صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
mirrors
/
ntfy
mirrorاز https://github.com/binwiederhier/ntfy
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: 60f1882bec
شاخه‌ها تگ‌ها
ntfy
/
user
/
manager.go

manager.go 23 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	tokenLength                  = 32
    19. 

  19. 	bcryptCost                   = 10
    20. 

  20. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    21. 

  21. 	userStatsQueueWriterInterval = 33 * time.Second
    22. 

  22. 	userTokenExpiryDuration      = 72 * time.Hour
    23. 

  23. )
    24. 

  24. 

  25. var (
    26. 

  26. 	errNoTokenProvided    = errors.New("no token provided")
    27. 

  27. 	errTopicOwnedByOthers = errors.New("topic owned by others")
    28. 

  28. )
    29. 

  29. 

  30. // Manager-related queries
    31. 

  31. const (
    32. 

  32. 	createTablesQueriesNoTx = `
    33. 

  33. 		CREATE TABLE IF NOT EXISTS plan (
    34. 

  34. 			id INT NOT NULL,		
    35. 

  35. 			code TEXT NOT NULL,
    36. 

  36. 			messages_limit INT NOT NULL,
    37. 

  37. 			emails_limit INT NOT NULL,
    38. 

  38. 			topics_limit INT NOT NULL,
    39. 

  39. 			attachment_file_size_limit INT NOT NULL,
    40. 

  40. 			attachment_total_size_limit INT NOT NULL,
    41. 

  41. 			PRIMARY KEY (id)
    42. 

  42. 		);
    43. 

  43. 		CREATE TABLE IF NOT EXISTS user (
    44. 

  44. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    45. 

  45. 			plan_id INT,
    46. 

  46. 			user TEXT NOT NULL,
    47. 

  47. 			pass TEXT NOT NULL,
    48. 

  48. 			role TEXT NOT NULL,
    49. 

  49. 			messages INT NOT NULL DEFAULT (0),
    50. 

  50. 			emails INT NOT NULL DEFAULT (0),			
    51. 

  51. 			settings JSON,
    52. 

  52. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    53. 

  53. 		);
    54. 

  54. 		CREATE UNIQUE INDEX idx_user ON user (user);
    55. 

  55. 		CREATE TABLE IF NOT EXISTS user_access (
    56. 

  56. 			user_id INT NOT NULL,
    57. 

  57. 			topic TEXT NOT NULL,
    58. 

  58. 			read INT NOT NULL,
    59. 

  59. 			write INT NOT NULL,
    60. 

  60. 			owner_user_id INT,			
    61. 

  61. 			PRIMARY KEY (user_id, topic),
    62. 

  62. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
    63. 

  63. 		    FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
    64. 

  64. 		);
    65. 

  65. 		CREATE TABLE IF NOT EXISTS user_token (
    66. 

  66. 			user_id INT NOT NULL,
    67. 

  67. 			token TEXT NOT NULL,
    68. 

  68. 			expires INT NOT NULL,
    69. 

  69. 			PRIMARY KEY (user_id, token),
    70. 

  70. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    71. 

  71. 		);
    72. 

  72. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    73. 

  73. 			id INT PRIMARY KEY,
    74. 

  74. 			version INT NOT NULL
    75. 

  75. 		);
    76. 

  76. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    77. 

  77. 	`
    78. 

  78. 	createTablesQueries   = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
    79. 

  79. 	builtinStartupQueries = `
    80. 

  80. 		PRAGMA foreign_keys = ON;
    81. 

  81. 	`
    82. 

  82. 

  83. 	selectUserByNameQuery = `
    84. 

  84. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    85. 

  85. 		FROM user u
    86. 

  86. 		LEFT JOIN plan p on p.id = u.plan_id
    87. 

  87. 		WHERE user = ?		
    88. 

  88. 	`
    89. 

  89. 	selectUserByTokenQuery = `
    90. 

  90. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    91. 

  91. 		FROM user u
    92. 

  92. 		JOIN user_token t on u.id = t.user_id
    93. 

  93. 		LEFT JOIN plan p on p.id = u.plan_id
    94. 

  94. 		WHERE t.token = ? AND t.expires >= ?
    95. 

  95. 	`
    96. 

  96. 	selectTopicPermsQuery = `
    97. 

  97. 		SELECT read, write
    98. 

  98. 		FROM user_access a
    99. 

  99. 		JOIN user u ON u.id = a.user_id
    100. 

  100. 		WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic
    101. 

  101. 		ORDER BY u.user DESC
    102. 

  102. 	`
    103. 

  103. 

  104. 	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    105. 

  105. 	selectUsernamesQuery = `
    106. 

  106. 		SELECT user 
    107. 

  107. 		FROM user 
    108. 

  108. 		ORDER BY
    109. 

  109. 			CASE role
    110. 

  110. 				WHEN 'admin' THEN 1
    111. 

  111. 				WHEN 'anonymous' THEN 3
    112. 

  112. 				ELSE 2
    113. 

  113. 			END, user
    114. 

  114. 	`
    115. 

  115. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    116. 

  116. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    117. 

  117. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    118. 

  118. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    119. 

  119. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    120. 

  120. 

  121. 	upsertUserAccessQuery = `
    122. 

  122. 		INSERT INTO user_access (user_id, topic, read, write, owner_user_id) 
    123. 

  123. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
    124. 

  124. 		ON CONFLICT (user_id, topic) 
    125. 

  125. 		DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
    126. 

  126. 	`
    127. 

  127. 	selectUserAccessQuery = `
    128. 

  128. 		SELECT topic, read, write
    129. 

  129. 		FROM user_access 
    130. 

  130. 		WHERE user_id = (SELECT id FROM user WHERE user = ?) 
    131. 

  131. 		ORDER BY write DESC, read DESC, topic
    132. 

  132. 	`
    133. 

  133. 	selectUserReservationsQuery = `
    134. 

  134. 		SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
    135. 

  135. 		FROM user_access a_user
    136. 

  136. 		LEFT JOIN  user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
    137. 

  137. 		WHERE a_user.user_id = a_user.owner_user_id
    138. 

  138. 		  AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
    139. 

  139. 		ORDER BY a_user.topic
    140. 

  140. 	`
    141. 

  141. 	selectOtherAccessCountQuery = `
    142. 

  142. 		SELECT count(*)
    143. 

  143. 		FROM user_access
    144. 

  144. 		WHERE (topic = ? OR ? LIKE topic)
    145. 

  145. 		  AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
    146. 

  146. 	`
    147. 

  147. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    148. 

  148. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    149. 

  149. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    150. 

  150. 

  151. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    152. 

  152. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    153. 

  153. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    154. 

  154. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    155. 

  155. )
    156. 

  156. 

  157. // Schema management queries
    158. 

  158. const (
    159. 

  159. 	currentSchemaVersion     = 2
    160. 

  160. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    161. 

  161. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    162. 

  162. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    163. 

  163. 

  164. 	// 1 -> 2 (complex migration!)
    165. 

  165. 	migrate1To2RenameUserTableQueryNoTx = `
    166. 

  166. 		ALTER TABLE user RENAME TO user_old;
    167. 

  167. 	`
    168. 

  168. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    169. 

  169. 		INSERT INTO user (user, pass, role) 
    170. 

  170. 		SELECT user, pass, role FROM user_old;
    171. 

  171. 

  172. 		INSERT INTO user_access (user_id, topic, read, write)
    173. 

  173. 		SELECT u.id, a.topic, a.read, a.write
    174. 

  174. 		FROM user u
    175. 

  175. 	 	JOIN access a ON u.user = a.user;
    176. 

  176. 

  177. 		DROP TABLE access;
    178. 

  178. 		DROP TABLE user_old;
    179. 

  179. 	`
    180. 

  180. )
    181. 

  181. 

  182. // Manager is an implementation of Manager. It stores users and access control list
    183. 

  183. // in a SQLite database.
    184. 

  184. type Manager struct {
    185. 

  185. 	db                  *sql.DB
    186. 

  186. 	defaultAccess       Permission       // Default permission if no ACL matches
    187. 

  187. 	statsQueue          map[string]*User // Username -> User, for "unimportant" user updates
    188. 

  188. 	tokenExpiryInterval time.Duration    // Duration after which tokens expire, and by which tokens are extended
    189. 

  189. 	mu                  sync.Mutex
    190. 

  190. }
    191. 

  191. 

  192. var _ Auther = (*Manager)(nil)
    193. 

  193. 

  194. // NewManager creates a new Manager instance
    195. 

  195. func NewManager(filename, startupQueries string, defaultAccess Permission) (*Manager, error) {
    196. 

  196. 	return newManager(filename, startupQueries, defaultAccess, userTokenExpiryDuration, userStatsQueueWriterInterval)
    197. 

  197. }
    198. 

  198. 

  199. // NewManager creates a new Manager instance
    200. 

  200. func newManager(filename, startupQueries string, defaultAccess Permission, tokenExpiryDuration, statsWriterInterval time.Duration) (*Manager, error) {
    201. 

  201. 	db, err := sql.Open("sqlite3", filename)
    202. 

  202. 	if err != nil {
    203. 

  203. 		return nil, err
    204. 

  204. 	}
    205. 

  205. 	if err := setupDB(db); err != nil {
    206. 

  206. 		return nil, err
    207. 

  207. 	}
    208. 

  208. 	if err := runStartupQueries(db, startupQueries); err != nil {
    209. 

  209. 		return nil, err
    210. 

  210. 	}
    211. 

  211. 	manager := &Manager{
    212. 

  212. 		db:                  db,
    213. 

  213. 		defaultAccess:       defaultAccess,
    214. 

  214. 		statsQueue:          make(map[string]*User),
    215. 

  215. 		tokenExpiryInterval: tokenExpiryDuration,
    216. 

  216. 	}
    217. 

  217. 	go manager.userStatsQueueWriter(statsWriterInterval)
    218. 

  218. 	return manager, nil
    219. 

  219. }
    220. 

  220. 

  221. // Authenticate checks username and password and returns a User if correct. The method
    222. 

  222. // returns in constant-ish time, regardless of whether the user exists or the password is
    223. 

  223. // correct or incorrect.
    224. 

  224. func (a *Manager) Authenticate(username, password string) (*User, error) {
    225. 

  225. 	if username == Everyone {
    226. 

  226. 		return nil, ErrUnauthenticated
    227. 

  227. 	}
    228. 

  228. 	user, err := a.User(username)
    229. 

  229. 	if err != nil {
    230. 

  230. 		log.Trace("authentication of user %s failed (1): %s", username, err.Error())
    231. 

  231. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
    232. 

  232. 		return nil, ErrUnauthenticated
    233. 

  233. 	}
    234. 

  234. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    235. 

  235. 		log.Trace("authentication of user %s failed (2): %s", username, err.Error())
    236. 

  236. 		return nil, ErrUnauthenticated
    237. 

  237. 	}
    238. 

  238. 	return user, nil
    239. 

  239. }
    240. 

  240. 

  241. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    242. 

  242. // The method sets the User.Token value to the token that was used for authentication.
    243. 

  243. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    244. 

  244. 	if len(token) != tokenLength {
    245. 

  245. 		return nil, ErrUnauthenticated
    246. 

  246. 	}
    247. 

  247. 	user, err := a.userByToken(token)
    248. 

  248. 	if err != nil {
    249. 

  249. 		return nil, ErrUnauthenticated
    250. 

  250. 	}
    251. 

  251. 	user.Token = token
    252. 

  252. 	return user, nil
    253. 

  253. }
    254. 

  254. 

  255. // CreateToken generates a random token for the given user and returns it. The token expires
    256. 

  256. // after a fixed duration unless ExtendToken is called.
    257. 

  257. func (a *Manager) CreateToken(user *User) (*Token, error) {
    258. 

  258. 	token, expires := util.RandomString(tokenLength), time.Now().Add(userTokenExpiryDuration)
    259. 

  259. 	if _, err := a.db.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    260. 

  260. 		return nil, err
    261. 

  261. 	}
    262. 

  262. 	return &Token{
    263. 

  263. 		Value:   token,
    264. 

  264. 		Expires: expires,
    265. 

  265. 	}, nil
    266. 

  266. }
    267. 

  267. 

  268. // ExtendToken sets the new expiry date for a token, thereby extending its use further into the future.
    269. 

  269. func (a *Manager) ExtendToken(user *User) (*Token, error) {
    270. 

  270. 	if user.Token == "" {
    271. 

  271. 		return nil, errNoTokenProvided
    272. 

  272. 	}
    273. 

  273. 	newExpires := time.Now().Add(userTokenExpiryDuration)
    274. 

  274. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    275. 

  275. 		return nil, err
    276. 

  276. 	}
    277. 

  277. 	return &Token{
    278. 

  278. 		Value:   user.Token,
    279. 

  279. 		Expires: newExpires,
    280. 

  280. 	}, nil
    281. 

  281. }
    282. 

  282. 

  283. // RemoveToken deletes the token defined in User.Token
    284. 

  284. func (a *Manager) RemoveToken(user *User) error {
    285. 

  285. 	if user.Token == "" {
    286. 

  286. 		return ErrUnauthorized
    287. 

  287. 	}
    288. 

  288. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    289. 

  289. 		return err
    290. 

  290. 	}
    291. 

  291. 	return nil
    292. 

  292. }
    293. 

  293. 

  294. // RemoveExpiredTokens deletes all expired tokens from the database
    295. 

  295. func (a *Manager) RemoveExpiredTokens() error {
    296. 

  296. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    297. 

  297. 		return err
    298. 

  298. 	}
    299. 

  299. 	return nil
    300. 

  300. }
    301. 

  301. 

  302. // ChangeSettings persists the user settings
    303. 

  303. func (a *Manager) ChangeSettings(user *User) error {
    304. 

  304. 	settings, err := json.Marshal(user.Prefs)
    305. 

  305. 	if err != nil {
    306. 

  306. 		return err
    307. 

  307. 	}
    308. 

  308. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    309. 

  309. 		return err
    310. 

  310. 	}
    311. 

  311. 	return nil
    312. 

  312. }
    313. 

  313. 

  314. // EnqueueStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    315. 

  315. // batches at a regular interval
    316. 

  316. func (a *Manager) EnqueueStats(user *User) {
    317. 

  317. 	a.mu.Lock()
    318. 

  318. 	defer a.mu.Unlock()
    319. 

  319. 	a.statsQueue[user.Name] = user
    320. 

  320. }
    321. 

  321. 

  322. func (a *Manager) userStatsQueueWriter(interval time.Duration) {
    323. 

  323. 	ticker := time.NewTicker(interval)
    324. 

  324. 	for range ticker.C {
    325. 

  325. 		if err := a.writeUserStatsQueue(); err != nil {
    326. 

  326. 			log.Warn("UserManager: Writing user stats queue failed: %s", err.Error())
    327. 

  327. 		}
    328. 

  328. 	}
    329. 

  329. }
    330. 

  330. 

  331. func (a *Manager) writeUserStatsQueue() error {
    332. 

  332. 	a.mu.Lock()
    333. 

  333. 	if len(a.statsQueue) == 0 {
    334. 

  334. 		a.mu.Unlock()
    335. 

  335. 		log.Trace("UserManager: No user stats updates to commit")
    336. 

  336. 		return nil
    337. 

  337. 	}
    338. 

  338. 	statsQueue := a.statsQueue
    339. 

  339. 	a.statsQueue = make(map[string]*User)
    340. 

  340. 	a.mu.Unlock()
    341. 

  341. 	tx, err := a.db.Begin()
    342. 

  342. 	if err != nil {
    343. 

  343. 		return err
    344. 

  344. 	}
    345. 

  345. 	defer tx.Rollback()
    346. 

  346. 	log.Debug("UserManager: Writing user stats queue for %d user(s)", len(statsQueue))
    347. 

  347. 	for username, u := range statsQueue {
    348. 

  348. 		log.Trace("UserManager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    349. 

  349. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    350. 

  350. 			return err
    351. 

  351. 		}
    352. 

  352. 	}
    353. 

  353. 	return tx.Commit()
    354. 

  354. }
    355. 

  355. 

  356. // Authorize returns nil if the given user has access to the given topic using the desired
    357. 

  357. // permission. The user param may be nil to signal an anonymous user.
    358. 

  358. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    359. 

  359. 	if user != nil && user.Role == RoleAdmin {
    360. 

  360. 		return nil // Admin can do everything
    361. 

  361. 	}
    362. 

  362. 	username := Everyone
    363. 

  363. 	if user != nil {
    364. 

  364. 		username = user.Name
    365. 

  365. 	}
    366. 

  366. 	// Select the read/write permissions for this user/topic combo. The query may return two
    367. 

  367. 	// rows (one for everyone, and one for the user), but prioritizes the user.
    368. 

  368. 	rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
    369. 

  369. 	if err != nil {
    370. 

  370. 		return err
    371. 

  371. 	}
    372. 

  372. 	defer rows.Close()
    373. 

  373. 	if !rows.Next() {
    374. 

  374. 		return a.resolvePerms(a.defaultAccess, perm)
    375. 

  375. 	}
    376. 

  376. 	var read, write bool
    377. 

  377. 	if err := rows.Scan(&read, &write); err != nil {
    378. 

  378. 		return err
    379. 

  379. 	} else if err := rows.Err(); err != nil {
    380. 

  380. 		return err
    381. 

  381. 	}
    382. 

  382. 	return a.resolvePerms(NewPermission(read, write), perm)
    383. 

  383. }
    384. 

  384. 

  385. func (a *Manager) resolvePerms(base, perm Permission) error {
    386. 

  386. 	if perm == PermissionRead && base.IsRead() {
    387. 

  387. 		return nil
    388. 

  388. 	} else if perm == PermissionWrite && base.IsWrite() {
    389. 

  389. 		return nil
    390. 

  390. 	}
    391. 

  391. 	return ErrUnauthorized
    392. 

  392. }
    393. 

  393. 

  394. // AddUser adds a user with the given username, password and role
    395. 

  395. func (a *Manager) AddUser(username, password string, role Role) error {
    396. 

  396. 	if !AllowedUsername(username) || !AllowedRole(role) {
    397. 

  397. 		return ErrInvalidArgument
    398. 

  398. 	}
    399. 

  399. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    400. 

  400. 	if err != nil {
    401. 

  401. 		return err
    402. 

  402. 	}
    403. 

  403. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    404. 

  404. 		return err
    405. 

  405. 	}
    406. 

  406. 	return nil
    407. 

  407. }
    408. 

  408. 

  409. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    410. 

  410. // if the user did not exist in the first place.
    411. 

  411. func (a *Manager) RemoveUser(username string) error {
    412. 

  412. 	if !AllowedUsername(username) {
    413. 

  413. 		return ErrInvalidArgument
    414. 

  414. 	}
    415. 

  415. 	// Rows in user_access, user_token, etc. are deleted via foreign keys
    416. 

  416. 	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
    417. 

  417. 		return err
    418. 

  418. 	}
    419. 

  419. 	return nil
    420. 

  420. }
    421. 

  421. 

  422. // Users returns a list of users. It always also returns the Everyone user ("*").
    423. 

  423. func (a *Manager) Users() ([]*User, error) {
    424. 

  424. 	rows, err := a.db.Query(selectUsernamesQuery)
    425. 

  425. 	if err != nil {
    426. 

  426. 		return nil, err
    427. 

  427. 	}
    428. 

  428. 	defer rows.Close()
    429. 

  429. 	usernames := make([]string, 0)
    430. 

  430. 	for rows.Next() {
    431. 

  431. 		var username string
    432. 

  432. 		if err := rows.Scan(&username); err != nil {
    433. 

  433. 			return nil, err
    434. 

  434. 		} else if err := rows.Err(); err != nil {
    435. 

  435. 			return nil, err
    436. 

  436. 		}
    437. 

  437. 		usernames = append(usernames, username)
    438. 

  438. 	}
    439. 

  439. 	rows.Close()
    440. 

  440. 	users := make([]*User, 0)
    441. 

  441. 	for _, username := range usernames {
    442. 

  442. 		user, err := a.User(username)
    443. 

  443. 		if err != nil {
    444. 

  444. 			return nil, err
    445. 

  445. 		}
    446. 

  446. 		users = append(users, user)
    447. 

  447. 	}
    448. 

  448. 	return users, nil
    449. 

  449. }
    450. 

  450. 

  451. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    452. 

  452. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    453. 

  453. func (a *Manager) User(username string) (*User, error) {
    454. 

  454. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    455. 

  455. 	if err != nil {
    456. 

  456. 		return nil, err
    457. 

  457. 	}
    458. 

  458. 	return a.readUser(rows)
    459. 

  459. }
    460. 

  460. 

  461. func (a *Manager) userByToken(token string) (*User, error) {
    462. 

  462. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    463. 

  463. 	if err != nil {
    464. 

  464. 		return nil, err
    465. 

  465. 	}
    466. 

  466. 	return a.readUser(rows)
    467. 

  467. }
    468. 

  468. 

  469. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    470. 

  470. 	defer rows.Close()
    471. 

  471. 	var username, hash, role string
    472. 

  472. 	var settings, planCode sql.NullString
    473. 

  473. 	var messages, emails int64
    474. 

  474. 	var messagesLimit, emailsLimit, topicsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit sql.NullInt64
    475. 

  475. 	if !rows.Next() {
    476. 

  476. 		return nil, ErrNotFound
    477. 

  477. 	}
    478. 

  478. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &emailsLimit, &topicsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit); err != nil {
    479. 

  479. 		return nil, err
    480. 

  480. 	} else if err := rows.Err(); err != nil {
    481. 

  481. 		return nil, err
    482. 

  482. 	}
    483. 

  483. 	user := &User{
    484. 

  484. 		Name: username,
    485. 

  485. 		Hash: hash,
    486. 

  486. 		Role: Role(role),
    487. 

  487. 		Stats: &Stats{
    488. 

  488. 			Messages: messages,
    489. 

  489. 			Emails:   emails,
    490. 

  490. 		},
    491. 

  491. 	}
    492. 

  492. 	if settings.Valid {
    493. 

  493. 		user.Prefs = &Prefs{}
    494. 

  494. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    495. 

  495. 			return nil, err
    496. 

  496. 		}
    497. 

  497. 	}
    498. 

  498. 	if planCode.Valid {
    499. 

  499. 		user.Plan = &Plan{
    500. 

  500. 			Code:                     planCode.String,
    501. 

  501. 			Upgradeable:              false,
    502. 

  502. 			MessagesLimit:            messagesLimit.Int64,
    503. 

  503. 			EmailsLimit:              emailsLimit.Int64,
    504. 

  504. 			TopicsLimit:              topicsLimit.Int64,
    505. 

  505. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    506. 

  506. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    507. 

  507. 		}
    508. 

  508. 	}
    509. 

  509. 	return user, nil
    510. 

  510. }
    511. 

  511. 

  512. // Grants returns all user-specific access control entries
    513. 

  513. func (a *Manager) Grants(username string) ([]Grant, error) {
    514. 

  514. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    515. 

  515. 	if err != nil {
    516. 

  516. 		return nil, err
    517. 

  517. 	}
    518. 

  518. 	defer rows.Close()
    519. 

  519. 	grants := make([]Grant, 0)
    520. 

  520. 	for rows.Next() {
    521. 

  521. 		var topic string
    522. 

  522. 		var read, write bool
    523. 

  523. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    524. 

  524. 			return nil, err
    525. 

  525. 		} else if err := rows.Err(); err != nil {
    526. 

  526. 			return nil, err
    527. 

  527. 		}
    528. 

  528. 		grants = append(grants, Grant{
    529. 

  529. 			TopicPattern: fromSQLWildcard(topic),
    530. 

  530. 			Allow:        NewPermission(read, write),
    531. 

  531. 		})
    532. 

  532. 	}
    533. 

  533. 	return grants, nil
    534. 

  534. }
    535. 

  535. 

  536. // Reservations returns all user-owned topics, and the associated everyone-access
    537. 

  537. func (a *Manager) Reservations(username string) ([]Reservation, error) {
    538. 

  538. 	rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
    539. 

  539. 	if err != nil {
    540. 

  540. 		return nil, err
    541. 

  541. 	}
    542. 

  542. 	defer rows.Close()
    543. 

  543. 	reservations := make([]Reservation, 0)
    544. 

  544. 	for rows.Next() {
    545. 

  545. 		var topic string
    546. 

  546. 		var ownerRead, ownerWrite bool
    547. 

  547. 		var everyoneRead, everyoneWrite sql.NullBool
    548. 

  548. 		if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
    549. 

  549. 			return nil, err
    550. 

  550. 		} else if err := rows.Err(); err != nil {
    551. 

  551. 			return nil, err
    552. 

  552. 		}
    553. 

  553. 		reservations = append(reservations, Reservation{
    554. 

  554. 			Topic:    topic,
    555. 

  555. 			Owner:    NewPermission(ownerRead, ownerWrite),
    556. 

  556. 			Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
    557. 

  557. 		})
    558. 

  558. 	}
    559. 

  559. 	return reservations, nil
    560. 

  560. }
    561. 

  561. 

  562. // ChangePassword changes a user's password
    563. 

  563. func (a *Manager) ChangePassword(username, password string) error {
    564. 

  564. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    565. 

  565. 	if err != nil {
    566. 

  566. 		return err
    567. 

  567. 	}
    568. 

  568. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    569. 

  569. 		return err
    570. 

  570. 	}
    571. 

  571. 	return nil
    572. 

  572. }
    573. 

  573. 

  574. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    575. 

  575. // all existing access control entries (Grant) are removed, since they are no longer needed.
    576. 

  576. func (a *Manager) ChangeRole(username string, role Role) error {
    577. 

  577. 	if !AllowedUsername(username) || !AllowedRole(role) {
    578. 

  578. 		return ErrInvalidArgument
    579. 

  579. 	}
    580. 

  580. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    581. 

  581. 		return err
    582. 

  582. 	}
    583. 

  583. 	if role == RoleAdmin {
    584. 

  584. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    585. 

  585. 			return err
    586. 

  586. 		}
    587. 

  587. 	}
    588. 

  588. 	return nil
    589. 

  589. }
    590. 

  590. 

  591. // CheckAllowAccess tests if a user may create an access control entry for the given topic.
    592. 

  592. // If there are any ACL entries that are not owned by the user, an error is returned.
    593. 

  593. func (a *Manager) CheckAllowAccess(username string, topic string) error {
    594. 

  594. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
    595. 

  595. 		return ErrInvalidArgument
    596. 

  596. 	}
    597. 

  597. 	rows, err := a.db.Query(selectOtherAccessCountQuery, topic, topic, username)
    598. 

  598. 	if err != nil {
    599. 

  599. 		return err
    600. 

  600. 	}
    601. 

  601. 	defer rows.Close()
    602. 

  602. 	if !rows.Next() {
    603. 

  603. 		return errors.New("no rows found")
    604. 

  604. 	}
    605. 

  605. 	var otherCount int
    606. 

  606. 	if err := rows.Scan(&otherCount); err != nil {
    607. 

  607. 		return err
    608. 

  608. 	}
    609. 

  609. 	if otherCount > 0 {
    610. 

  610. 		return errTopicOwnedByOthers
    611. 

  611. 	}
    612. 

  612. 	return nil
    613. 

  613. }
    614. 

  614. 

  615. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    616. 

  616. // read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
    617. 

  617. // owner may either be a user (username), or the system (empty).
    618. 

  618. func (a *Manager) AllowAccess(owner, username string, topicPattern string, read bool, write bool) error {
    619. 

  619. 	if !AllowedUsername(username) && username != Everyone {
    620. 

  620. 		return ErrInvalidArgument
    621. 

  621. 	} else if owner != "" && !AllowedUsername(owner) {
    622. 

  622. 		return ErrInvalidArgument
    623. 

  623. 	} else if !AllowedTopicPattern(topicPattern) {
    624. 

  624. 		return ErrInvalidArgument
    625. 

  625. 	}
    626. 

  626. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write, owner, owner); err != nil {
    627. 

  627. 		return err
    628. 

  628. 	}
    629. 

  629. 	return nil
    630. 

  630. }
    631. 

  631. 

  632. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    633. 

  633. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    634. 

  634. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    635. 

  635. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    636. 

  636. 		return ErrInvalidArgument
    637. 

  637. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    638. 

  638. 		return ErrInvalidArgument
    639. 

  639. 	}
    640. 

  640. 	if username == "" && topicPattern == "" {
    641. 

  641. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    642. 

  642. 		return err
    643. 

  643. 	} else if topicPattern == "" {
    644. 

  644. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    645. 

  645. 		return err
    646. 

  646. 	}
    647. 

  647. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    648. 

  648. 	return err
    649. 

  649. }
    650. 

  650. 

  651. // DefaultAccess returns the default read/write access if no access control entry matches
    652. 

  652. func (a *Manager) DefaultAccess() Permission {
    653. 

  653. 	return a.defaultAccess
    654. 

  654. }
    655. 

  655. 

  656. func toSQLWildcard(s string) string {
    657. 

  657. 	return strings.ReplaceAll(s, "*", "%")
    658. 

  658. }
    659. 

  659. 

  660. func fromSQLWildcard(s string) string {
    661. 

  661. 	return strings.ReplaceAll(s, "%", "*")
    662. 

  662. }
    663. 

  663. 

  664. func runStartupQueries(db *sql.DB, startupQueries string) error {
    665. 

  665. 	if _, err := db.Exec(startupQueries); err != nil {
    666. 

  666. 		return err
    667. 

  667. 	}
    668. 

  668. 	if _, err := db.Exec(builtinStartupQueries); err != nil {
    669. 

  669. 		return err
    670. 

  670. 	}
    671. 

  671. 	return nil
    672. 

  672. }
    673. 

  673. 

  674. func setupDB(db *sql.DB) error {
    675. 

  675. 	// If 'schemaVersion' table does not exist, this must be a new database
    676. 

  676. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    677. 

  677. 	if err != nil {
    678. 

  678. 		return setupNewDB(db)
    679. 

  679. 	}
    680. 

  680. 	defer rowsSV.Close()
    681. 

  681. 

  682. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    683. 

  683. 	schemaVersion := 0
    684. 

  684. 	if !rowsSV.Next() {
    685. 

  685. 		return errors.New("cannot determine schema version: database file may be corrupt")
    686. 

  686. 	}
    687. 

  687. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    688. 

  688. 		return err
    689. 

  689. 	}
    690. 

  690. 	rowsSV.Close()
    691. 

  691. 

  692. 	// Do migrations
    693. 

  693. 	if schemaVersion == currentSchemaVersion {
    694. 

  694. 		return nil
    695. 

  695. 	} else if schemaVersion == 1 {
    696. 

  696. 		return migrateFrom1(db)
    697. 

  697. 	}
    698. 

  698. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    699. 

  699. }
    700. 

  700. 

  701. func setupNewDB(db *sql.DB) error {
    702. 

  702. 	if _, err := db.Exec(createTablesQueries); err != nil {
    703. 

  703. 		return err
    704. 

  704. 	}
    705. 

  705. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    706. 

  706. 		return err
    707. 

  707. 	}
    708. 

  708. 	return nil
    709. 

  709. }
    710. 

  710. 

  711. func migrateFrom1(db *sql.DB) error {
    712. 

  712. 	log.Info("Migrating user database schema: from 1 to 2")
    713. 

  713. 	tx, err := db.Begin()
    714. 

  714. 	if err != nil {
    715. 

  715. 		return err
    716. 

  716. 	}
    717. 

  717. 	defer tx.Rollback()
    718. 

  718. 	if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
    719. 

  719. 		return err
    720. 

  720. 	}
    721. 

  721. 	if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
    722. 

  722. 		return err
    723. 

  723. 	}
    724. 

  724. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    725. 

  725. 		return err
    726. 

  726. 	}
    727. 

  727. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    728. 

  728. 		return err
    729. 

  729. 	}
    730. 

  730. 	if err := tx.Commit(); err != nil {
    731. 

  731. 		return err
    732. 

  732. 	}
    733. 

  733. 	return nil // Update this when a new version is added
    734. 

  734. }
    735.