the anonymous user and its Grant list.
2022-12-28 04:14:14 +01:00
func (a *Manager) User(username string) (*User, error) {
2022-12-26 04:29:55 +01:00
rows, err := a.db.Query(selectUserByNameQuery, username)
if err != nil {
return nil, err
}
return a.readUser(rows)
}
// UserByID returns the user with the given ID if it exists, or ErrUserNotFound otherwise
func (a *Manager) UserByID(id string) (*User, error) {
rows, err := a.db.Query(selectUserByIDQuery, id)
if err != nil {
return nil, err
}
return a.readUser(rows)
}
2023-01-18 21:50:06 +01:00
// UserByStripeCustomer returns the user with the given Stripe customer ID if it exists, or ErrUserNotFound otherwise.
2023-01-14 12:43:44 +01:00
func (a *Manager) UserByStripeCustomer(stripeCustomerID string) (*User, error) {
rows, err := a.db.Query(selectUserByStripeCustomerIDQuery, stripeCustomerID)
if err != nil {
return nil, err
}
return a.readUser(rows)
}
2022-12-28 04:14:14 +01:00
func (a *Manager) userByToken(token string) (*User, error) {
2022-12-29 17:09:45 +01:00
rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
2022-12-26 04:29:55 +01:00
if err != nil {
return nil, err
}
return a.readUser(rows)
2022-01-23 06:02:16 +01:00
}
2022-12-28 04:14:14 +01:00
func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
2022-12-26 04:29:55 +01:00
defer rows.Close()
var id, username, hash, role, prefs, syncTopic string
var stripeCustomerID, stripeSubscriptionID, stripeSubscriptionStatus, stripePriceID, tierID, tierCode, tierName sql.NullString
2022-12-26 04:29:55 +01:00
var messages, emails int64
var messagesLimit, messagesExpiryDuration, emailsLimit, reservationsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit, attachmentExpiryDuration, attachmentBandwidthLimit, stripeSubscriptionPaidUntil, stripeSubscriptionCancelAt, deleted sql.NullInt64
2022-12-26 04:29:55 +01:00
if !rows.Next() {
2023-01-14 12:43:44 +01:00
return nil, ErrUserNotFound
2022-12-26 04:29:55 +01:00
}
if err := rows.Scan(&id, &username, &hash, &role, &prefs, &syncTopic, &messages, &emails, &stripeCustomerID, &stripeSubscriptionID, &stripeSubscriptionStatus, &stripeSubscriptionPaidUntil, &stripeSubscriptionCancelAt, &deleted, &tierID, &tierCode, &tierName, &messagesLimit, &messagesExpiryDuration, &emailsLimit, &reservationsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit, &attachmentExpiryDuration, &attachmentBandwidthLimit, &stripePriceID); err != nil {
2022-12-26 04:29:55 +01:00
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
user := &User{
ID: id,
2023-01-10 03:53:21 +01:00
Name: username,
Hash: hash,
Role: Role(role),
Prefs: &Prefs{},
SyncTopic: syncTopic,
2022-12-26 04:29:55 +01:00
Stats: &Stats{
Messages: messages,
Emails: emails,
},
2023-01-16 05:29:46 +01:00
Billing: &Billing{
StripeCustomerID: stripeCustomerID.String, // May be empty
StripeSubscriptionID: stripeSubscriptionID.String, // May be empty
StripeSubscriptionStatus: stripe.SubscriptionStatus(stripeSubscriptionStatus.String), // May be empty
StripeSubscriptionPaidUntil: time.Unix(stripeSubscriptionPaidUntil.Int64, 0), // May be zero
2023-01-16 16:35:12 +01:00
StripeSubscriptionCancelAt: time.Unix(stripeSubscriptionCancelAt.Int64, 0), // May be zero
2023-01-16 05:29:46 +01:00
},
2023-01-23 04:21:30 +01:00
Deleted: deleted.Valid,
2022-12-26 04:29:55 +01:00
}
2023-01-10 03:53:21 +01:00
if err := json.Unmarshal([]byte(prefs), user.Prefs); err != nil {
return nil, err
2022-12-26 04:29:55 +01:00
}
if tierCode.Valid {
2023-01-14 12:43:44 +01:00
// See readTier() when this is changed!
user.Tier = &Tier{
ID: tierID.String,
Code: tierCode.String,
2023-01-09 21:40:46 +01:00
Name: tierName.String,
2023-01-27 04:57:18 +01:00
MessageLimit: messagesLimit.Int64,
MessageExpiryDuration: time.Duration(messagesExpiryDuration.Int64) * time.Second,
EmailLimit: emailsLimit.Int64,
ReservationLimit: reservationsLimit.Int64,
2022-12-26 04:29:55 +01:00
AttachmentFileSizeLimit: attachmentFileSizeLimit.Int64,
AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
2023-01-09 21:40:46 +01:00
AttachmentExpiryDuration: time.Duration(attachmentExpiryDuration.Int64) * time.Second,
AttachmentBandwidthLimit: attachmentBandwidthLimit.Int64,
2023-01-17 16:09:37 +01:00
StripePriceID: stripePriceID.String, // May be empty
2022-12-26 04:29:55 +01:00
}
}
return user, nil
}
2022-01-23 06:02:16 +01:00
2023-01-03 02:08:37 +01:00
// Grants returns all user-specific access control entries
func (a *Manager) Grants(username string) ([]Grant, error) {
2022-12-26 04:29:55 +01:00
rows, err := a.db.Query(selectUserAccessQuery, username)
if err != nil {
return nil, err
}
defer rows.Close()
grants := make([]Grant, 0)
for rows.Next() {
var topic string
2023-01-03 02:08:37 +01:00
var read, write bool
if err := rows.Scan(&topic, &read, &write); err != nil {
2022-12-26 04:29:55 +01:00
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
grants = append(grants, Grant{
TopicPattern: fromSQLWildcard(topic),
Allow: NewPermission(read, write),
2022-12-26 04:29:55 +01:00
})
}
return grants, nil
}
2022-01-23 06:02:16 +01:00
2023-01-03 02:08:37 +01:00
// Reservations returns all user-owned topics, and the associated everyone-access
func (a *Manager) Reservations(username string) ([]Reservation, error) {
rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
if err != nil {
return nil, err
}
defer rows.Close()
reservations := make([]Reservation, 0)
for rows.Next() {
var topic string
var ownerRead, ownerWrite bool
2023-01-03 02:08:37 +01:00
var everyoneRead, everyoneWrite sql.NullBool
if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
2023-01-03 02:08:37 +01:00
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
reservations = append(reservations, Reservation{
Topic: topic,
Owner: NewPermission(ownerRead, ownerWrite),
Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
2023-01-03 02:08:37 +01:00
})
}
return reservations, nil
}
2023-01-06 16:45:38 +01:00
// HasReservation returns true if the given topic access is owned by the user
func (a *Manager) HasReservation(username, topic string) (bool, error) {
rows, err := a.db.Query(selectUserHasReservationQuery, username, topic)
if err != nil {
return false, err
}
defer rows.Close()
if !rows.Next() {
return false, errNoRows
}
var count int64
if err := rows.Scan(&count); err != nil {
return false, err
}
return count > 0, nil
}
2023-01-06 03:15:10 +01:00
// ReservationsCount returns the number of reservations owned by this user
func (a *Manager) ReservationsCount(username string) (int64, error) {
rows, err := a.db.Query(selectUserReservationsCountQuery, username)
if err != nil {
return 0, err
}
defer rows.Close()
if !rows.Next() {
return 0, errNoRows
}
var count int64
if err := rows.Scan(&count); err != nil {
return 0, err
}
return count, nil
}
2022-12-26 04:29:55 +01:00
// ChangePassword changes a user's password
2022-12-28 04:14:14 +01:00
func (a *Manager) ChangePassword(username, password string) error {
2023-01-28 15:03:14 +01:00
hash, err := bcrypt.GenerateFromPassword([]byte(password), a.bcryptCost)
2022-12-26 04:29:55 +01:00
if err != nil {
return err
}
if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
return err
}
return nil
}
2022-01-23 06:02:16 +01:00
2022-12-26 04:29:55 +01:00
// ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
// all existing access control entries (Grant) are removed, since they are no longer needed.
2022-12-28 04:14:14 +01:00
func (a *Manager) ChangeRole(username string, role Role) error {
2022-12-26 04:29:55 +01:00
if !AllowedUsername(username) || !AllowedRole(role) {
return ErrInvalidArgument
}
if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
return err
}
if role == RoleAdmin {
2023-01-09 21:40:46 +01:00
if _, err := a.db.Exec(deleteUserAccessQuery, username, username); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
}
return nil
}
2022-01-23 21:30:30 +01:00
// ChangeTier changes a user's tier using the tier code. This function does not delete reservations, messages,
// or attachments, even if the new tier has lower limits in this regard. That has to be done elsewhere.
func (a *Manager) ChangeTier(username, tier string) error {
if !AllowedUsername(username) {
return ErrInvalidArgument
}
t, err := a.Tier(tier)
if err != nil {
return err
2023-01-27 04:57:18 +01:00
} else if err := a.checkReservationsLimit(username, t.ReservationLimit); err != nil {
return err
}
if _, err := a.db.Exec(updateUserTierQuery, tier, username); err != nil {
return err
}
return nil
}
// ResetTier removes the tier from the given user
func (a *Manager) ResetTier(username string) error {
if !AllowedUsername(username) && username != Everyone && username != "" {
return ErrInvalidArgument
} else if err := a.checkReservationsLimit(username, 0); err != nil {
return err
}
_, err := a.db.Exec(deleteUserTierQuery, username)
return err
}
func (a *Manager) checkReservationsLimit(username string, reservationsLimit int64) error {
u, err := a.User(username)
if err != nil {
return err
}
2023-01-27 04:57:18 +01:00
if u.Tier != nil && reservationsLimit < u.Tier.ReservationLimit {
reservations, err := a.Reservations(username)
if err != nil {
return err
} else if int64(len(reservations)) > reservationsLimit {
return ErrTooManyReservations
}
}
return nil
}
2023-02-12 04:14:09 +01:00
// AllowReservation tests if a user may create an access control entry for the given topic.
2023-01-01 21:21:43 +01:00
// If there are any ACL entries that are not owned by the user, an error is returned.
2023-02-12 04:14:09 +01:00
func (a *Manager) AllowReservation(username string, topic string) error {
2023-01-01 21:21:43 +01:00
if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
return ErrInvalidArgument
}
rows, err := a.db.Query(selectOtherAccessCountQuery, topic, topic, username)
if err != nil {
return err
}
defer rows.Close()
if !rows.Next() {
2023-01-06 02:22:34 +01:00
return errNoRows
2023-01-01 21:21:43 +01:00
}
var otherCount int
if err := rows.Scan(&otherCount); err != nil {
return err
}
if otherCount > 0 {
return errTopicOwnedByOthers
}
return nil
}
2022-12-26 04:29:55 +01:00
// AllowAccess adds or updates an entry in th access control list for a specific user. It controls
2023-01-01 21:21:43 +01:00
// read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
// owner may either be a user (username), or the system (empty).
func (a *Manager) AllowAccess(username string, topicPattern string, permission Permission) error {
2023-01-01 21:21:43 +01:00
if !AllowedUsername(username) && username != Everyone {
return ErrInvalidArgument
} else if !AllowedTopicPattern(topicPattern) {
2022-12-26 04:29:55 +01:00
return ErrInvalidArgument
}
owner := ""
if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), permission.IsRead(), permission.IsWrite(), owner, owner); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
return nil
}
2022-01-31 17:44:58 +01:00
2022-12-26 04:29:55 +01:00
// ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
// empty) for an entire user. The parameter topicPattern may include wildcards (*).
2022-12-28 04:14:14 +01:00
func (a *Manager) ResetAccess(username string, topicPattern string) error {
2022-12-26 04:29:55 +01:00
if !AllowedUsername(username) && username != Everyone && username != "" {
return ErrInvalidArgument
} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
return ErrInvalidArgument
}
if username == "" && topicPattern == "" {
_, err := a.db.Exec(deleteAllAccessQuery, username)
return err
} else if topicPattern == "" {
2023-01-09 21:40:46 +01:00
_, err := a.db.Exec(deleteUserAccessQuery, username, username)
2022-12-26 04:29:55 +01:00
return err
}
2023-01-09 21:40:46 +01:00
_, err := a.db.Exec(deleteTopicAccessQuery, username, username, toSQLWildcard(topicPattern))
return err
}
// AddReservation creates two access control entries for the given topic: one with full read/write access for the
// given user, and one for Everyone with the permission passed as everyone. The user also owns the entries, and
// can modify or delete them.
func (a *Manager) AddReservation(username string, topic string, everyone Permission) error {
if !AllowedUsername(username) || username == Everyone || !AllowedTopic(topic) {
return ErrInvalidArgument
}
tx, err := a.db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
if _, err := tx.Exec(upsertUserAccessQuery, username, topic, true, true, username, username); err != nil {
return err
}
if _, err := tx.Exec(upsertUserAccessQuery, Everyone, topic, everyone.IsRead(), everyone.IsWrite(), username, username); err != nil {
return err
}
return tx.Commit()
}
// RemoveReservations deletes the access control entries associated with the given username/topic, as
// well as all entries with Everyone/topic. This is the counterpart for AddReservation.
func (a *Manager) RemoveReservations(username string, topics ...string) error {
if !AllowedUsername(username) || username == Everyone || len(topics) == 0 {
2023-01-09 21:40:46 +01:00
return ErrInvalidArgument
}
for _, topic := range topics {
if !AllowedTopic(topic) {
return ErrInvalidArgument
}
}
tx, err := a.db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
for _, topic := range topics {
if _, err := tx.Exec(deleteTopicAccessQuery, username, username, topic); err != nil {
return err
}
if _, err := tx.Exec(deleteTopicAccessQuery, Everyone, Everyone, topic); err != nil {
return err
}
}
return tx.Commit()
2022-01-23 21:30:30 +01:00
}
2022-12-26 04:29:55 +01:00
// DefaultAccess returns the default read/write access if no access control entry matches
func (a *Manager) DefaultAccess() Permission {
return a.defaultAccess
2022-01-31 17:44:58 +01:00
}
2023-02-07 04:38:22 +01:00
// AddTier creates a new tier in the database
func (a *Manager) AddTier(tier *Tier) error {
if tier.ID == "" {
tier.ID = util.RandomStringPrefix(tierIDPrefix, tierIDLength)
}
if _, err := a.db.Exec(insertTierQuery, tier.ID, tier.Code, tier.Name, tier.MessageLimit, int64(tier.MessageExpiryDuration.Seconds()), tier.EmailLimit, tier.ReservationLimit, tier.AttachmentFileSizeLimit, tier.AttachmentTotalSizeLimit, int64(tier.AttachmentExpiryDuration.Seconds()), tier.AttachmentBandwidthLimit, nullString(tier.StripePriceID)); err != nil {
return err
}
return nil
2023-02-07 04:38:22 +01:00
}
// UpdateTier updates a tier's properties in the database
func (a *Manager) UpdateTier(tier *Tier) error {
if _, err := a.db.Exec(updateTierQuery, tier.Name, tier.MessageLimit, int64(tier.MessageExpiryDuration.Seconds()), tier.EmailLimit, tier.ReservationLimit, tier.AttachmentFileSizeLimit, tier.AttachmentTotalSizeLimit, int64(tier.AttachmentExpiryDuration.Seconds()), tier.AttachmentBandwidthLimit, nullString(tier.StripePriceID), tier.Code); err != nil {
return err
}
return nil
}
// RemoveTier deletes the tier with the given code
func (a *Manager) RemoveTier(code string) error {
if !AllowedTier(code) {
return ErrInvalidArgument
}
// This fails if any user has this tier
if _, err := a.db.Exec(deleteTierQuery, code); err != nil {
return err
}
return nil
}
2023-01-18 21:50:06 +01:00
// ChangeBilling updates a user's billing fields, namely the Stripe customer ID, and subscription information
func (a *Manager) ChangeBilling(username string, billing *Billing) error {
if _, err := a.db.Exec(updateBillingQuery, nullString(billing.StripeCustomerID), nullString(billing.StripeSubscriptionID), nullString(string(billing.StripeSubscriptionStatus)), nullInt64(billing.StripeSubscriptionPaidUntil.Unix()), nullInt64(billing.StripeSubscriptionCancelAt.Unix()), username); err != nil {
2023-01-14 12:43:44 +01:00
return err
}
return nil
}
2023-01-18 21:50:06 +01:00
// Tiers returns a list of all Tier structs
2023-01-17 16:09:37 +01:00
func (a *Manager) Tiers() ([]*Tier, error) {
rows, err := a.db.Query(selectTiersQuery)
if err != nil {
return nil, err
}
defer rows.Close()
tiers := make([]*Tier, 0)
for {
tier, err := a.readTier(rows)
if err == ErrTierNotFound {
break
} else if err != nil {
return nil, err
}
tiers = append(tiers, tier)
}
return tiers, nil
}
2023-01-18 21:50:06 +01:00
// Tier returns a Tier based on the code, or ErrTierNotFound if it does not exist
2023-01-14 12:43:44 +01:00
func (a *Manager) Tier(code string) (*Tier, error) {
rows, err := a.db.Query(selectTierByCodeQuery, code)
if err != nil {
return nil, err
}
2023-01-17 16:09:37 +01:00
defer rows.Close()
2023-01-14 12:43:44 +01:00
return a.readTier(rows)
}
2023-01-18 21:50:06 +01:00
// TierByStripePrice returns a Tier based on the Stripe price ID, or ErrTierNotFound if it does not exist
2023-01-14 12:43:44 +01:00
func (a *Manager) TierByStripePrice(priceID string) (*Tier, error) {
rows, err := a.db.Query(selectTierByPriceIDQuery, priceID)
if err != nil {
return nil, err
}
2023-01-17 16:09:37 +01:00
defer rows.Close()
2023-01-14 12:43:44 +01:00
return a.readTier(rows)
}
func (a *Manager) readTier(rows *sql.Rows) (*Tier, error) {
var id, code, name string
2023-01-18 01:40:03 +01:00
var stripePriceID sql.NullString
var messagesLimit, messagesExpiryDuration, emailsLimit, reservationsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit, attachmentExpiryDuration, attachmentBandwidthLimit sql.NullInt64
2023-01-14 12:43:44 +01:00
if !rows.Next() {
return nil, ErrTierNotFound
}
if err := rows.Scan(&id, &code, &name, &messagesLimit, &messagesExpiryDuration, &emailsLimit, &reservationsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit, &attachmentExpiryDuration, &attachmentBandwidthLimit, &stripePriceID); err != nil {
2023-01-14 12:43:44 +01:00
return nil, err
} else if err := rows.Err(); err != nil {
return nil, err
}
// When changed, note readUser() as well
return &Tier{
ID: id,
2023-01-14 12:43:44 +01:00
Code: code,
Name: name,
2023-01-27 04:57:18 +01:00
MessageLimit: messagesLimit.Int64,
MessageExpiryDuration: time.Duration(messagesExpiryDuration.Int64) * time.Second,
EmailLimit: emailsLimit.Int64,
ReservationLimit: reservationsLimit.Int64,
2023-01-14 12:43:44 +01:00
AttachmentFileSizeLimit: attachmentFileSizeLimit.Int64,
AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
AttachmentExpiryDuration: time.Duration(attachmentExpiryDuration.Int64) * time.Second,
AttachmentBandwidthLimit: attachmentBandwidthLimit.Int64,
2023-01-17 16:09:37 +01:00
StripePriceID: stripePriceID.String, // May be empty
2023-01-14 12:43:44 +01:00
}, nil
}
2023-01-29 02:43:06 +01:00
// Close closes the underlying database
2023-01-28 15:03:14 +01:00
func (a *Manager) Close() error {
return a.db.Close()
}
2022-12-26 04:29:55 +01:00
func toSQLWildcard(s string) string {
return strings.ReplaceAll(s, "*", "%")
2022-01-31 17:44:58 +01:00
}
2022-12-26 04:29:55 +01:00
func fromSQLWildcard(s string) string {
return strings.ReplaceAll(s, "%", "*")
}
2023-01-05 21:20:44 +01:00
func runStartupQueries(db *sql.DB, startupQueries string) error {
if _, err := db.Exec(startupQueries); err != nil {
return err
}
if _, err := db.Exec(builtinStartupQueries); err != nil {
return err
}
return nil
}
2022-12-29 19:08:47 +01:00
func setupDB(db *sql.DB) error {
2022-12-26 04:29:55 +01:00
// If 'schemaVersion' table does not exist, this must be a new database
rowsSV, err := db.Query(selectSchemaVersionQuery)
if err != nil {
2022-12-29 19:08:47 +01:00
return setupNewDB(db)
2022-12-26 04:29:55 +01:00
}
defer rowsSV.Close()
// If 'schemaVersion' table exists, read version and potentially upgrade
schemaVersion := 0
if !rowsSV.Next() {
return errors.New("cannot determine schema version: database file may be corrupt")
}
if err := rowsSV.Scan(&schemaVersion); err != nil {
return err
}
rowsSV.Close()
// Do migrations
if schemaVersion == currentSchemaVersion {
return nil
2023-02-09 21:24:12 +01:00
} else if schemaVersion > currentSchemaVersion {
return fmt.Errorf("unexpected schema version: version %d is higher than current version %d", schemaVersion, currentSchemaVersion)
}
for i := schemaVersion; i < currentSchemaVersion; i++ {
fn, ok := migrations[i]
if !ok {
return fmt.Errorf("cannot find migration step from schema version %d to %d", i, i+1)
} else if err := fn(db); err != nil {
return err
}
2022-12-26 04:29:55 +01:00
}
2023-02-09 21:24:12 +01:00
return nil
2022-12-26 04:29:55 +01:00
}
2022-12-29 19:08:47 +01:00
func setupNewDB(db *sql.DB) error {
if _, err := db.Exec(createTablesQueries); err != nil {
2022-12-26 04:29:55 +01:00
return err
}
if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
return err
}
return nil
}
2022-12-29 19:08:47 +01:00
func migrateFrom1(db *sql.DB) error {
2023-02-09 21:24:12 +01:00
log.Tag(tag).Info("Migrating user database schema: from 1 to 2")
2022-12-29 19:08:47 +01:00
tx, err := db.Begin()
if err != nil {
return err
}
defer tx.Rollback()
// Rename user -> user_old, and create new tables
2022-12-29 19:08:47 +01:00
if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
return err
}
if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
return err
}
// Insert users from user_old into new user table, with ID and sync_topic
rows, err := tx.Query(migrate1To2SelectAllOldUsernamesNoTx)
2023-01-10 21:41:08 +01:00
if err != nil {
return err
}
defer rows.Close()
usernames := make([]string, 0)
2023-01-10 21:41:08 +01:00
for rows.Next() {
var username string
if err := rows.Scan(&username); err != nil {
2023-01-10 21:41:08 +01:00
return err
}
usernames = append(usernames, username)
2023-01-10 21:41:08 +01:00
}
if err := rows.Close(); err != nil {
return err
}
for _, username := range usernames {
userID := util.RandomStringPrefix(userIDPrefix, userIDLength)
syncTopic := util.RandomStringPrefix(syncTopicPrefix, syncTopicLength)
if _, err := tx.Exec(migrate1To2InsertUserNoTx, userID, syncTopic, username); err != nil {
2023-01-10 21:41:08 +01:00
return err
}
}
// Migrate old "access" table to "user_access" and drop "access" and "user_old"
if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
return err
}
2022-12-29 19:08:47 +01:00
if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
return err
}
if err := tx.Commit(); err != nil {
return err
}
2023-02-09 21:24:12 +01:00
return nil
2022-12-29 19:08:47 +01:00
}
2023-01-16 05:29:46 +01:00
func nullString(s string) sql.NullString {
if s == "" {
return sql.NullString{}
}
return sql.NullString{String: s, Valid: true}
}
func nullInt64(v int64) sql.NullInt64 {
if v == 0 {
return sql.NullInt64{}
}
return sql.NullInt64{Int64: v, Valid: true}
}