Inicio Explorar Ayuda
Iniciar sesión
mirrors
/
ntfy
espejo de https://github.com/binwiederhier/ntfy
1
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: 3d921f4570
Ramas Etiquetas
ntfy
/
user
/
manager.go

manager.go 20 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	tokenLength                  = 32
    19. 

  19. 	bcryptCost                   = 10
    20. 

  20. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    21. 

  21. 	userStatsQueueWriterInterval = 33 * time.Second
    22. 

  22. 	userTokenExpiryDuration      = 72 * time.Hour
    23. 

  23. )
    24. 

  24. 

  25. // Manager-related queries
    26. 

  26. const (
    27. 

  27. 	createTablesQueriesNoTx = `
    28. 

  28. 		CREATE TABLE IF NOT EXISTS plan (
    29. 

  29. 			id INT NOT NULL,		
    30. 

  30. 			code TEXT NOT NULL,
    31. 

  31. 			messages_limit INT NOT NULL,
    32. 

  32. 			emails_limit INT NOT NULL,
    33. 

  33. 			attachment_file_size_limit INT NOT NULL,
    34. 

  34. 			attachment_total_size_limit INT NOT NULL,
    35. 

  35. 			PRIMARY KEY (id)
    36. 

  36. 		);
    37. 

  37. 		CREATE TABLE IF NOT EXISTS user (
    38. 

  38. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    39. 

  39. 			plan_id INT,
    40. 

  40. 			user TEXT NOT NULL,
    41. 

  41. 			pass TEXT NOT NULL,
    42. 

  42. 			role TEXT NOT NULL,
    43. 

  43. 			messages INT NOT NULL DEFAULT (0),
    44. 

  44. 			emails INT NOT NULL DEFAULT (0),			
    45. 

  45. 			settings JSON,
    46. 

  46. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    47. 

  47. 		);
    48. 

  48. 		CREATE UNIQUE INDEX idx_user ON user (user);
    49. 

  49. 		CREATE TABLE IF NOT EXISTS user_access (
    50. 

  50. 			user_id INT NOT NULL,
    51. 

  51. 			owner_user_id INT,			
    52. 

  52. 			topic TEXT NOT NULL,
    53. 

  53. 			read INT NOT NULL,
    54. 

  54. 			write INT NOT NULL,
    55. 

  55. 			PRIMARY KEY (user_id, topic),
    56. 

  56. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    57. 

  57. 		);		
    58. 

  58. 		CREATE TABLE IF NOT EXISTS user_token (
    59. 

  59. 			user_id INT NOT NULL,
    60. 

  60. 			token TEXT NOT NULL,
    61. 

  61. 			expires INT NOT NULL,
    62. 

  62. 			PRIMARY KEY (user_id, token),
    63. 

  63. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    64. 

  64. 		);
    65. 

  65. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    66. 

  66. 			id INT PRIMARY KEY,
    67. 

  67. 			version INT NOT NULL
    68. 

  68. 		);
    69. 

  69. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    70. 

  70. 	`
    71. 

  71. 	createTablesQueries   = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
    72. 

  72. 	selectUserByNameQuery = `
    73. 

  73. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    74. 

  74. 		FROM user u
    75. 

  75. 		LEFT JOIN plan p on p.id = u.plan_id
    76. 

  76. 		WHERE user = ?		
    77. 

  77. 	`
    78. 

  78. 	selectUserByTokenQuery = `
    79. 

  79. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    80. 

  80. 		FROM user u
    81. 

  81. 		JOIN user_token t on u.id = t.user_id
    82. 

  82. 		LEFT JOIN plan p on p.id = u.plan_id
    83. 

  83. 		WHERE t.token = ? AND t.expires >= ?
    84. 

  84. 	`
    85. 

  85. 	selectTopicPermsQuery = `
    86. 

  86. 		SELECT read, write
    87. 

  87. 		FROM user_access a
    88. 

  88. 		JOIN user u ON u.id = a.user_id
    89. 

  89. 		WHERE (u.user = '*' OR u.user = ?) AND ? LIKE a.topic
    90. 

  90. 		ORDER BY u.user DESC
    91. 

  91. 	`
    92. 

  92. )
    93. 

  93. 

  94. // Manager-related queries
    95. 

  95. const (
    96. 

  96. 	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    97. 

  97. 	selectUsernamesQuery = `
    98. 

  98. 		SELECT user 
    99. 

  99. 		FROM user 
    100. 

  100. 		ORDER BY
    101. 

  101. 			CASE role
    102. 

  102. 				WHEN 'admin' THEN 1
    103. 

  103. 				WHEN 'anonymous' THEN 3
    104. 

  104. 				ELSE 2
    105. 

  105. 			END, user
    106. 

  106. 	`
    107. 

  107. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    108. 

  108. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    109. 

  109. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    110. 

  110. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    111. 

  111. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    112. 

  112. 

  113. 	upsertUserAccessQuery = `
    114. 

  114. 		INSERT INTO user_access (user_id, topic, read, write) 
    115. 

  115. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?)
    116. 

  116. 		ON CONFLICT (user_id, topic) 
    117. 

  117. 		DO UPDATE SET read=excluded.read, write=excluded.write
    118. 

  118. 	`
    119. 

  119. 	selectUserAccessQuery  = `SELECT topic, read, write FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) ORDER BY write DESC, read DESC, topic`
    120. 

  120. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    121. 

  121. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    122. 

  122. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    123. 

  123. 

  124. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    125. 

  125. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    126. 

  126. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    127. 

  127. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    128. 

  128. 	deleteUserTokensQuery    = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    129. 

  129. )
    130. 

  130. 

  131. // Schema management queries
    132. 

  132. const (
    133. 

  133. 	currentSchemaVersion     = 2
    134. 

  134. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    135. 

  135. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    136. 

  136. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    137. 

  137. 

  138. 	// 1 -> 2 (complex migration!)
    139. 

  139. 	migrate1To2RenameUserTableQueryNoTx = `
    140. 

  140. 		ALTER TABLE user RENAME TO user_old;
    141. 

  141. 	`
    142. 

  142. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    143. 

  143. 		INSERT INTO user (user, pass, role) 
    144. 

  144. 		SELECT user, pass, role FROM user_old;
    145. 

  145. 

  146. 		INSERT INTO user_access (user_id, topic, read, write)
    147. 

  147. 		SELECT u.id, a.topic, a.read, a.write
    148. 

  148. 		FROM user u
    149. 

  149. 	 	JOIN access a ON u.user = a.user;
    150. 

  150. 

  151. 		DROP TABLE access;
    152. 

  152. 		DROP TABLE user_old;
    153. 

  153. 	`
    154. 

  154. )
    155. 

  155. 

  156. // Manager is an implementation of Manager. It stores users and access control list
    157. 

  157. // in a SQLite database.
    158. 

  158. type Manager struct {
    159. 

  159. 	db                  *sql.DB
    160. 

  160. 	defaultRead         bool             // Default read permission if no ACL matches
    161. 

  161. 	defaultWrite        bool             // Default write permission if no ACL matches
    162. 

  162. 	statsQueue          map[string]*User // Username -> User, for "unimportant" user updates
    163. 

  163. 	tokenExpiryInterval time.Duration    // Duration after which tokens expire, and by which tokens are extended
    164. 

  164. 	mu                  sync.Mutex
    165. 

  165. }
    166. 

  166. 

  167. var _ Auther = (*Manager)(nil)
    168. 

  168. 

  169. // NewManager creates a new Manager instance
    170. 

  170. func NewManager(filename string, defaultRead, defaultWrite bool) (*Manager, error) {
    171. 

  171. 	return newManager(filename, defaultRead, defaultWrite, userTokenExpiryDuration, userStatsQueueWriterInterval)
    172. 

  172. }
    173. 

  173. 

  174. // NewManager creates a new Manager instance
    175. 

  175. func newManager(filename string, defaultRead, defaultWrite bool, tokenExpiryDuration, statsWriterInterval time.Duration) (*Manager, error) {
    176. 

  176. 	db, err := sql.Open("sqlite3", filename)
    177. 

  177. 	if err != nil {
    178. 

  178. 		return nil, err
    179. 

  179. 	}
    180. 

  180. 	if err := setupDB(db); err != nil {
    181. 

  181. 		return nil, err
    182. 

  182. 	}
    183. 

  183. 	manager := &Manager{
    184. 

  184. 		db:                  db,
    185. 

  185. 		defaultRead:         defaultRead,
    186. 

  186. 		defaultWrite:        defaultWrite,
    187. 

  187. 		statsQueue:          make(map[string]*User),
    188. 

  188. 		tokenExpiryInterval: tokenExpiryDuration,
    189. 

  189. 	}
    190. 

  190. 	go manager.userStatsQueueWriter(statsWriterInterval)
    191. 

  191. 	return manager, nil
    192. 

  192. }
    193. 

  193. 

  194. // Authenticate checks username and password and returns a User if correct. The method
    195. 

  195. // returns in constant-ish time, regardless of whether the user exists or the password is
    196. 

  196. // correct or incorrect.
    197. 

  197. func (a *Manager) Authenticate(username, password string) (*User, error) {
    198. 

  198. 	if username == Everyone {
    199. 

  199. 		return nil, ErrUnauthenticated
    200. 

  200. 	}
    201. 

  201. 	user, err := a.User(username)
    202. 

  202. 	if err != nil {
    203. 

  203. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash),
    204. 

  204. 			[]byte("intentional slow-down to avoid timing attacks"))
    205. 

  205. 		return nil, ErrUnauthenticated
    206. 

  206. 	}
    207. 

  207. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    208. 

  208. 		return nil, ErrUnauthenticated
    209. 

  209. 	}
    210. 

  210. 	return user, nil
    211. 

  211. }
    212. 

  212. 

  213. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    214. 

  214. // The method sets the User.Token value to the token that was used for authentication.
    215. 

  215. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    216. 

  216. 	if len(token) != tokenLength {
    217. 

  217. 		return nil, ErrUnauthenticated
    218. 

  218. 	}
    219. 

  219. 	user, err := a.userByToken(token)
    220. 

  220. 	if err != nil {
    221. 

  221. 		return nil, ErrUnauthenticated
    222. 

  222. 	}
    223. 

  223. 	user.Token = token
    224. 

  224. 	return user, nil
    225. 

  225. }
    226. 

  226. 

  227. // CreateToken generates a random token for the given user and returns it. The token expires
    228. 

  228. // after a fixed duration unless ExtendToken is called.
    229. 

  229. func (a *Manager) CreateToken(user *User) (*Token, error) {
    230. 

  230. 	token, expires := util.RandomString(tokenLength), time.Now().Add(userTokenExpiryDuration)
    231. 

  231. 	if _, err := a.db.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    232. 

  232. 		return nil, err
    233. 

  233. 	}
    234. 

  234. 	return &Token{
    235. 

  235. 		Value:   token,
    236. 

  236. 		Expires: expires,
    237. 

  237. 	}, nil
    238. 

  238. }
    239. 

  239. 

  240. // ExtendToken sets the new expiry date for a token, thereby extending its use further into the future.
    241. 

  241. func (a *Manager) ExtendToken(user *User) (*Token, error) {
    242. 

  242. 	newExpires := time.Now().Add(userTokenExpiryDuration)
    243. 

  243. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    244. 

  244. 		return nil, err
    245. 

  245. 	}
    246. 

  246. 	return &Token{
    247. 

  247. 		Value:   user.Token,
    248. 

  248. 		Expires: newExpires,
    249. 

  249. 	}, nil
    250. 

  250. }
    251. 

  251. 

  252. // RemoveToken deletes the token defined in User.Token
    253. 

  253. func (a *Manager) RemoveToken(user *User) error {
    254. 

  254. 	if user.Token == "" {
    255. 

  255. 		return ErrUnauthorized
    256. 

  256. 	}
    257. 

  257. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    258. 

  258. 		return err
    259. 

  259. 	}
    260. 

  260. 	return nil
    261. 

  261. }
    262. 

  262. 

  263. // RemoveExpiredTokens deletes all expired tokens from the database
    264. 

  264. func (a *Manager) RemoveExpiredTokens() error {
    265. 

  265. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    266. 

  266. 		return err
    267. 

  267. 	}
    268. 

  268. 	return nil
    269. 

  269. }
    270. 

  270. 

  271. // ChangeSettings persists the user settings
    272. 

  272. func (a *Manager) ChangeSettings(user *User) error {
    273. 

  273. 	settings, err := json.Marshal(user.Prefs)
    274. 

  274. 	if err != nil {
    275. 

  275. 		return err
    276. 

  276. 	}
    277. 

  277. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    278. 

  278. 		return err
    279. 

  279. 	}
    280. 

  280. 	return nil
    281. 

  281. }
    282. 

  282. 

  283. // EnqueueStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    284. 

  284. // batches at a regular interval
    285. 

  285. func (a *Manager) EnqueueStats(user *User) {
    286. 

  286. 	a.mu.Lock()
    287. 

  287. 	defer a.mu.Unlock()
    288. 

  288. 	a.statsQueue[user.Name] = user
    289. 

  289. }
    290. 

  290. 

  291. func (a *Manager) userStatsQueueWriter(interval time.Duration) {
    292. 

  292. 	ticker := time.NewTicker(interval)
    293. 

  293. 	for range ticker.C {
    294. 

  294. 		if err := a.writeUserStatsQueue(); err != nil {
    295. 

  295. 			log.Warn("UserManager: Writing user stats queue failed: %s", err.Error())
    296. 

  296. 		}
    297. 

  297. 	}
    298. 

  298. }
    299. 

  299. 

  300. func (a *Manager) writeUserStatsQueue() error {
    301. 

  301. 	a.mu.Lock()
    302. 

  302. 	if len(a.statsQueue) == 0 {
    303. 

  303. 		a.mu.Unlock()
    304. 

  304. 		log.Trace("UserManager: No user stats updates to commit")
    305. 

  305. 		return nil
    306. 

  306. 	}
    307. 

  307. 	statsQueue := a.statsQueue
    308. 

  308. 	a.statsQueue = make(map[string]*User)
    309. 

  309. 	a.mu.Unlock()
    310. 

  310. 	tx, err := a.db.Begin()
    311. 

  311. 	if err != nil {
    312. 

  312. 		return err
    313. 

  313. 	}
    314. 

  314. 	defer tx.Rollback()
    315. 

  315. 	log.Debug("UserManager: Writing user stats queue for %d user(s)", len(statsQueue))
    316. 

  316. 	for username, u := range statsQueue {
    317. 

  317. 		log.Trace("UserManager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    318. 

  318. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    319. 

  319. 			return err
    320. 

  320. 		}
    321. 

  321. 	}
    322. 

  322. 	return tx.Commit()
    323. 

  323. }
    324. 

  324. 

  325. // Authorize returns nil if the given user has access to the given topic using the desired
    326. 

  326. // permission. The user param may be nil to signal an anonymous user.
    327. 

  327. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    328. 

  328. 	if user != nil && user.Role == RoleAdmin {
    329. 

  329. 		return nil // Admin can do everything
    330. 

  330. 	}
    331. 

  331. 	username := Everyone
    332. 

  332. 	if user != nil {
    333. 

  333. 		username = user.Name
    334. 

  334. 	}
    335. 

  335. 	// Select the read/write permissions for this user/topic combo. The query may return two
    336. 

  336. 	// rows (one for everyone, and one for the user), but prioritizes the user. The value for
    337. 

  337. 	// user.Name may be empty (= everyone).
    338. 

  338. 	rows, err := a.db.Query(selectTopicPermsQuery, username, topic)
    339. 

  339. 	if err != nil {
    340. 

  340. 		return err
    341. 

  341. 	}
    342. 

  342. 	defer rows.Close()
    343. 

  343. 	if !rows.Next() {
    344. 

  344. 		return a.resolvePerms(a.defaultRead, a.defaultWrite, perm)
    345. 

  345. 	}
    346. 

  346. 	var read, write bool
    347. 

  347. 	if err := rows.Scan(&read, &write); err != nil {
    348. 

  348. 		return err
    349. 

  349. 	} else if err := rows.Err(); err != nil {
    350. 

  350. 		return err
    351. 

  351. 	}
    352. 

  352. 	return a.resolvePerms(read, write, perm)
    353. 

  353. }
    354. 

  354. 

  355. func (a *Manager) resolvePerms(read, write bool, perm Permission) error {
    356. 

  356. 	if perm == PermissionRead && read {
    357. 

  357. 		return nil
    358. 

  358. 	} else if perm == PermissionWrite && write {
    359. 

  359. 		return nil
    360. 

  360. 	}
    361. 

  361. 	return ErrUnauthorized
    362. 

  362. }
    363. 

  363. 

  364. // AddUser adds a user with the given username, password and role
    365. 

  365. func (a *Manager) AddUser(username, password string, role Role) error {
    366. 

  366. 	if !AllowedUsername(username) || !AllowedRole(role) {
    367. 

  367. 		return ErrInvalidArgument
    368. 

  368. 	}
    369. 

  369. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    370. 

  370. 	if err != nil {
    371. 

  371. 		return err
    372. 

  372. 	}
    373. 

  373. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    374. 

  374. 		return err
    375. 

  375. 	}
    376. 

  376. 	return nil
    377. 

  377. }
    378. 

  378. 

  379. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    380. 

  380. // if the user did not exist in the first place.
    381. 

  381. func (a *Manager) RemoveUser(username string) error {
    382. 

  382. 	if !AllowedUsername(username) {
    383. 

  383. 		return ErrInvalidArgument
    384. 

  384. 	}
    385. 

  385. 	tx, err := a.db.Begin()
    386. 

  386. 	if err != nil {
    387. 

  387. 		return err
    388. 

  388. 	}
    389. 

  389. 	defer tx.Rollback()
    390. 

  390. 	if _, err := tx.Exec(deleteUserAccessQuery, username); err != nil {
    391. 

  391. 		return err
    392. 

  392. 	}
    393. 

  393. 	if _, err := tx.Exec(deleteUserTokensQuery, username); err != nil {
    394. 

  394. 		return err
    395. 

  395. 	}
    396. 

  396. 	if _, err := tx.Exec(deleteUserQuery, username); err != nil {
    397. 

  397. 		return err
    398. 

  398. 	}
    399. 

  399. 	return tx.Commit()
    400. 

  400. }
    401. 

  401. 

  402. // Users returns a list of users. It always also returns the Everyone user ("*").
    403. 

  403. func (a *Manager) Users() ([]*User, error) {
    404. 

  404. 	rows, err := a.db.Query(selectUsernamesQuery)
    405. 

  405. 	if err != nil {
    406. 

  406. 		return nil, err
    407. 

  407. 	}
    408. 

  408. 	defer rows.Close()
    409. 

  409. 	usernames := make([]string, 0)
    410. 

  410. 	for rows.Next() {
    411. 

  411. 		var username string
    412. 

  412. 		if err := rows.Scan(&username); err != nil {
    413. 

  413. 			return nil, err
    414. 

  414. 		} else if err := rows.Err(); err != nil {
    415. 

  415. 			return nil, err
    416. 

  416. 		}
    417. 

  417. 		usernames = append(usernames, username)
    418. 

  418. 	}
    419. 

  419. 	rows.Close()
    420. 

  420. 	users := make([]*User, 0)
    421. 

  421. 	for _, username := range usernames {
    422. 

  422. 		user, err := a.User(username)
    423. 

  423. 		if err != nil {
    424. 

  424. 			return nil, err
    425. 

  425. 		}
    426. 

  426. 		users = append(users, user)
    427. 

  427. 	}
    428. 

  428. 	return users, nil
    429. 

  429. }
    430. 

  430. 

  431. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    432. 

  432. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    433. 

  433. func (a *Manager) User(username string) (*User, error) {
    434. 

  434. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    435. 

  435. 	if err != nil {
    436. 

  436. 		return nil, err
    437. 

  437. 	}
    438. 

  438. 	return a.readUser(rows)
    439. 

  439. }
    440. 

  440. 

  441. func (a *Manager) userByToken(token string) (*User, error) {
    442. 

  442. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    443. 

  443. 	if err != nil {
    444. 

  444. 		return nil, err
    445. 

  445. 	}
    446. 

  446. 	return a.readUser(rows)
    447. 

  447. }
    448. 

  448. 

  449. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    450. 

  450. 	defer rows.Close()
    451. 

  451. 	var username, hash, role string
    452. 

  452. 	var settings, planCode sql.NullString
    453. 

  453. 	var messages, emails int64
    454. 

  454. 	var messagesLimit, emailsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit sql.NullInt64
    455. 

  455. 	if !rows.Next() {
    456. 

  456. 		return nil, ErrNotFound
    457. 

  457. 	}
    458. 

  458. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &emailsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit); err != nil {
    459. 

  459. 		return nil, err
    460. 

  460. 	} else if err := rows.Err(); err != nil {
    461. 

  461. 		return nil, err
    462. 

  462. 	}
    463. 

  463. 	grants, err := a.readGrants(username)
    464. 

  464. 	if err != nil {
    465. 

  465. 		return nil, err
    466. 

  466. 	}
    467. 

  467. 	user := &User{
    468. 

  468. 		Name:   username,
    469. 

  469. 		Hash:   hash,
    470. 

  470. 		Role:   Role(role),
    471. 

  471. 		Grants: grants,
    472. 

  472. 		Stats: &Stats{
    473. 

  473. 			Messages: messages,
    474. 

  474. 			Emails:   emails,
    475. 

  475. 		},
    476. 

  476. 	}
    477. 

  477. 	if settings.Valid {
    478. 

  478. 		user.Prefs = &Prefs{}
    479. 

  479. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    480. 

  480. 			return nil, err
    481. 

  481. 		}
    482. 

  482. 	}
    483. 

  483. 	if planCode.Valid {
    484. 

  484. 		user.Plan = &Plan{
    485. 

  485. 			Code:                     planCode.String,
    486. 

  486. 			Upgradable:               true, // FIXME
    487. 

  487. 			MessagesLimit:            messagesLimit.Int64,
    488. 

  488. 			EmailsLimit:              emailsLimit.Int64,
    489. 

  489. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    490. 

  490. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    491. 

  491. 		}
    492. 

  492. 	}
    493. 

  493. 	return user, nil
    494. 

  494. }
    495. 

  495. 

  496. func (a *Manager) readGrants(username string) ([]Grant, error) {
    497. 

  497. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    498. 

  498. 	if err != nil {
    499. 

  499. 		return nil, err
    500. 

  500. 	}
    501. 

  501. 	defer rows.Close()
    502. 

  502. 	grants := make([]Grant, 0)
    503. 

  503. 	for rows.Next() {
    504. 

  504. 		var topic string
    505. 

  505. 		var read, write bool
    506. 

  506. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    507. 

  507. 			return nil, err
    508. 

  508. 		} else if err := rows.Err(); err != nil {
    509. 

  509. 			return nil, err
    510. 

  510. 		}
    511. 

  511. 		grants = append(grants, Grant{
    512. 

  512. 			TopicPattern: fromSQLWildcard(topic),
    513. 

  513. 			AllowRead:    read,
    514. 

  514. 			AllowWrite:   write,
    515. 

  515. 		})
    516. 

  516. 	}
    517. 

  517. 	return grants, nil
    518. 

  518. }
    519. 

  519. 

  520. // ChangePassword changes a user's password
    521. 

  521. func (a *Manager) ChangePassword(username, password string) error {
    522. 

  522. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    523. 

  523. 	if err != nil {
    524. 

  524. 		return err
    525. 

  525. 	}
    526. 

  526. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    527. 

  527. 		return err
    528. 

  528. 	}
    529. 

  529. 	return nil
    530. 

  530. }
    531. 

  531. 

  532. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    533. 

  533. // all existing access control entries (Grant) are removed, since they are no longer needed.
    534. 

  534. func (a *Manager) ChangeRole(username string, role Role) error {
    535. 

  535. 	if !AllowedUsername(username) || !AllowedRole(role) {
    536. 

  536. 		return ErrInvalidArgument
    537. 

  537. 	}
    538. 

  538. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    539. 

  539. 		return err
    540. 

  540. 	}
    541. 

  541. 	if role == RoleAdmin {
    542. 

  542. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    543. 

  543. 			return err
    544. 

  544. 		}
    545. 

  545. 	}
    546. 

  546. 	return nil
    547. 

  547. }
    548. 

  548. 

  549. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    550. 

  550. // read/write access to a topic. The parameter topicPattern may include wildcards (*).
    551. 

  551. func (a *Manager) AllowAccess(username string, topicPattern string, read bool, write bool) error {
    552. 

  552. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopicPattern(topicPattern) {
    553. 

  553. 		return ErrInvalidArgument
    554. 

  554. 	}
    555. 

  555. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write); err != nil {
    556. 

  556. 		return err
    557. 

  557. 	}
    558. 

  558. 	return nil
    559. 

  559. }
    560. 

  560. 

  561. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    562. 

  562. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    563. 

  563. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    564. 

  564. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    565. 

  565. 		return ErrInvalidArgument
    566. 

  566. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    567. 

  567. 		return ErrInvalidArgument
    568. 

  568. 	}
    569. 

  569. 	if username == "" && topicPattern == "" {
    570. 

  570. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    571. 

  571. 		return err
    572. 

  572. 	} else if topicPattern == "" {
    573. 

  573. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    574. 

  574. 		return err
    575. 

  575. 	}
    576. 

  576. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    577. 

  577. 	return err
    578. 

  578. }
    579. 

  579. 

  580. // DefaultAccess returns the default read/write access if no access control entry matches
    581. 

  581. func (a *Manager) DefaultAccess() (read bool, write bool) {
    582. 

  582. 	return a.defaultRead, a.defaultWrite
    583. 

  583. }
    584. 

  584. 

  585. func toSQLWildcard(s string) string {
    586. 

  586. 	return strings.ReplaceAll(s, "*", "%")
    587. 

  587. }
    588. 

  588. 

  589. func fromSQLWildcard(s string) string {
    590. 

  590. 	return strings.ReplaceAll(s, "%", "*")
    591. 

  591. }
    592. 

  592. 

  593. func setupDB(db *sql.DB) error {
    594. 

  594. 	// If 'schemaVersion' table does not exist, this must be a new database
    595. 

  595. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    596. 

  596. 	if err != nil {
    597. 

  597. 		return setupNewDB(db)
    598. 

  598. 	}
    599. 

  599. 	defer rowsSV.Close()
    600. 

  600. 

  601. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    602. 

  602. 	schemaVersion := 0
    603. 

  603. 	if !rowsSV.Next() {
    604. 

  604. 		return errors.New("cannot determine schema version: database file may be corrupt")
    605. 

  605. 	}
    606. 

  606. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    607. 

  607. 		return err
    608. 

  608. 	}
    609. 

  609. 	rowsSV.Close()
    610. 

  610. 

  611. 	// Do migrations
    612. 

  612. 	if schemaVersion == currentSchemaVersion {
    613. 

  613. 		return nil
    614. 

  614. 	} else if schemaVersion == 1 {
    615. 

  615. 		return migrateFrom1(db)
    616. 

  616. 	}
    617. 

  617. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    618. 

  618. }
    619. 

  619. 

  620. func setupNewDB(db *sql.DB) error {
    621. 

  621. 	if _, err := db.Exec(createTablesQueries); err != nil {
    622. 

  622. 		return err
    623. 

  623. 	}
    624. 

  624. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    625. 

  625. 		return err
    626. 

  626. 	}
    627. 

  627. 	return nil
    628. 

  628. }
    629. 

  629. 

  630. func migrateFrom1(db *sql.DB) error {
    631. 

  631. 	log.Info("Migrating user database schema: from 1 to 2")
    632. 

  632. 	tx, err := db.Begin()
    633. 

  633. 	if err != nil {
    634. 

  634. 		return err
    635. 

  635. 	}
    636. 

  636. 	defer tx.Rollback()
    637. 

  637. 	if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
    638. 

  638. 		return err
    639. 

  639. 	}
    640. 

  640. 	if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
    641. 

  641. 		return err
    642. 

  642. 	}
    643. 

  643. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    644. 

  644. 		return err
    645. 

  645. 	}
    646. 

  646. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    647. 

  647. 		return err
    648. 

  648. 	}
    649. 

  649. 	if err := tx.Commit(); err != nil {
    650. 

  650. 		return err
    651. 

  651. 	}
    652. 

  652. 	return nil // Update this when a new version is added
    653. 

  653. }
    654.