Home Explore Help
Sign In
mirrors
/
ntfy
mirror of https://github.com/binwiederhier/ntfy
1
0
Fork 0
Files Issues 0 Wiki
Tree: 21c33f1e82
Branches Tags
ntfy
/
user
/
manager.go

manager.go 23 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	tokenLength                  = 32
    19. 

  19. 	bcryptCost                   = 10
    20. 

  20. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    21. 

  21. 	userStatsQueueWriterInterval = 33 * time.Second
    22. 

  22. 	userTokenExpiryDuration      = 72 * time.Hour
    23. 

  23. )
    24. 

  24. 

  25. var (
    26. 

  26. 	errNoTokenProvided    = errors.New("no token provided")
    27. 

  27. 	errTopicOwnedByOthers = errors.New("topic owned by others")
    28. 

  28. )
    29. 

  29. 

  30. // Manager-related queries
    31. 

  31. const (
    32. 

  32. 	createTablesQueriesNoTx = `
    33. 

  33. 		CREATE TABLE IF NOT EXISTS plan (
    34. 

  34. 			id INT NOT NULL,		
    35. 

  35. 			code TEXT NOT NULL,
    36. 

  36. 			messages_limit INT NOT NULL,
    37. 

  37. 			emails_limit INT NOT NULL,
    38. 

  38. 			topics_limit INT NOT NULL,
    39. 

  39. 			attachment_file_size_limit INT NOT NULL,
    40. 

  40. 			attachment_total_size_limit INT NOT NULL,
    41. 

  41. 			PRIMARY KEY (id)
    42. 

  42. 		);
    43. 

  43. 		CREATE TABLE IF NOT EXISTS user (
    44. 

  44. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    45. 

  45. 			plan_id INT,
    46. 

  46. 			user TEXT NOT NULL,
    47. 

  47. 			pass TEXT NOT NULL,
    48. 

  48. 			role TEXT NOT NULL,
    49. 

  49. 			messages INT NOT NULL DEFAULT (0),
    50. 

  50. 			emails INT NOT NULL DEFAULT (0),			
    51. 

  51. 			settings JSON,
    52. 

  52. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    53. 

  53. 		);
    54. 

  54. 		CREATE UNIQUE INDEX idx_user ON user (user);
    55. 

  55. 		CREATE TABLE IF NOT EXISTS user_access (
    56. 

  56. 			user_id INT NOT NULL,
    57. 

  57. 			topic TEXT NOT NULL,
    58. 

  58. 			read INT NOT NULL,
    59. 

  59. 			write INT NOT NULL,
    60. 

  60. 			owner_user_id INT,			
    61. 

  61. 			PRIMARY KEY (user_id, topic),
    62. 

  62. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    63. 

  63. 		);
    64. 

  64. 		CREATE TABLE IF NOT EXISTS user_token (
    65. 

  65. 			user_id INT NOT NULL,
    66. 

  66. 			token TEXT NOT NULL,
    67. 

  67. 			expires INT NOT NULL,
    68. 

  68. 			PRIMARY KEY (user_id, token),
    69. 

  69. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    70. 

  70. 		);
    71. 

  71. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    72. 

  72. 			id INT PRIMARY KEY,
    73. 

  73. 			version INT NOT NULL
    74. 

  74. 		);
    75. 

  75. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    76. 

  76. 	`
    77. 

  77. 	createTablesQueries   = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
    78. 

  78. 	selectUserByNameQuery = `
    79. 

  79. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    80. 

  80. 		FROM user u
    81. 

  81. 		LEFT JOIN plan p on p.id = u.plan_id
    82. 

  82. 		WHERE user = ?		
    83. 

  83. 	`
    84. 

  84. 	selectUserByTokenQuery = `
    85. 

  85. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    86. 

  86. 		FROM user u
    87. 

  87. 		JOIN user_token t on u.id = t.user_id
    88. 

  88. 		LEFT JOIN plan p on p.id = u.plan_id
    89. 

  89. 		WHERE t.token = ? AND t.expires >= ?
    90. 

  90. 	`
    91. 

  91. 	selectTopicPermsQuery = `
    92. 

  92. 		SELECT read, write
    93. 

  93. 		FROM user_access a
    94. 

  94. 		JOIN user u ON u.id = a.user_id
    95. 

  95. 		WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic
    96. 

  96. 		ORDER BY u.user DESC
    97. 

  97. 	`
    98. 

  98. )
    99. 

  99. 

  100. // Manager-related queries
    101. 

  101. const (
    102. 

  102. 	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    103. 

  103. 	selectUsernamesQuery = `
    104. 

  104. 		SELECT user 
    105. 

  105. 		FROM user 
    106. 

  106. 		ORDER BY
    107. 

  107. 			CASE role
    108. 

  108. 				WHEN 'admin' THEN 1
    109. 

  109. 				WHEN 'anonymous' THEN 3
    110. 

  110. 				ELSE 2
    111. 

  111. 			END, user
    112. 

  112. 	`
    113. 

  113. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    114. 

  114. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    115. 

  115. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    116. 

  116. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    117. 

  117. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    118. 

  118. 

  119. 	upsertUserAccessQuery = `
    120. 

  120. 		INSERT INTO user_access (user_id, topic, read, write, owner_user_id) 
    121. 

  121. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
    122. 

  122. 		ON CONFLICT (user_id, topic) 
    123. 

  123. 		DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
    124. 

  124. 	`
    125. 

  125. 	selectUserAccessQuery = `
    126. 

  126. 		SELECT topic, read, write
    127. 

  127. 		FROM user_access 
    128. 

  128. 		WHERE user_id = (SELECT id FROM user WHERE user = ?) 
    129. 

  129. 		ORDER BY write DESC, read DESC, topic
    130. 

  130. 	`
    131. 

  131. 	selectUserReservationsQuery = `
    132. 

  132. 		SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
    133. 

  133. 		FROM user_access a_user
    134. 

  134. 		LEFT JOIN  user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
    135. 

  135. 		WHERE a_user.user_id = a_user.owner_user_id
    136. 

  136. 		  AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
    137. 

  137. 		ORDER BY a_user.topic
    138. 

  138. 	`
    139. 

  139. 	selectOtherAccessCountQuery = `
    140. 

  140. 		SELECT count(*)
    141. 

  141. 		FROM user_access
    142. 

  142. 		WHERE (topic = ? OR ? LIKE topic)
    143. 

  143. 		  AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
    144. 

  144. 	`
    145. 

  145. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    146. 

  146. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    147. 

  147. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    148. 

  148. 

  149. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    150. 

  150. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    151. 

  151. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    152. 

  152. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    153. 

  153. 	deleteUserTokensQuery    = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    154. 

  154. )
    155. 

  155. 

  156. // Schema management queries
    157. 

  157. const (
    158. 

  158. 	currentSchemaVersion     = 2
    159. 

  159. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    160. 

  160. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    161. 

  161. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    162. 

  162. 

  163. 	// 1 -> 2 (complex migration!)
    164. 

  164. 	migrate1To2RenameUserTableQueryNoTx = `
    165. 

  165. 		ALTER TABLE user RENAME TO user_old;
    166. 

  166. 	`
    167. 

  167. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    168. 

  168. 		INSERT INTO user (user, pass, role) 
    169. 

  169. 		SELECT user, pass, role FROM user_old;
    170. 

  170. 

  171. 		INSERT INTO user_access (user_id, topic, read, write)
    172. 

  172. 		SELECT u.id, a.topic, a.read, a.write
    173. 

  173. 		FROM user u
    174. 

  174. 	 	JOIN access a ON u.user = a.user;
    175. 

  175. 

  176. 		DROP TABLE access;
    177. 

  177. 		DROP TABLE user_old;
    178. 

  178. 	`
    179. 

  179. )
    180. 

  180. 

  181. // Manager is an implementation of Manager. It stores users and access control list
    182. 

  182. // in a SQLite database.
    183. 

  183. type Manager struct {
    184. 

  184. 	db                  *sql.DB
    185. 

  185. 	defaultAccess       Permission       // Default permission if no ACL matches
    186. 

  186. 	statsQueue          map[string]*User // Username -> User, for "unimportant" user updates
    187. 

  187. 	tokenExpiryInterval time.Duration    // Duration after which tokens expire, and by which tokens are extended
    188. 

  188. 	mu                  sync.Mutex
    189. 

  189. }
    190. 

  190. 

  191. var _ Auther = (*Manager)(nil)
    192. 

  192. 

  193. // NewManager creates a new Manager instance
    194. 

  194. func NewManager(filename string, defaultAccess Permission) (*Manager, error) {
    195. 

  195. 	return newManager(filename, defaultAccess, userTokenExpiryDuration, userStatsQueueWriterInterval)
    196. 

  196. }
    197. 

  197. 

  198. // NewManager creates a new Manager instance
    199. 

  199. func newManager(filename string, defaultAccess Permission, tokenExpiryDuration, statsWriterInterval time.Duration) (*Manager, error) {
    200. 

  200. 	db, err := sql.Open("sqlite3", filename)
    201. 

  201. 	if err != nil {
    202. 

  202. 		return nil, err
    203. 

  203. 	}
    204. 

  204. 	if err := setupDB(db); err != nil {
    205. 

  205. 		return nil, err
    206. 

  206. 	}
    207. 

  207. 	manager := &Manager{
    208. 

  208. 		db:                  db,
    209. 

  209. 		defaultAccess:       defaultAccess,
    210. 

  210. 		statsQueue:          make(map[string]*User),
    211. 

  211. 		tokenExpiryInterval: tokenExpiryDuration,
    212. 

  212. 	}
    213. 

  213. 	go manager.userStatsQueueWriter(statsWriterInterval)
    214. 

  214. 	return manager, nil
    215. 

  215. }
    216. 

  216. 

  217. // Authenticate checks username and password and returns a User if correct. The method
    218. 

  218. // returns in constant-ish time, regardless of whether the user exists or the password is
    219. 

  219. // correct or incorrect.
    220. 

  220. func (a *Manager) Authenticate(username, password string) (*User, error) {
    221. 

  221. 	if username == Everyone {
    222. 

  222. 		return nil, ErrUnauthenticated
    223. 

  223. 	}
    224. 

  224. 	user, err := a.User(username)
    225. 

  225. 	if err != nil {
    226. 

  226. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash),
    227. 

  227. 			[]byte("intentional slow-down to avoid timing attacks"))
    228. 

  228. 		return nil, ErrUnauthenticated
    229. 

  229. 	}
    230. 

  230. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    231. 

  231. 		return nil, ErrUnauthenticated
    232. 

  232. 	}
    233. 

  233. 	return user, nil
    234. 

  234. }
    235. 

  235. 

  236. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    237. 

  237. // The method sets the User.Token value to the token that was used for authentication.
    238. 

  238. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    239. 

  239. 	if len(token) != tokenLength {
    240. 

  240. 		return nil, ErrUnauthenticated
    241. 

  241. 	}
    242. 

  242. 	user, err := a.userByToken(token)
    243. 

  243. 	if err != nil {
    244. 

  244. 		return nil, ErrUnauthenticated
    245. 

  245. 	}
    246. 

  246. 	user.Token = token
    247. 

  247. 	return user, nil
    248. 

  248. }
    249. 

  249. 

  250. // CreateToken generates a random token for the given user and returns it. The token expires
    251. 

  251. // after a fixed duration unless ExtendToken is called.
    252. 

  252. func (a *Manager) CreateToken(user *User) (*Token, error) {
    253. 

  253. 	token, expires := util.RandomString(tokenLength), time.Now().Add(userTokenExpiryDuration)
    254. 

  254. 	if _, err := a.db.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    255. 

  255. 		return nil, err
    256. 

  256. 	}
    257. 

  257. 	return &Token{
    258. 

  258. 		Value:   token,
    259. 

  259. 		Expires: expires,
    260. 

  260. 	}, nil
    261. 

  261. }
    262. 

  262. 

  263. // ExtendToken sets the new expiry date for a token, thereby extending its use further into the future.
    264. 

  264. func (a *Manager) ExtendToken(user *User) (*Token, error) {
    265. 

  265. 	if user.Token == "" {
    266. 

  266. 		return nil, errNoTokenProvided
    267. 

  267. 	}
    268. 

  268. 	newExpires := time.Now().Add(userTokenExpiryDuration)
    269. 

  269. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    270. 

  270. 		return nil, err
    271. 

  271. 	}
    272. 

  272. 	return &Token{
    273. 

  273. 		Value:   user.Token,
    274. 

  274. 		Expires: newExpires,
    275. 

  275. 	}, nil
    276. 

  276. }
    277. 

  277. 

  278. // RemoveToken deletes the token defined in User.Token
    279. 

  279. func (a *Manager) RemoveToken(user *User) error {
    280. 

  280. 	if user.Token == "" {
    281. 

  281. 		return ErrUnauthorized
    282. 

  282. 	}
    283. 

  283. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    284. 

  284. 		return err
    285. 

  285. 	}
    286. 

  286. 	return nil
    287. 

  287. }
    288. 

  288. 

  289. // RemoveExpiredTokens deletes all expired tokens from the database
    290. 

  290. func (a *Manager) RemoveExpiredTokens() error {
    291. 

  291. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    292. 

  292. 		return err
    293. 

  293. 	}
    294. 

  294. 	return nil
    295. 

  295. }
    296. 

  296. 

  297. // ChangeSettings persists the user settings
    298. 

  298. func (a *Manager) ChangeSettings(user *User) error {
    299. 

  299. 	settings, err := json.Marshal(user.Prefs)
    300. 

  300. 	if err != nil {
    301. 

  301. 		return err
    302. 

  302. 	}
    303. 

  303. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    304. 

  304. 		return err
    305. 

  305. 	}
    306. 

  306. 	return nil
    307. 

  307. }
    308. 

  308. 

  309. // EnqueueStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    310. 

  310. // batches at a regular interval
    311. 

  311. func (a *Manager) EnqueueStats(user *User) {
    312. 

  312. 	a.mu.Lock()
    313. 

  313. 	defer a.mu.Unlock()
    314. 

  314. 	a.statsQueue[user.Name] = user
    315. 

  315. }
    316. 

  316. 

  317. func (a *Manager) userStatsQueueWriter(interval time.Duration) {
    318. 

  318. 	ticker := time.NewTicker(interval)
    319. 

  319. 	for range ticker.C {
    320. 

  320. 		if err := a.writeUserStatsQueue(); err != nil {
    321. 

  321. 			log.Warn("UserManager: Writing user stats queue failed: %s", err.Error())
    322. 

  322. 		}
    323. 

  323. 	}
    324. 

  324. }
    325. 

  325. 

  326. func (a *Manager) writeUserStatsQueue() error {
    327. 

  327. 	a.mu.Lock()
    328. 

  328. 	if len(a.statsQueue) == 0 {
    329. 

  329. 		a.mu.Unlock()
    330. 

  330. 		log.Trace("UserManager: No user stats updates to commit")
    331. 

  331. 		return nil
    332. 

  332. 	}
    333. 

  333. 	statsQueue := a.statsQueue
    334. 

  334. 	a.statsQueue = make(map[string]*User)
    335. 

  335. 	a.mu.Unlock()
    336. 

  336. 	tx, err := a.db.Begin()
    337. 

  337. 	if err != nil {
    338. 

  338. 		return err
    339. 

  339. 	}
    340. 

  340. 	defer tx.Rollback()
    341. 

  341. 	log.Debug("UserManager: Writing user stats queue for %d user(s)", len(statsQueue))
    342. 

  342. 	for username, u := range statsQueue {
    343. 

  343. 		log.Trace("UserManager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    344. 

  344. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    345. 

  345. 			return err
    346. 

  346. 		}
    347. 

  347. 	}
    348. 

  348. 	return tx.Commit()
    349. 

  349. }
    350. 

  350. 

  351. // Authorize returns nil if the given user has access to the given topic using the desired
    352. 

  352. // permission. The user param may be nil to signal an anonymous user.
    353. 

  353. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    354. 

  354. 	if user != nil && user.Role == RoleAdmin {
    355. 

  355. 		return nil // Admin can do everything
    356. 

  356. 	}
    357. 

  357. 	username := Everyone
    358. 

  358. 	if user != nil {
    359. 

  359. 		username = user.Name
    360. 

  360. 	}
    361. 

  361. 	// Select the read/write permissions for this user/topic combo. The query may return two
    362. 

  362. 	// rows (one for everyone, and one for the user), but prioritizes the user.
    363. 

  363. 	rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
    364. 

  364. 	if err != nil {
    365. 

  365. 		return err
    366. 

  366. 	}
    367. 

  367. 	defer rows.Close()
    368. 

  368. 	if !rows.Next() {
    369. 

  369. 		return a.resolvePerms(a.defaultAccess, perm)
    370. 

  370. 	}
    371. 

  371. 	var read, write bool
    372. 

  372. 	if err := rows.Scan(&read, &write); err != nil {
    373. 

  373. 		return err
    374. 

  374. 	} else if err := rows.Err(); err != nil {
    375. 

  375. 		return err
    376. 

  376. 	}
    377. 

  377. 	return a.resolvePerms(NewPermission(read, write), perm)
    378. 

  378. }
    379. 

  379. 

  380. func (a *Manager) resolvePerms(base, perm Permission) error {
    381. 

  381. 	if perm == PermissionRead && base.IsRead() {
    382. 

  382. 		return nil
    383. 

  383. 	} else if perm == PermissionWrite && base.IsWrite() {
    384. 

  384. 		return nil
    385. 

  385. 	}
    386. 

  386. 	return ErrUnauthorized
    387. 

  387. }
    388. 

  388. 

  389. // AddUser adds a user with the given username, password and role
    390. 

  390. func (a *Manager) AddUser(username, password string, role Role) error {
    391. 

  391. 	if !AllowedUsername(username) || !AllowedRole(role) {
    392. 

  392. 		return ErrInvalidArgument
    393. 

  393. 	}
    394. 

  394. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    395. 

  395. 	if err != nil {
    396. 

  396. 		return err
    397. 

  397. 	}
    398. 

  398. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    399. 

  399. 		return err
    400. 

  400. 	}
    401. 

  401. 	return nil
    402. 

  402. }
    403. 

  403. 

  404. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    405. 

  405. // if the user did not exist in the first place.
    406. 

  406. func (a *Manager) RemoveUser(username string) error {
    407. 

  407. 	if !AllowedUsername(username) {
    408. 

  408. 		return ErrInvalidArgument
    409. 

  409. 	}
    410. 

  410. 	tx, err := a.db.Begin()
    411. 

  411. 	if err != nil {
    412. 

  412. 		return err
    413. 

  413. 	}
    414. 

  414. 	defer tx.Rollback()
    415. 

  415. 	if _, err := tx.Exec(deleteUserAccessQuery, username); err != nil {
    416. 

  416. 		return err
    417. 

  417. 	}
    418. 

  418. 	if _, err := tx.Exec(deleteUserTokensQuery, username); err != nil {
    419. 

  419. 		return err
    420. 

  420. 	}
    421. 

  421. 	if _, err := tx.Exec(deleteUserQuery, username); err != nil {
    422. 

  422. 		return err
    423. 

  423. 	}
    424. 

  424. 	return tx.Commit()
    425. 

  425. }
    426. 

  426. 

  427. // Users returns a list of users. It always also returns the Everyone user ("*").
    428. 

  428. func (a *Manager) Users() ([]*User, error) {
    429. 

  429. 	rows, err := a.db.Query(selectUsernamesQuery)
    430. 

  430. 	if err != nil {
    431. 

  431. 		return nil, err
    432. 

  432. 	}
    433. 

  433. 	defer rows.Close()
    434. 

  434. 	usernames := make([]string, 0)
    435. 

  435. 	for rows.Next() {
    436. 

  436. 		var username string
    437. 

  437. 		if err := rows.Scan(&username); err != nil {
    438. 

  438. 			return nil, err
    439. 

  439. 		} else if err := rows.Err(); err != nil {
    440. 

  440. 			return nil, err
    441. 

  441. 		}
    442. 

  442. 		usernames = append(usernames, username)
    443. 

  443. 	}
    444. 

  444. 	rows.Close()
    445. 

  445. 	users := make([]*User, 0)
    446. 

  446. 	for _, username := range usernames {
    447. 

  447. 		user, err := a.User(username)
    448. 

  448. 		if err != nil {
    449. 

  449. 			return nil, err
    450. 

  450. 		}
    451. 

  451. 		users = append(users, user)
    452. 

  452. 	}
    453. 

  453. 	return users, nil
    454. 

  454. }
    455. 

  455. 

  456. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    457. 

  457. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    458. 

  458. func (a *Manager) User(username string) (*User, error) {
    459. 

  459. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    460. 

  460. 	if err != nil {
    461. 

  461. 		return nil, err
    462. 

  462. 	}
    463. 

  463. 	return a.readUser(rows)
    464. 

  464. }
    465. 

  465. 

  466. func (a *Manager) userByToken(token string) (*User, error) {
    467. 

  467. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    468. 

  468. 	if err != nil {
    469. 

  469. 		return nil, err
    470. 

  470. 	}
    471. 

  471. 	return a.readUser(rows)
    472. 

  472. }
    473. 

  473. 

  474. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    475. 

  475. 	defer rows.Close()
    476. 

  476. 	var username, hash, role string
    477. 

  477. 	var settings, planCode sql.NullString
    478. 

  478. 	var messages, emails int64
    479. 

  479. 	var messagesLimit, emailsLimit, topicsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit sql.NullInt64
    480. 

  480. 	if !rows.Next() {
    481. 

  481. 		return nil, ErrNotFound
    482. 

  482. 	}
    483. 

  483. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &emailsLimit, &topicsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit); err != nil {
    484. 

  484. 		return nil, err
    485. 

  485. 	} else if err := rows.Err(); err != nil {
    486. 

  486. 		return nil, err
    487. 

  487. 	}
    488. 

  488. 	user := &User{
    489. 

  489. 		Name: username,
    490. 

  490. 		Hash: hash,
    491. 

  491. 		Role: Role(role),
    492. 

  492. 		Stats: &Stats{
    493. 

  493. 			Messages: messages,
    494. 

  494. 			Emails:   emails,
    495. 

  495. 		},
    496. 

  496. 	}
    497. 

  497. 	if settings.Valid {
    498. 

  498. 		user.Prefs = &Prefs{}
    499. 

  499. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    500. 

  500. 			return nil, err
    501. 

  501. 		}
    502. 

  502. 	}
    503. 

  503. 	if planCode.Valid {
    504. 

  504. 		user.Plan = &Plan{
    505. 

  505. 			Code:                     planCode.String,
    506. 

  506. 			Upgradable:               true, // FIXME
    507. 

  507. 			MessagesLimit:            messagesLimit.Int64,
    508. 

  508. 			EmailsLimit:              emailsLimit.Int64,
    509. 

  509. 			TopicsLimit:              topicsLimit.Int64,
    510. 

  510. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    511. 

  511. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    512. 

  512. 		}
    513. 

  513. 	}
    514. 

  514. 	return user, nil
    515. 

  515. }
    516. 

  516. 

  517. // Grants returns all user-specific access control entries
    518. 

  518. func (a *Manager) Grants(username string) ([]Grant, error) {
    519. 

  519. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    520. 

  520. 	if err != nil {
    521. 

  521. 		return nil, err
    522. 

  522. 	}
    523. 

  523. 	defer rows.Close()
    524. 

  524. 	grants := make([]Grant, 0)
    525. 

  525. 	for rows.Next() {
    526. 

  526. 		var topic string
    527. 

  527. 		var read, write bool
    528. 

  528. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    529. 

  529. 			return nil, err
    530. 

  530. 		} else if err := rows.Err(); err != nil {
    531. 

  531. 			return nil, err
    532. 

  532. 		}
    533. 

  533. 		grants = append(grants, Grant{
    534. 

  534. 			TopicPattern: fromSQLWildcard(topic),
    535. 

  535. 			Allow:        NewPermission(read, write),
    536. 

  536. 		})
    537. 

  537. 	}
    538. 

  538. 	return grants, nil
    539. 

  539. }
    540. 

  540. 

  541. // Reservations returns all user-owned topics, and the associated everyone-access
    542. 

  542. func (a *Manager) Reservations(username string) ([]Reservation, error) {
    543. 

  543. 	rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
    544. 

  544. 	if err != nil {
    545. 

  545. 		return nil, err
    546. 

  546. 	}
    547. 

  547. 	defer rows.Close()
    548. 

  548. 	reservations := make([]Reservation, 0)
    549. 

  549. 	for rows.Next() {
    550. 

  550. 		var topic string
    551. 

  551. 		var ownerRead, ownerWrite bool
    552. 

  552. 		var everyoneRead, everyoneWrite sql.NullBool
    553. 

  553. 		if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
    554. 

  554. 			return nil, err
    555. 

  555. 		} else if err := rows.Err(); err != nil {
    556. 

  556. 			return nil, err
    557. 

  557. 		}
    558. 

  558. 		reservations = append(reservations, Reservation{
    559. 

  559. 			Topic:    topic,
    560. 

  560. 			Owner:    NewPermission(ownerRead, ownerWrite),
    561. 

  561. 			Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
    562. 

  562. 		})
    563. 

  563. 	}
    564. 

  564. 	return reservations, nil
    565. 

  565. }
    566. 

  566. 

  567. // ChangePassword changes a user's password
    568. 

  568. func (a *Manager) ChangePassword(username, password string) error {
    569. 

  569. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    570. 

  570. 	if err != nil {
    571. 

  571. 		return err
    572. 

  572. 	}
    573. 

  573. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    574. 

  574. 		return err
    575. 

  575. 	}
    576. 

  576. 	return nil
    577. 

  577. }
    578. 

  578. 

  579. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    580. 

  580. // all existing access control entries (Grant) are removed, since they are no longer needed.
    581. 

  581. func (a *Manager) ChangeRole(username string, role Role) error {
    582. 

  582. 	if !AllowedUsername(username) || !AllowedRole(role) {
    583. 

  583. 		return ErrInvalidArgument
    584. 

  584. 	}
    585. 

  585. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    586. 

  586. 		return err
    587. 

  587. 	}
    588. 

  588. 	if role == RoleAdmin {
    589. 

  589. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    590. 

  590. 			return err
    591. 

  591. 		}
    592. 

  592. 	}
    593. 

  593. 	return nil
    594. 

  594. }
    595. 

  595. 

  596. // CheckAllowAccess tests if a user may create an access control entry for the given topic.
    597. 

  597. // If there are any ACL entries that are not owned by the user, an error is returned.
    598. 

  598. func (a *Manager) CheckAllowAccess(username string, topic string) error {
    599. 

  599. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
    600. 

  600. 		return ErrInvalidArgument
    601. 

  601. 	}
    602. 

  602. 	rows, err := a.db.Query(selectOtherAccessCountQuery, topic, topic, username)
    603. 

  603. 	if err != nil {
    604. 

  604. 		return err
    605. 

  605. 	}
    606. 

  606. 	defer rows.Close()
    607. 

  607. 	if !rows.Next() {
    608. 

  608. 		return errors.New("no rows found")
    609. 

  609. 	}
    610. 

  610. 	var otherCount int
    611. 

  611. 	if err := rows.Scan(&otherCount); err != nil {
    612. 

  612. 		return err
    613. 

  613. 	}
    614. 

  614. 	if otherCount > 0 {
    615. 

  615. 		return errTopicOwnedByOthers
    616. 

  616. 	}
    617. 

  617. 	return nil
    618. 

  618. }
    619. 

  619. 

  620. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    621. 

  621. // read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
    622. 

  622. // owner may either be a user (username), or the system (empty).
    623. 

  623. func (a *Manager) AllowAccess(owner, username string, topicPattern string, read bool, write bool) error {
    624. 

  624. 	if !AllowedUsername(username) && username != Everyone {
    625. 

  625. 		return ErrInvalidArgument
    626. 

  626. 	} else if owner != "" && !AllowedUsername(owner) {
    627. 

  627. 		return ErrInvalidArgument
    628. 

  628. 	} else if !AllowedTopicPattern(topicPattern) {
    629. 

  629. 		return ErrInvalidArgument
    630. 

  630. 	}
    631. 

  631. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write, owner, owner); err != nil {
    632. 

  632. 		return err
    633. 

  633. 	}
    634. 

  634. 	return nil
    635. 

  635. }
    636. 

  636. 

  637. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    638. 

  638. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    639. 

  639. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    640. 

  640. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    641. 

  641. 		return ErrInvalidArgument
    642. 

  642. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    643. 

  643. 		return ErrInvalidArgument
    644. 

  644. 	}
    645. 

  645. 	if username == "" && topicPattern == "" {
    646. 

  646. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    647. 

  647. 		return err
    648. 

  648. 	} else if topicPattern == "" {
    649. 

  649. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    650. 

  650. 		return err
    651. 

  651. 	}
    652. 

  652. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    653. 

  653. 	return err
    654. 

  654. }
    655. 

  655. 

  656. // DefaultAccess returns the default read/write access if no access control entry matches
    657. 

  657. func (a *Manager) DefaultAccess() Permission {
    658. 

  658. 	return a.defaultAccess
    659. 

  659. }
    660. 

  660. 

  661. func toSQLWildcard(s string) string {
    662. 

  662. 	return strings.ReplaceAll(s, "*", "%")
    663. 

  663. }
    664. 

  664. 

  665. func fromSQLWildcard(s string) string {
    666. 

  666. 	return strings.ReplaceAll(s, "%", "*")
    667. 

  667. }
    668. 

  668. 

  669. func setupDB(db *sql.DB) error {
    670. 

  670. 	// If 'schemaVersion' table does not exist, this must be a new database
    671. 

  671. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    672. 

  672. 	if err != nil {
    673. 

  673. 		return setupNewDB(db)
    674. 

  674. 	}
    675. 

  675. 	defer rowsSV.Close()
    676. 

  676. 

  677. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    678. 

  678. 	schemaVersion := 0
    679. 

  679. 	if !rowsSV.Next() {
    680. 

  680. 		return errors.New("cannot determine schema version: database file may be corrupt")
    681. 

  681. 	}
    682. 

  682. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    683. 

  683. 		return err
    684. 

  684. 	}
    685. 

  685. 	rowsSV.Close()
    686. 

  686. 

  687. 	// Do migrations
    688. 

  688. 	if schemaVersion == currentSchemaVersion {
    689. 

  689. 		return nil
    690. 

  690. 	} else if schemaVersion == 1 {
    691. 

  691. 		return migrateFrom1(db)
    692. 

  692. 	}
    693. 

  693. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    694. 

  694. }
    695. 

  695. 

  696. func setupNewDB(db *sql.DB) error {
    697. 

  697. 	if _, err := db.Exec(createTablesQueries); err != nil {
    698. 

  698. 		return err
    699. 

  699. 	}
    700. 

  700. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    701. 

  701. 		return err
    702. 

  702. 	}
    703. 

  703. 	return nil
    704. 

  704. }
    705. 

  705. 

  706. func migrateFrom1(db *sql.DB) error {
    707. 

  707. 	log.Info("Migrating user database schema: from 1 to 2")
    708. 

  708. 	tx, err := db.Begin()
    709. 

  709. 	if err != nil {
    710. 

  710. 		return err
    711. 

  711. 	}
    712. 

  712. 	defer tx.Rollback()
    713. 

  713. 	if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
    714. 

  714. 		return err
    715. 

  715. 	}
    716. 

  716. 	if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
    717. 

  717. 		return err
    718. 

  718. 	}
    719. 

  719. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    720. 

  720. 		return err
    721. 

  721. 	}
    722. 

  722. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    723. 

  723. 		return err
    724. 

  724. 	}
    725. 

  725. 	if err := tx.Commit(); err != nil {
    726. 

  726. 		return err
    727. 

  727. 	}
    728. 

  728. 	return nil // Update this when a new version is added
    729. 

  729. }
    730.