Etusivu Tutki Apua
Kirjaudu sisään
mirrors
/
ntfy
peilaus alkaen https://github.com/binwiederhier/ntfy
1
0
Haarauta 0
Tiedostot Esitykset 0 Wiki
Puu: 2fb4bd4975
Haarat Tunnisteet
ntfy
/
user
/
manager.go

manager.go 18 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	tokenLength                  = 32
    19. 

  19. 	bcryptCost                   = 10
    20. 

  20. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    21. 

  21. 	userStatsQueueWriterInterval = 33 * time.Second
    22. 

  22. 	userTokenExpiryDuration      = 72 * time.Hour
    23. 

  23. )
    24. 

  24. 

  25. // Manager-related queries
    26. 

  26. const (
    27. 

  27. 	createAuthTablesQueries = `
    28. 

  28. 		BEGIN;
    29. 

  29. 		CREATE TABLE IF NOT EXISTS plan (
    30. 

  30. 			id INT NOT NULL,		
    31. 

  31. 			code TEXT NOT NULL,
    32. 

  32. 			messages_limit INT NOT NULL,
    33. 

  33. 			emails_limit INT NOT NULL,
    34. 

  34. 			attachment_file_size_limit INT NOT NULL,
    35. 

  35. 			attachment_total_size_limit INT NOT NULL,
    36. 

  36. 			PRIMARY KEY (id)
    37. 

  37. 		);
    38. 

  38. 		CREATE TABLE IF NOT EXISTS user (
    39. 

  39. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    40. 

  40. 			plan_id INT,
    41. 

  41. 			user TEXT NOT NULL,
    42. 

  42. 			pass TEXT NOT NULL,
    43. 

  43. 			role TEXT NOT NULL,
    44. 

  44. 			messages INT NOT NULL DEFAULT (0),
    45. 

  45. 			emails INT NOT NULL DEFAULT (0),			
    46. 

  46. 			settings JSON,
    47. 

  47. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    48. 

  48. 		);
    49. 

  49. 		CREATE UNIQUE INDEX idx_user ON user (user);
    50. 

  50. 		CREATE TABLE IF NOT EXISTS user_access (
    51. 

  51. 			user_id INT NOT NULL,		
    52. 

  52. 			topic TEXT NOT NULL,
    53. 

  53. 			read INT NOT NULL,
    54. 

  54. 			write INT NOT NULL,
    55. 

  55. 			PRIMARY KEY (user_id, topic),
    56. 

  56. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    57. 

  57. 		);		
    58. 

  58. 		CREATE TABLE IF NOT EXISTS user_token (
    59. 

  59. 			user_id INT NOT NULL,
    60. 

  60. 			token TEXT NOT NULL,
    61. 

  61. 			expires INT NOT NULL,
    62. 

  62. 			PRIMARY KEY (user_id, token),
    63. 

  63. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    64. 

  64. 		);
    65. 

  65. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    66. 

  66. 			id INT PRIMARY KEY,
    67. 

  67. 			version INT NOT NULL
    68. 

  68. 		);
    69. 

  69. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    70. 

  70. 		COMMIT;
    71. 

  71. 	`
    72. 

  72. 	selectUserByNameQuery = `
    73. 

  73. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    74. 

  74. 		FROM user u
    75. 

  75. 		LEFT JOIN plan p on p.id = u.plan_id
    76. 

  76. 		WHERE user = ?		
    77. 

  77. 	`
    78. 

  78. 	selectUserByTokenQuery = `
    79. 

  79. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    80. 

  80. 		FROM user u
    81. 

  81. 		JOIN user_token t on u.id = t.user_id
    82. 

  82. 		LEFT JOIN plan p on p.id = u.plan_id
    83. 

  83. 		WHERE t.token = ?
    84. 

  84. 	`
    85. 

  85. 	selectTopicPermsQuery = `
    86. 

  86. 		SELECT read, write 
    87. 

  87. 		FROM user_access
    88. 

  88. 		JOIN user ON user.user = '*' OR user.user = ?
    89. 

  89. 		WHERE ? LIKE user_access.topic
    90. 

  90. 		ORDER BY user.user DESC
    91. 

  91. 	`
    92. 

  92. )
    93. 

  93. 

  94. // Manager-related queries
    95. 

  95. const (
    96. 

  96. 	insertUserQuery         = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    97. 

  97. 	selectUsernamesQuery    = `SELECT user FROM user ORDER BY role, user`
    98. 

  98. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    99. 

  99. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    100. 

  100. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    101. 

  101. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    102. 

  102. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    103. 

  103. 

  104. 	upsertUserAccessQuery  = `INSERT INTO user_access (user_id, topic, read, write) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?)`
    105. 

  105. 	selectUserAccessQuery  = `SELECT topic, read, write FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    106. 

  106. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    107. 

  107. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    108. 

  108. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    109. 

  109. 

  110. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    111. 

  111. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    112. 

  112. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    113. 

  113. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    114. 

  114. 	deleteUserTokensQuery    = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    115. 

  115. )
    116. 

  116. 

  117. // Schema management queries
    118. 

  118. const (
    119. 

  119. 	currentSchemaVersion     = 1
    120. 

  120. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    121. 

  121. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    122. 

  122. )
    123. 

  123. 

  124. // SQLiteManager is an implementation of Manager. It stores users and access control list
    125. 

  125. // in a SQLite database.
    126. 

  126. type SQLiteManager struct {
    127. 

  127. 	db           *sql.DB
    128. 

  128. 	defaultRead  bool
    129. 

  129. 	defaultWrite bool
    130. 

  130. 	statsQueue   map[string]*User // Username -> User, for "unimportant" user updates
    131. 

  131. 	mu           sync.Mutex
    132. 

  132. }
    133. 

  133. 

  134. var _ Manager = (*SQLiteManager)(nil)
    135. 

  135. 

  136. // NewSQLiteAuthManager creates a new SQLiteManager instance
    137. 

  137. func NewSQLiteAuthManager(filename string, defaultRead, defaultWrite bool) (*SQLiteManager, error) {
    138. 

  138. 	db, err := sql.Open("sqlite3", filename)
    139. 

  139. 	if err != nil {
    140. 

  140. 		return nil, err
    141. 

  141. 	}
    142. 

  142. 	if err := setupAuthDB(db); err != nil {
    143. 

  143. 		return nil, err
    144. 

  144. 	}
    145. 

  145. 	manager := &SQLiteManager{
    146. 

  146. 		db:           db,
    147. 

  147. 		defaultRead:  defaultRead,
    148. 

  148. 		defaultWrite: defaultWrite,
    149. 

  149. 		statsQueue:   make(map[string]*User),
    150. 

  150. 	}
    151. 

  151. 	go manager.userStatsQueueWriter()
    152. 

  152. 	return manager, nil
    153. 

  153. }
    154. 

  154. 

  155. // Authenticate checks username and password and returns a user if correct. The method
    156. 

  156. // returns in constant-ish time, regardless of whether the user exists or the password is
    157. 

  157. // correct or incorrect.
    158. 

  158. func (a *SQLiteManager) Authenticate(username, password string) (*User, error) {
    159. 

  159. 	if username == Everyone {
    160. 

  160. 		return nil, ErrUnauthenticated
    161. 

  161. 	}
    162. 

  162. 	user, err := a.User(username)
    163. 

  163. 	if err != nil {
    164. 

  164. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash),
    165. 

  165. 			[]byte("intentional slow-down to avoid timing attacks"))
    166. 

  166. 		return nil, ErrUnauthenticated
    167. 

  167. 	}
    168. 

  168. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    169. 

  169. 		return nil, ErrUnauthenticated
    170. 

  170. 	}
    171. 

  171. 	return user, nil
    172. 

  172. }
    173. 

  173. 

  174. func (a *SQLiteManager) AuthenticateToken(token string) (*User, error) {
    175. 

  175. 	user, err := a.userByToken(token)
    176. 

  176. 	if err != nil {
    177. 

  177. 		return nil, ErrUnauthenticated
    178. 

  178. 	}
    179. 

  179. 	user.Token = token
    180. 

  180. 	return user, nil
    181. 

  181. }
    182. 

  182. 

  183. func (a *SQLiteManager) CreateToken(user *User) (*Token, error) {
    184. 

  184. 	token := util.RandomString(tokenLength)
    185. 

  185. 	expires := time.Now().Add(userTokenExpiryDuration)
    186. 

  186. 	if _, err := a.db.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    187. 

  187. 		return nil, err
    188. 

  188. 	}
    189. 

  189. 	return &Token{
    190. 

  190. 		Value:   token,
    191. 

  191. 		Expires: expires.Unix(),
    192. 

  192. 	}, nil
    193. 

  193. }
    194. 

  194. 

  195. func (a *SQLiteManager) ExtendToken(user *User) (*Token, error) {
    196. 

  196. 	newExpires := time.Now().Add(userTokenExpiryDuration)
    197. 

  197. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    198. 

  198. 		return nil, err
    199. 

  199. 	}
    200. 

  200. 	return &Token{
    201. 

  201. 		Value:   user.Token,
    202. 

  202. 		Expires: newExpires.Unix(),
    203. 

  203. 	}, nil
    204. 

  204. }
    205. 

  205. 

  206. func (a *SQLiteManager) RemoveToken(user *User) error {
    207. 

  207. 	if user.Token == "" {
    208. 

  208. 		return ErrUnauthorized
    209. 

  209. 	}
    210. 

  210. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    211. 

  211. 		return err
    212. 

  212. 	}
    213. 

  213. 	return nil
    214. 

  214. }
    215. 

  215. 

  216. func (a *SQLiteManager) RemoveExpiredTokens() error {
    217. 

  217. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    218. 

  218. 		return err
    219. 

  219. 	}
    220. 

  220. 	return nil
    221. 

  221. }
    222. 

  222. 

  223. func (a *SQLiteManager) ChangeSettings(user *User) error {
    224. 

  224. 	settings, err := json.Marshal(user.Prefs)
    225. 

  225. 	if err != nil {
    226. 

  226. 		return err
    227. 

  227. 	}
    228. 

  228. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    229. 

  229. 		return err
    230. 

  230. 	}
    231. 

  231. 	return nil
    232. 

  232. }
    233. 

  233. 

  234. func (a *SQLiteManager) EnqueueStats(user *User) {
    235. 

  235. 	a.mu.Lock()
    236. 

  236. 	defer a.mu.Unlock()
    237. 

  237. 	a.statsQueue[user.Name] = user
    238. 

  238. }
    239. 

  239. 

  240. func (a *SQLiteManager) userStatsQueueWriter() {
    241. 

  241. 	ticker := time.NewTicker(userStatsQueueWriterInterval)
    242. 

  242. 	for range ticker.C {
    243. 

  243. 		if err := a.writeUserStatsQueue(); err != nil {
    244. 

  244. 			log.Warn("UserManager: Writing user stats queue failed: %s", err.Error())
    245. 

  245. 		}
    246. 

  246. 	}
    247. 

  247. }
    248. 

  248. 

  249. func (a *SQLiteManager) writeUserStatsQueue() error {
    250. 

  250. 	a.mu.Lock()
    251. 

  251. 	if len(a.statsQueue) == 0 {
    252. 

  252. 		a.mu.Unlock()
    253. 

  253. 		log.Trace("UserManager: No user stats updates to commit")
    254. 

  254. 		return nil
    255. 

  255. 	}
    256. 

  256. 	statsQueue := a.statsQueue
    257. 

  257. 	a.statsQueue = make(map[string]*User)
    258. 

  258. 	a.mu.Unlock()
    259. 

  259. 	tx, err := a.db.Begin()
    260. 

  260. 	if err != nil {
    261. 

  261. 		return err
    262. 

  262. 	}
    263. 

  263. 	defer tx.Rollback()
    264. 

  264. 	log.Debug("UserManager: Writing user stats queue for %d user(s)", len(statsQueue))
    265. 

  265. 	for username, u := range statsQueue {
    266. 

  266. 		log.Trace("UserManager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    267. 

  267. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    268. 

  268. 			return err
    269. 

  269. 		}
    270. 

  270. 	}
    271. 

  271. 	return tx.Commit()
    272. 

  272. }
    273. 

  273. 

  274. // Authorize returns nil if the given user has access to the given topic using the desired
    275. 

  275. // permission. The user param may be nil to signal an anonymous user.
    276. 

  276. func (a *SQLiteManager) Authorize(user *User, topic string, perm Permission) error {
    277. 

  277. 	if user != nil && user.Role == RoleAdmin {
    278. 

  278. 		return nil // Admin can do everything
    279. 

  279. 	}
    280. 

  280. 	username := Everyone
    281. 

  281. 	if user != nil {
    282. 

  282. 		username = user.Name
    283. 

  283. 	}
    284. 

  284. 	// Select the read/write permissions for this user/topic combo. The query may return two
    285. 

  285. 	// rows (one for everyone, and one for the user), but prioritizes the user. The value for
    286. 

  286. 	// user.Name may be empty (= everyone).
    287. 

  287. 	rows, err := a.db.Query(selectTopicPermsQuery, username, topic)
    288. 

  288. 	if err != nil {
    289. 

  289. 		return err
    290. 

  290. 	}
    291. 

  291. 	defer rows.Close()
    292. 

  292. 	if !rows.Next() {
    293. 

  293. 		return a.resolvePerms(a.defaultRead, a.defaultWrite, perm)
    294. 

  294. 	}
    295. 

  295. 	var read, write bool
    296. 

  296. 	if err := rows.Scan(&read, &write); err != nil {
    297. 

  297. 		return err
    298. 

  298. 	} else if err := rows.Err(); err != nil {
    299. 

  299. 		return err
    300. 

  300. 	}
    301. 

  301. 	return a.resolvePerms(read, write, perm)
    302. 

  302. }
    303. 

  303. 

  304. func (a *SQLiteManager) resolvePerms(read, write bool, perm Permission) error {
    305. 

  305. 	if perm == PermissionRead && read {
    306. 

  306. 		return nil
    307. 

  307. 	} else if perm == PermissionWrite && write {
    308. 

  308. 		return nil
    309. 

  309. 	}
    310. 

  310. 	return ErrUnauthorized
    311. 

  311. }
    312. 

  312. 

  313. // AddUser adds a user with the given username, password and role. The password should be hashed
    314. 

  314. // before it is stored in a persistence layer.
    315. 

  315. func (a *SQLiteManager) AddUser(username, password string, role Role) error {
    316. 

  316. 	if !AllowedUsername(username) || !AllowedRole(role) {
    317. 

  317. 		return ErrInvalidArgument
    318. 

  318. 	}
    319. 

  319. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    320. 

  320. 	if err != nil {
    321. 

  321. 		return err
    322. 

  322. 	}
    323. 

  323. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    324. 

  324. 		return err
    325. 

  325. 	}
    326. 

  326. 	return nil
    327. 

  327. }
    328. 

  328. 

  329. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    330. 

  330. // if the user did not exist in the first place.
    331. 

  331. func (a *SQLiteManager) RemoveUser(username string) error {
    332. 

  332. 	if !AllowedUsername(username) {
    333. 

  333. 		return ErrInvalidArgument
    334. 

  334. 	}
    335. 

  335. 	if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    336. 

  336. 		return err
    337. 

  337. 	}
    338. 

  338. 	if _, err := a.db.Exec(deleteUserTokensQuery, username); err != nil {
    339. 

  339. 		return err
    340. 

  340. 	}
    341. 

  341. 	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
    342. 

  342. 		return err
    343. 

  343. 	}
    344. 

  344. 	return nil
    345. 

  345. }
    346. 

  346. 

  347. // Users returns a list of users. It always also returns the Everyone user ("*").
    348. 

  348. func (a *SQLiteManager) Users() ([]*User, error) {
    349. 

  349. 	rows, err := a.db.Query(selectUsernamesQuery)
    350. 

  350. 	if err != nil {
    351. 

  351. 		return nil, err
    352. 

  352. 	}
    353. 

  353. 	defer rows.Close()
    354. 

  354. 	usernames := make([]string, 0)
    355. 

  355. 	for rows.Next() {
    356. 

  356. 		var username string
    357. 

  357. 		if err := rows.Scan(&username); err != nil {
    358. 

  358. 			return nil, err
    359. 

  359. 		} else if err := rows.Err(); err != nil {
    360. 

  360. 			return nil, err
    361. 

  361. 		}
    362. 

  362. 		usernames = append(usernames, username)
    363. 

  363. 	}
    364. 

  364. 	rows.Close()
    365. 

  365. 	users := make([]*User, 0)
    366. 

  366. 	for _, username := range usernames {
    367. 

  367. 		user, err := a.User(username)
    368. 

  368. 		if err != nil {
    369. 

  369. 			return nil, err
    370. 

  370. 		}
    371. 

  371. 		users = append(users, user)
    372. 

  372. 	}
    373. 

  373. 	everyone, err := a.everyoneUser()
    374. 

  374. 	if err != nil {
    375. 

  375. 		return nil, err
    376. 

  376. 	}
    377. 

  377. 	users = append(users, everyone)
    378. 

  378. 	return users, nil
    379. 

  379. }
    380. 

  380. 

  381. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    382. 

  382. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    383. 

  383. func (a *SQLiteManager) User(username string) (*User, error) {
    384. 

  384. 	if username == Everyone {
    385. 

  385. 		return a.everyoneUser()
    386. 

  386. 	}
    387. 

  387. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    388. 

  388. 	if err != nil {
    389. 

  389. 		return nil, err
    390. 

  390. 	}
    391. 

  391. 	return a.readUser(rows)
    392. 

  392. }
    393. 

  393. 

  394. func (a *SQLiteManager) userByToken(token string) (*User, error) {
    395. 

  395. 	rows, err := a.db.Query(selectUserByTokenQuery, token)
    396. 

  396. 	if err != nil {
    397. 

  397. 		return nil, err
    398. 

  398. 	}
    399. 

  399. 	return a.readUser(rows)
    400. 

  400. }
    401. 

  401. 

  402. func (a *SQLiteManager) readUser(rows *sql.Rows) (*User, error) {
    403. 

  403. 	defer rows.Close()
    404. 

  404. 	var username, hash, role string
    405. 

  405. 	var settings, planCode sql.NullString
    406. 

  406. 	var messages, emails int64
    407. 

  407. 	var messagesLimit, emailsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit sql.NullInt64
    408. 

  408. 	if !rows.Next() {
    409. 

  409. 		return nil, ErrNotFound
    410. 

  410. 	}
    411. 

  411. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &emailsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit); err != nil {
    412. 

  412. 		return nil, err
    413. 

  413. 	} else if err := rows.Err(); err != nil {
    414. 

  414. 		return nil, err
    415. 

  415. 	}
    416. 

  416. 	grants, err := a.readGrants(username)
    417. 

  417. 	if err != nil {
    418. 

  418. 		return nil, err
    419. 

  419. 	}
    420. 

  420. 	user := &User{
    421. 

  421. 		Name:   username,
    422. 

  422. 		Hash:   hash,
    423. 

  423. 		Role:   Role(role),
    424. 

  424. 		Grants: grants,
    425. 

  425. 		Stats: &Stats{
    426. 

  426. 			Messages: messages,
    427. 

  427. 			Emails:   emails,
    428. 

  428. 		},
    429. 

  429. 	}
    430. 

  430. 	if settings.Valid {
    431. 

  431. 		user.Prefs = &Prefs{}
    432. 

  432. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    433. 

  433. 			return nil, err
    434. 

  434. 		}
    435. 

  435. 	}
    436. 

  436. 	if planCode.Valid {
    437. 

  437. 		user.Plan = &Plan{
    438. 

  438. 			Code:                     planCode.String,
    439. 

  439. 			Upgradable:               true, // FIXME
    440. 

  440. 			MessagesLimit:            messagesLimit.Int64,
    441. 

  441. 			EmailsLimit:              emailsLimit.Int64,
    442. 

  442. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    443. 

  443. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    444. 

  444. 		}
    445. 

  445. 	}
    446. 

  446. 	return user, nil
    447. 

  447. }
    448. 

  448. 

  449. func (a *SQLiteManager) everyoneUser() (*User, error) {
    450. 

  450. 	grants, err := a.readGrants(Everyone)
    451. 

  451. 	if err != nil {
    452. 

  452. 		return nil, err
    453. 

  453. 	}
    454. 

  454. 	return &User{
    455. 

  455. 		Name:   Everyone,
    456. 

  456. 		Hash:   "",
    457. 

  457. 		Role:   RoleAnonymous,
    458. 

  458. 		Grants: grants,
    459. 

  459. 	}, nil
    460. 

  460. }
    461. 

  461. 

  462. func (a *SQLiteManager) readGrants(username string) ([]Grant, error) {
    463. 

  463. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    464. 

  464. 	if err != nil {
    465. 

  465. 		return nil, err
    466. 

  466. 	}
    467. 

  467. 	defer rows.Close()
    468. 

  468. 	grants := make([]Grant, 0)
    469. 

  469. 	for rows.Next() {
    470. 

  470. 		var topic string
    471. 

  471. 		var read, write bool
    472. 

  472. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    473. 

  473. 			return nil, err
    474. 

  474. 		} else if err := rows.Err(); err != nil {
    475. 

  475. 			return nil, err
    476. 

  476. 		}
    477. 

  477. 		grants = append(grants, Grant{
    478. 

  478. 			TopicPattern: fromSQLWildcard(topic),
    479. 

  479. 			AllowRead:    read,
    480. 

  480. 			AllowWrite:   write,
    481. 

  481. 		})
    482. 

  482. 	}
    483. 

  483. 	return grants, nil
    484. 

  484. }
    485. 

  485. 

  486. // ChangePassword changes a user's password
    487. 

  487. func (a *SQLiteManager) ChangePassword(username, password string) error {
    488. 

  488. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    489. 

  489. 	if err != nil {
    490. 

  490. 		return err
    491. 

  491. 	}
    492. 

  492. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    493. 

  493. 		return err
    494. 

  494. 	}
    495. 

  495. 	return nil
    496. 

  496. }
    497. 

  497. 

  498. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    499. 

  499. // all existing access control entries (Grant) are removed, since they are no longer needed.
    500. 

  500. func (a *SQLiteManager) ChangeRole(username string, role Role) error {
    501. 

  501. 	if !AllowedUsername(username) || !AllowedRole(role) {
    502. 

  502. 		return ErrInvalidArgument
    503. 

  503. 	}
    504. 

  504. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    505. 

  505. 		return err
    506. 

  506. 	}
    507. 

  507. 	if role == RoleAdmin {
    508. 

  508. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    509. 

  509. 			return err
    510. 

  510. 		}
    511. 

  511. 	}
    512. 

  512. 	return nil
    513. 

  513. }
    514. 

  514. 

  515. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    516. 

  516. // read/write access to a topic. The parameter topicPattern may include wildcards (*).
    517. 

  517. func (a *SQLiteManager) AllowAccess(username string, topicPattern string, read bool, write bool) error {
    518. 

  518. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopicPattern(topicPattern) {
    519. 

  519. 		return ErrInvalidArgument
    520. 

  520. 	}
    521. 

  521. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write); err != nil {
    522. 

  522. 		return err
    523. 

  523. 	}
    524. 

  524. 	return nil
    525. 

  525. }
    526. 

  526. 

  527. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    528. 

  528. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    529. 

  529. func (a *SQLiteManager) ResetAccess(username string, topicPattern string) error {
    530. 

  530. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    531. 

  531. 		return ErrInvalidArgument
    532. 

  532. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    533. 

  533. 		return ErrInvalidArgument
    534. 

  534. 	}
    535. 

  535. 	if username == "" && topicPattern == "" {
    536. 

  536. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    537. 

  537. 		return err
    538. 

  538. 	} else if topicPattern == "" {
    539. 

  539. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    540. 

  540. 		return err
    541. 

  541. 	}
    542. 

  542. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    543. 

  543. 	return err
    544. 

  544. }
    545. 

  545. 

  546. // DefaultAccess returns the default read/write access if no access control entry matches
    547. 

  547. func (a *SQLiteManager) DefaultAccess() (read bool, write bool) {
    548. 

  548. 	return a.defaultRead, a.defaultWrite
    549. 

  549. }
    550. 

  550. 

  551. func toSQLWildcard(s string) string {
    552. 

  552. 	return strings.ReplaceAll(s, "*", "%")
    553. 

  553. }
    554. 

  554. 

  555. func fromSQLWildcard(s string) string {
    556. 

  556. 	return strings.ReplaceAll(s, "%", "*")
    557. 

  557. }
    558. 

  558. 

  559. func setupAuthDB(db *sql.DB) error {
    560. 

  560. 	// If 'schemaVersion' table does not exist, this must be a new database
    561. 

  561. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    562. 

  562. 	if err != nil {
    563. 

  563. 		return setupNewAuthDB(db)
    564. 

  564. 	}
    565. 

  565. 	defer rowsSV.Close()
    566. 

  566. 

  567. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    568. 

  568. 	schemaVersion := 0
    569. 

  569. 	if !rowsSV.Next() {
    570. 

  570. 		return errors.New("cannot determine schema version: database file may be corrupt")
    571. 

  571. 	}
    572. 

  572. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    573. 

  573. 		return err
    574. 

  574. 	}
    575. 

  575. 	rowsSV.Close()
    576. 

  576. 

  577. 	// Do migrations
    578. 

  578. 	if schemaVersion == currentSchemaVersion {
    579. 

  579. 		return nil
    580. 

  580. 	}
    581. 

  581. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    582. 

  582. }
    583. 

  583. 

  584. func setupNewAuthDB(db *sql.DB) error {
    585. 

  585. 	if _, err := db.Exec(createAuthTablesQueries); err != nil {
    586. 

  586. 		return err
    587. 

  587. 	}
    588. 

  588. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    589. 

  589. 		return err
    590. 

  590. 	}
    591. 

  591. 	return nil
    592. 

  592. }
    593.