Главная Обзор Помощь
Вход
mirrors
/
ntfy
зеркало из https://github.com/binwiederhier/ntfy
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 8d6f1eecdf
Ветки Метки
ntfy
/
user
/
manager.go

manager.go 58 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691 
  1. // Package user deals with authentication and authorization against topics
    2. 

  2. package user
    3. 

  3. 

  4. import (
    5. 

  5. 	"database/sql"
    6. 

  6. 	"encoding/json"
    7. 

  7. 	"errors"
    8. 

  8. 	"fmt"
    9. 

  9. 	"github.com/mattn/go-sqlite3"
    10. 

  10. 	"github.com/stripe/stripe-go/v74"
    11. 

  11. 	"golang.org/x/crypto/bcrypt"
    12. 

  12. 	"heckel.io/ntfy/v2/log"
    13. 

  13. 	"heckel.io/ntfy/v2/util"
    14. 

  14. 	"net/netip"
    15. 

  15. 	"strings"
    16. 

  16. 	"sync"
    17. 

  17. 	"time"
    18. 

  18. )
    19. 

  19. 

  20. const (
    21. 

  21. 	tierIDPrefix                    = "ti_"
    22. 

  22. 	tierIDLength                    = 8
    23. 

  23. 	syncTopicPrefix                 = "st_"
    24. 

  24. 	syncTopicLength                 = 16
    25. 

  25. 	userIDPrefix                    = "u_"
    26. 

  26. 	userIDLength                    = 12
    27. 

  27. 	userAuthIntentionalSlowDownHash = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match DefaultUserPasswordBcryptCost
    28. 

  28. 	userHardDeleteAfterDuration     = 7 * 24 * time.Hour
    29. 

  29. 	tokenPrefix                     = "tk_"
    30. 

  30. 	tokenLength                     = 32
    31. 

  31. 	tokenMaxCount                   = 60 // Only keep this many tokens in the table per user
    32. 

  32. 	tag                             = "user_manager"
    33. 

  33. )
    34. 

  34. 

  35. // Default constants that may be overridden by configs
    36. 

  36. const (
    37. 

  37. 	DefaultUserStatsQueueWriterInterval = 33 * time.Second
    38. 

  38. 	DefaultUserPasswordBcryptCost       = 10
    39. 

  39. )
    40. 

  40. 

  41. var (
    42. 

  42. 	errNoTokenProvided    = errors.New("no token provided")
    43. 

  43. 	errTopicOwnedByOthers = errors.New("topic owned by others")
    44. 

  44. 	errNoRows             = errors.New("no rows found")
    45. 

  45. )
    46. 

  46. 

  47. // Manager-related queries
    48. 

  48. const (
    49. 

  49. 	createTablesQueries = `
    50. 

  50. 		BEGIN;
    51. 

  51. 		CREATE TABLE IF NOT EXISTS tier (
    52. 

  52. 			id TEXT PRIMARY KEY,
    53. 

  53. 			code TEXT NOT NULL,
    54. 

  54. 			name TEXT NOT NULL,
    55. 

  55. 			messages_limit INT NOT NULL,
    56. 

  56. 			messages_expiry_duration INT NOT NULL,
    57. 

  57. 			emails_limit INT NOT NULL,
    58. 

  58. 			calls_limit INT NOT NULL,
    59. 

  59. 			reservations_limit INT NOT NULL,
    60. 

  60. 			attachment_file_size_limit INT NOT NULL,
    61. 

  61. 			attachment_total_size_limit INT NOT NULL,
    62. 

  62. 			attachment_expiry_duration INT NOT NULL,
    63. 

  63. 			attachment_bandwidth_limit INT NOT NULL,
    64. 

  64. 			stripe_monthly_price_id TEXT,
    65. 

  65. 			stripe_yearly_price_id TEXT
    66. 

  66. 		);
    67. 

  67. 		CREATE UNIQUE INDEX idx_tier_code ON tier (code);
    68. 

  68. 		CREATE UNIQUE INDEX idx_tier_stripe_monthly_price_id ON tier (stripe_monthly_price_id);
    69. 

  69. 		CREATE UNIQUE INDEX idx_tier_stripe_yearly_price_id ON tier (stripe_yearly_price_id);
    70. 

  70. 		CREATE TABLE IF NOT EXISTS user (
    71. 

  71. 		    id TEXT PRIMARY KEY,
    72. 

  72. 			tier_id TEXT,
    73. 

  73. 			user TEXT NOT NULL,
    74. 

  74. 			pass TEXT NOT NULL,
    75. 

  75. 			role TEXT CHECK (role IN ('anonymous', 'admin', 'user')) NOT NULL,
    76. 

  76. 			prefs JSON NOT NULL DEFAULT '{}',
    77. 

  77. 			sync_topic TEXT NOT NULL,
    78. 

  78. 			stats_messages INT NOT NULL DEFAULT (0),
    79. 

  79. 			stats_emails INT NOT NULL DEFAULT (0),
    80. 

  80. 			stats_calls INT NOT NULL DEFAULT (0),
    81. 

  81. 			stripe_customer_id TEXT,
    82. 

  82. 			stripe_subscription_id TEXT,
    83. 

  83. 			stripe_subscription_status TEXT,
    84. 

  84. 			stripe_subscription_interval TEXT,
    85. 

  85. 			stripe_subscription_paid_until INT,
    86. 

  86. 			stripe_subscription_cancel_at INT,
    87. 

  87. 			created INT NOT NULL,
    88. 

  88. 			deleted INT,
    89. 

  89. 		    FOREIGN KEY (tier_id) REFERENCES tier (id)
    90. 

  90. 		);
    91. 

  91. 		CREATE UNIQUE INDEX idx_user ON user (user);
    92. 

  92. 		CREATE UNIQUE INDEX idx_user_stripe_customer_id ON user (stripe_customer_id);
    93. 

  93. 		CREATE UNIQUE INDEX idx_user_stripe_subscription_id ON user (stripe_subscription_id);
    94. 

  94. 		CREATE TABLE IF NOT EXISTS user_access (
    95. 

  95. 			user_id TEXT NOT NULL,
    96. 

  96. 			topic TEXT NOT NULL,
    97. 

  97. 			read INT NOT NULL,
    98. 

  98. 			write INT NOT NULL,
    99. 

  99. 			owner_user_id INT,
    100. 

  100. 			PRIMARY KEY (user_id, topic),
    101. 

  101. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
    102. 

  102. 		    FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
    103. 

  103. 		);
    104. 

  104. 		CREATE TABLE IF NOT EXISTS user_token (
    105. 

  105. 			user_id TEXT NOT NULL,
    106. 

  106. 			token TEXT NOT NULL,
    107. 

  107. 			label TEXT NOT NULL,
    108. 

  108. 			last_access INT NOT NULL,
    109. 

  109. 			last_origin TEXT NOT NULL,
    110. 

  110. 			expires INT NOT NULL,
    111. 

  111. 			PRIMARY KEY (user_id, token),
    112. 

  112. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    113. 

  113. 		);
    114. 

  114. 		CREATE TABLE IF NOT EXISTS user_phone (
    115. 

  115. 			user_id TEXT NOT NULL,
    116. 

  116. 			phone_number TEXT NOT NULL,
    117. 

  117. 			PRIMARY KEY (user_id, phone_number),
    118. 

  118. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    119. 

  119. 		);
    120. 

  120. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    121. 

  121. 			id INT PRIMARY KEY,
    122. 

  122. 			version INT NOT NULL
    123. 

  123. 		);
    124. 

  124. 		INSERT INTO user (id, user, pass, role, sync_topic, created)
    125. 

  125. 		VALUES ('` + everyoneID + `', '*', '', 'anonymous', '', UNIXEPOCH())
    126. 

  126. 		ON CONFLICT (id) DO NOTHING;
    127. 

  127. 		COMMIT;
    128. 

  128. 	`
    129. 

  129. 

  130. 	builtinStartupQueries = `
    131. 

  131. 		PRAGMA foreign_keys = ON;
    132. 

  132. 	`
    133. 

  133. 

  134. 	selectUserByIDQuery = `
    135. 

  135. 		SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stats_calls, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_interval, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.calls_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_monthly_price_id, t.stripe_yearly_price_id
    136. 

  136. 		FROM user u
    137. 

  137. 		LEFT JOIN tier t on t.id = u.tier_id
    138. 

  138. 		WHERE u.id = ?
    139. 

  139. 	`
    140. 

  140. 	selectUserByNameQuery = `
    141. 

  141. 		SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stats_calls, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_interval, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.calls_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_monthly_price_id, t.stripe_yearly_price_id
    142. 

  142. 		FROM user u
    143. 

  143. 		LEFT JOIN tier t on t.id = u.tier_id
    144. 

  144. 		WHERE user = ?
    145. 

  145. 	`
    146. 

  146. 	selectUserByTokenQuery = `
    147. 

  147. 		SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stats_calls, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_interval, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.calls_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_monthly_price_id, t.stripe_yearly_price_id
    148. 

  148. 		FROM user u
    149. 

  149. 		JOIN user_token tk on u.id = tk.user_id
    150. 

  150. 		LEFT JOIN tier t on t.id = u.tier_id
    151. 

  151. 		WHERE tk.token = ? AND (tk.expires = 0 OR tk.expires >= ?)
    152. 

  152. 	`
    153. 

  153. 	selectUserByStripeCustomerIDQuery = `
    154. 

  154. 		SELECT u.id, u.user, u.pass, u.role, u.prefs, u.sync_topic, u.stats_messages, u.stats_emails, u.stats_calls, u.stripe_customer_id, u.stripe_subscription_id, u.stripe_subscription_status, u.stripe_subscription_interval, u.stripe_subscription_paid_until, u.stripe_subscription_cancel_at, deleted, t.id, t.code, t.name, t.messages_limit, t.messages_expiry_duration, t.emails_limit, t.calls_limit, t.reservations_limit, t.attachment_file_size_limit, t.attachment_total_size_limit, t.attachment_expiry_duration, t.attachment_bandwidth_limit, t.stripe_monthly_price_id, t.stripe_yearly_price_id
    155. 

  155. 		FROM user u
    156. 

  156. 		LEFT JOIN tier t on t.id = u.tier_id
    157. 

  157. 		WHERE u.stripe_customer_id = ?
    158. 

  158. 	`
    159. 

  159. 	selectTopicPermsQuery = `
    160. 

  160. 		SELECT read, write
    161. 

  161. 		FROM user_access a
    162. 

  162. 		JOIN user u ON u.id = a.user_id
    163. 

  163. 		WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic ESCAPE '\'
    164. 

  164. 		ORDER BY u.user DESC, LENGTH(a.topic) DESC, a.write DESC
    165. 

  165. 	`
    166. 

  166. 

  167. 	insertUserQuery = `
    168. 

  168. 		INSERT INTO user (id, user, pass, role, sync_topic, created)
    169. 

  169. 		VALUES (?, ?, ?, ?, ?, ?)
    170. 

  170. 	`
    171. 

  171. 	selectUsernamesQuery = `
    172. 

  172. 		SELECT user
    173. 

  173. 		FROM user
    174. 

  174. 		ORDER BY
    175. 

  175. 			CASE role
    176. 

  176. 				WHEN 'admin' THEN 1
    177. 

  177. 				WHEN 'anonymous' THEN 3
    178. 

  178. 				ELSE 2
    179. 

  179. 			END, user
    180. 

  180. 	`
    181. 

  181. 	selectUserCountQuery         = `SELECT COUNT(*) FROM user`
    182. 

  182. 	updateUserPassQuery          = `UPDATE user SET pass = ? WHERE user = ?`
    183. 

  183. 	updateUserRoleQuery          = `UPDATE user SET role = ? WHERE user = ?`
    184. 

  184. 	updateUserPrefsQuery         = `UPDATE user SET prefs = ? WHERE id = ?`
    185. 

  185. 	updateUserStatsQuery         = `UPDATE user SET stats_messages = ?, stats_emails = ?, stats_calls = ? WHERE id = ?`
    186. 

  186. 	updateUserStatsResetAllQuery = `UPDATE user SET stats_messages = 0, stats_emails = 0, stats_calls = 0`
    187. 

  187. 	updateUserDeletedQuery       = `UPDATE user SET deleted = ? WHERE id = ?`
    188. 

  188. 	deleteUsersMarkedQuery       = `DELETE FROM user WHERE deleted < ?`
    189. 

  189. 	deleteUserQuery              = `DELETE FROM user WHERE user = ?`
    190. 

  190. 

  191. 	upsertUserAccessQuery = `
    192. 

  192. 		INSERT INTO user_access (user_id, topic, read, write, owner_user_id)
    193. 

  193. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
    194. 

  194. 		ON CONFLICT (user_id, topic)
    195. 

  195. 		DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
    196. 

  196. 	`
    197. 

  197. 	selectUserAllAccessQuery = `
    198. 

  198. 		SELECT user_id, topic, read, write
    199. 

  199. 		FROM user_access
    200. 

  200. 		ORDER BY LENGTH(topic) DESC, write DESC, read DESC, topic
    201. 

  201. 	`
    202. 

  202. 	selectUserAccessQuery = `
    203. 

  203. 		SELECT topic, read, write
    204. 

  204. 		FROM user_access
    205. 

  205. 		WHERE user_id = (SELECT id FROM user WHERE user = ?)
    206. 

  206. 		ORDER BY LENGTH(topic) DESC, write DESC, read DESC, topic
    207. 

  207. 	`
    208. 

  208. 	selectUserReservationsQuery = `
    209. 

  209. 		SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
    210. 

  210. 		FROM user_access a_user
    211. 

  211. 		LEFT JOIN  user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
    212. 

  212. 		WHERE a_user.user_id = a_user.owner_user_id
    213. 

  213. 		  AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
    214. 

  214. 		ORDER BY a_user.topic
    215. 

  215. 	`
    216. 

  216. 	selectUserReservationsCountQuery = `
    217. 

  217. 		SELECT COUNT(*)
    218. 

  218. 		FROM user_access
    219. 

  219. 		WHERE user_id = owner_user_id 
    220. 

  220. 		  AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    221. 

  221. 	`
    222. 

  222. 	selectUserReservationsOwnerQuery = `
    223. 

  223. 		SELECT owner_user_id
    224. 

  224. 		FROM user_access
    225. 

  225. 		WHERE topic = ?
    226. 

  226. 		  AND user_id = owner_user_id
    227. 

  227. 	`
    228. 

  228. 	selectUserHasReservationQuery = `
    229. 

  229. 		SELECT COUNT(*)
    230. 

  230. 		FROM user_access
    231. 

  231. 		WHERE user_id = owner_user_id
    232. 

  232. 		  AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    233. 

  233. 		  AND topic = ?
    234. 

  234. 	`
    235. 

  235. 	selectOtherAccessCountQuery = `
    236. 

  236. 		SELECT COUNT(*)
    237. 

  237. 		FROM user_access
    238. 

  238. 		WHERE (topic = ? OR ? LIKE topic ESCAPE '\')
    239. 

  239. 		  AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
    240. 

  240. 	`
    241. 

  241. 	deleteAllAccessQuery  = `DELETE FROM user_access`
    242. 

  242. 	deleteUserAccessQuery = `
    243. 

  243. 		DELETE FROM user_access
    244. 

  244. 		WHERE user_id = (SELECT id FROM user WHERE user = ?)
    245. 

  245. 		   OR owner_user_id = (SELECT id FROM user WHERE user = ?)
    246. 

  246. 	`
    247. 

  247. 	deleteTopicAccessQuery = `
    248. 

  248. 		DELETE FROM user_access
    249. 

  249. 	   	WHERE (user_id = (SELECT id FROM user WHERE user = ?) OR owner_user_id = (SELECT id FROM user WHERE user = ?))
    250. 

  250. 	   	  AND topic = ?
    251. 

  251.   	`
    252. 

  252. 

  253. 	selectTokenCountQuery      = `SELECT COUNT(*) FROM user_token WHERE user_id = ?`
    254. 

  254. 	selectTokensQuery          = `SELECT token, label, last_access, last_origin, expires FROM user_token WHERE user_id = ?`
    255. 

  255. 	selectTokenQuery           = `SELECT token, label, last_access, last_origin, expires FROM user_token WHERE user_id = ? AND token = ?`
    256. 

  256. 	insertTokenQuery           = `INSERT INTO user_token (user_id, token, label, last_access, last_origin, expires) VALUES (?, ?, ?, ?, ?, ?)`
    257. 

  257. 	updateTokenExpiryQuery     = `UPDATE user_token SET expires = ? WHERE user_id = ? AND token = ?`
    258. 

  258. 	updateTokenLabelQuery      = `UPDATE user_token SET label = ? WHERE user_id = ? AND token = ?`
    259. 

  259. 	updateTokenLastAccessQuery = `UPDATE user_token SET last_access = ?, last_origin = ? WHERE token = ?`
    260. 

  260. 	deleteTokenQuery           = `DELETE FROM user_token WHERE user_id = ? AND token = ?`
    261. 

  261. 	deleteAllTokenQuery        = `DELETE FROM user_token WHERE user_id = ?`
    262. 

  262. 	deleteExpiredTokensQuery   = `DELETE FROM user_token WHERE expires > 0 AND expires < ?`
    263. 

  263. 	deleteExcessTokensQuery    = `
    264. 

  264. 		DELETE FROM user_token
    265. 

  265. 		WHERE user_id = ?
    266. 

  266. 		  AND (user_id, token) NOT IN (
    267. 

  267. 			SELECT user_id, token
    268. 

  268. 			FROM user_token
    269. 

  269. 			WHERE user_id = ?
    270. 

  270. 			ORDER BY expires DESC
    271. 

  271. 			LIMIT ?
    272. 

  272. 		)
    273. 

  273. 	`
    274. 

  274. 

  275. 	selectPhoneNumbersQuery = `SELECT phone_number FROM user_phone WHERE user_id = ?`
    276. 

  276. 	insertPhoneNumberQuery  = `INSERT INTO user_phone (user_id, phone_number) VALUES (?, ?)`
    277. 

  277. 	deletePhoneNumberQuery  = `DELETE FROM user_phone WHERE user_id = ? AND phone_number = ?`
    278. 

  278. 

  279. 	insertTierQuery = `
    280. 

  280. 		INSERT INTO tier (id, code, name, messages_limit, messages_expiry_duration, emails_limit, calls_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_monthly_price_id, stripe_yearly_price_id)
    281. 

  281. 		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
    282. 

  282. 	`
    283. 

  283. 	updateTierQuery = `
    284. 

  284. 		UPDATE tier
    285. 

  285. 		SET name = ?, messages_limit = ?, messages_expiry_duration = ?, emails_limit = ?, calls_limit = ?, reservations_limit = ?, attachment_file_size_limit = ?, attachment_total_size_limit = ?, attachment_expiry_duration = ?, attachment_bandwidth_limit = ?, stripe_monthly_price_id = ?, stripe_yearly_price_id = ?
    286. 

  286. 		WHERE code = ?
    287. 

  287. 	`
    288. 

  288. 	selectTiersQuery = `
    289. 

  289. 		SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, calls_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_monthly_price_id, stripe_yearly_price_id
    290. 

  290. 		FROM tier
    291. 

  291. 	`
    292. 

  292. 	selectTierByCodeQuery = `
    293. 

  293. 		SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, calls_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_monthly_price_id, stripe_yearly_price_id
    294. 

  294. 		FROM tier
    295. 

  295. 		WHERE code = ?
    296. 

  296. 	`
    297. 

  297. 	selectTierByPriceIDQuery = `
    298. 

  298. 		SELECT id, code, name, messages_limit, messages_expiry_duration, emails_limit, calls_limit, reservations_limit, attachment_file_size_limit, attachment_total_size_limit, attachment_expiry_duration, attachment_bandwidth_limit, stripe_monthly_price_id, stripe_yearly_price_id
    299. 

  299. 		FROM tier
    300. 

  300. 		WHERE (stripe_monthly_price_id = ? OR stripe_yearly_price_id = ?)
    301. 

  301. 	`
    302. 

  302. 	updateUserTierQuery = `UPDATE user SET tier_id = (SELECT id FROM tier WHERE code = ?) WHERE user = ?`
    303. 

  303. 	deleteUserTierQuery = `UPDATE user SET tier_id = null WHERE user = ?`
    304. 

  304. 	deleteTierQuery     = `DELETE FROM tier WHERE code = ?`
    305. 

  305. 

  306. 	updateBillingQuery = `
    307. 

  307. 		UPDATE user
    308. 

  308. 		SET stripe_customer_id = ?, stripe_subscription_id = ?, stripe_subscription_status = ?, stripe_subscription_interval = ?, stripe_subscription_paid_until = ?, stripe_subscription_cancel_at = ?
    309. 

  309. 		WHERE user = ?
    310. 

  310. 	`
    311. 

  311. )
    312. 

  312. 

  313. // Schema management queries
    314. 

  314. const (
    315. 

  315. 	currentSchemaVersion     = 5
    316. 

  316. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    317. 

  317. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    318. 

  318. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    319. 

  319. 

  320. 	// 1 -> 2 (complex migration!)
    321. 

  321. 	migrate1To2CreateTablesQueries = `
    322. 

  322. 		ALTER TABLE user RENAME TO user_old;
    323. 

  323. 		CREATE TABLE IF NOT EXISTS tier (
    324. 

  324. 			id TEXT PRIMARY KEY,
    325. 

  325. 			code TEXT NOT NULL,
    326. 

  326. 			name TEXT NOT NULL,
    327. 

  327. 			messages_limit INT NOT NULL,
    328. 

  328. 			messages_expiry_duration INT NOT NULL,
    329. 

  329. 			emails_limit INT NOT NULL,
    330. 

  330. 			reservations_limit INT NOT NULL,
    331. 

  331. 			attachment_file_size_limit INT NOT NULL,
    332. 

  332. 			attachment_total_size_limit INT NOT NULL,
    333. 

  333. 			attachment_expiry_duration INT NOT NULL,
    334. 

  334. 			attachment_bandwidth_limit INT NOT NULL,
    335. 

  335. 			stripe_price_id TEXT
    336. 

  336. 		);
    337. 

  337. 		CREATE UNIQUE INDEX idx_tier_code ON tier (code);
    338. 

  338. 		CREATE UNIQUE INDEX idx_tier_price_id ON tier (stripe_price_id);
    339. 

  339. 		CREATE TABLE IF NOT EXISTS user (
    340. 

  340. 		    id TEXT PRIMARY KEY,
    341. 

  341. 			tier_id TEXT,
    342. 

  342. 			user TEXT NOT NULL,
    343. 

  343. 			pass TEXT NOT NULL,
    344. 

  344. 			role TEXT CHECK (role IN ('anonymous', 'admin', 'user')) NOT NULL,
    345. 

  345. 			prefs JSON NOT NULL DEFAULT '{}',
    346. 

  346. 			sync_topic TEXT NOT NULL,
    347. 

  347. 			stats_messages INT NOT NULL DEFAULT (0),
    348. 

  348. 			stats_emails INT NOT NULL DEFAULT (0),
    349. 

  349. 			stripe_customer_id TEXT,
    350. 

  350. 			stripe_subscription_id TEXT,
    351. 

  351. 			stripe_subscription_status TEXT,
    352. 

  352. 			stripe_subscription_paid_until INT,
    353. 

  353. 			stripe_subscription_cancel_at INT,
    354. 

  354. 			created INT NOT NULL,
    355. 

  355. 			deleted INT,
    356. 

  356. 		    FOREIGN KEY (tier_id) REFERENCES tier (id)
    357. 

  357. 		);
    358. 

  358. 		CREATE UNIQUE INDEX idx_user ON user (user);
    359. 

  359. 		CREATE UNIQUE INDEX idx_user_stripe_customer_id ON user (stripe_customer_id);
    360. 

  360. 		CREATE UNIQUE INDEX idx_user_stripe_subscription_id ON user (stripe_subscription_id);
    361. 

  361. 		CREATE TABLE IF NOT EXISTS user_access (
    362. 

  362. 			user_id TEXT NOT NULL,
    363. 

  363. 			topic TEXT NOT NULL,
    364. 

  364. 			read INT NOT NULL,
    365. 

  365. 			write INT NOT NULL,
    366. 

  366. 			owner_user_id INT,
    367. 

  367. 			PRIMARY KEY (user_id, topic),
    368. 

  368. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
    369. 

  369. 		    FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
    370. 

  370. 		);
    371. 

  371. 		CREATE TABLE IF NOT EXISTS user_token (
    372. 

  372. 			user_id TEXT NOT NULL,
    373. 

  373. 			token TEXT NOT NULL,
    374. 

  374. 			label TEXT NOT NULL,
    375. 

  375. 			last_access INT NOT NULL,
    376. 

  376. 			last_origin TEXT NOT NULL,
    377. 

  377. 			expires INT NOT NULL,
    378. 

  378. 			PRIMARY KEY (user_id, token),
    379. 

  379. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    380. 

  380. 		);
    381. 

  381. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    382. 

  382. 			id INT PRIMARY KEY,
    383. 

  383. 			version INT NOT NULL
    384. 

  384. 		);
    385. 

  385. 		INSERT INTO user (id, user, pass, role, sync_topic, created)
    386. 

  386. 		VALUES ('u_everyone', '*', '', 'anonymous', '', UNIXEPOCH())
    387. 

  387. 		ON CONFLICT (id) DO NOTHING;
    388. 

  388. 	`
    389. 

  389. 	migrate1To2SelectAllOldUsernamesNoTx = `SELECT user FROM user_old`
    390. 

  390. 	migrate1To2InsertUserNoTx            = `
    391. 

  391. 		INSERT INTO user (id, user, pass, role, sync_topic, created)
    392. 

  392. 		SELECT ?, user, pass, role, ?, UNIXEPOCH() FROM user_old WHERE user = ?
    393. 

  393. 	`
    394. 

  394. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    395. 

  395. 		INSERT INTO user_access (user_id, topic, read, write)
    396. 

  396. 		SELECT u.id, a.topic, a.read, a.write
    397. 

  397. 		FROM user u
    398. 

  398. 	 	JOIN access a ON u.user = a.user;
    399. 

  399. 

  400. 		DROP TABLE access;
    401. 

  401. 		DROP TABLE user_old;
    402. 

  402. 	`
    403. 

  403. 

  404. 	// 2 -> 3
    405. 

  405. 	migrate2To3UpdateQueries = `
    406. 

  406. 		ALTER TABLE user ADD COLUMN stripe_subscription_interval TEXT;
    407. 

  407. 		ALTER TABLE tier RENAME COLUMN stripe_price_id TO stripe_monthly_price_id;
    408. 

  408. 		ALTER TABLE tier ADD COLUMN stripe_yearly_price_id TEXT;
    409. 

  409. 		DROP INDEX IF EXISTS idx_tier_price_id;
    410. 

  410. 		CREATE UNIQUE INDEX idx_tier_stripe_monthly_price_id ON tier (stripe_monthly_price_id);
    411. 

  411. 		CREATE UNIQUE INDEX idx_tier_stripe_yearly_price_id ON tier (stripe_yearly_price_id);
    412. 

  412. 	`
    413. 

  413. 

  414. 	// 3 -> 4
    415. 

  415. 	migrate3To4UpdateQueries = `
    416. 

  416. 		ALTER TABLE tier ADD COLUMN calls_limit INT NOT NULL DEFAULT (0);
    417. 

  417. 		ALTER TABLE user ADD COLUMN stats_calls INT NOT NULL DEFAULT (0);
    418. 

  418. 		CREATE TABLE IF NOT EXISTS user_phone (
    419. 

  419. 			user_id TEXT NOT NULL,
    420. 

  420. 			phone_number TEXT NOT NULL,
    421. 

  421. 			PRIMARY KEY (user_id, phone_number),
    422. 

  422. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    423. 

  423. 		);
    424. 

  424. 	`
    425. 

  425. 

  426. 	// 4 -> 5
    427. 

  427. 	migrate4To5UpdateQueries = `
    428. 

  428. 		UPDATE user_access SET topic = REPLACE(topic, '_', '\_');
    429. 

  429. 	`
    430. 

  430. )
    431. 

  431. 

  432. var (
    433. 

  433. 	migrations = map[int]func(db *sql.DB) error{
    434. 

  434. 		1: migrateFrom1,
    435. 

  435. 		2: migrateFrom2,
    436. 

  436. 		3: migrateFrom3,
    437. 

  437. 		4: migrateFrom4,
    438. 

  438. 	}
    439. 

  439. )
    440. 

  440. 

  441. // Manager is an implementation of Manager. It stores users and access control list
    442. 

  442. // in a SQLite database.
    443. 

  443. type Manager struct {
    444. 

  444. 	db            *sql.DB
    445. 

  445. 	defaultAccess Permission              // Default permission if no ACL matches
    446. 

  446. 	statsQueue    map[string]*Stats       // "Queue" to asynchronously write user stats to the database (UserID -> Stats)
    447. 

  447. 	tokenQueue    map[string]*TokenUpdate // "Queue" to asynchronously write token access stats to the database (Token ID -> TokenUpdate)
    448. 

  448. 	bcryptCost    int                     // Makes testing easier
    449. 

  449. 	mu            sync.Mutex
    450. 

  450. }
    451. 

  451. 

  452. var _ Auther = (*Manager)(nil)
    453. 

  453. 

  454. // NewManager creates a new Manager instance
    455. 

  455. func NewManager(filename, startupQueries string, defaultAccess Permission, bcryptCost int, queueWriterInterval time.Duration) (*Manager, error) {
    456. 

  456. 	db, err := sql.Open("sqlite3", filename)
    457. 

  457. 	if err != nil {
    458. 

  458. 		return nil, err
    459. 

  459. 	}
    460. 

  460. 	if err := setupDB(db); err != nil {
    461. 

  461. 		return nil, err
    462. 

  462. 	}
    463. 

  463. 	if err := runStartupQueries(db, startupQueries); err != nil {
    464. 

  464. 		return nil, err
    465. 

  465. 	}
    466. 

  466. 	manager := &Manager{
    467. 

  467. 		db:            db,
    468. 

  468. 		defaultAccess: defaultAccess,
    469. 

  469. 		statsQueue:    make(map[string]*Stats),
    470. 

  470. 		tokenQueue:    make(map[string]*TokenUpdate),
    471. 

  471. 		bcryptCost:    bcryptCost,
    472. 

  472. 	}
    473. 

  473. 	go manager.asyncQueueWriter(queueWriterInterval)
    474. 

  474. 	return manager, nil
    475. 

  475. }
    476. 

  476. 

  477. // Authenticate checks username and password and returns a User if correct, and the user has not been
    478. 

  478. // marked as deleted. The method returns in constant-ish time, regardless of whether the user exists or
    479. 

  479. // the password is correct or incorrect.
    480. 

  480. func (a *Manager) Authenticate(username, password string) (*User, error) {
    481. 

  481. 	if username == Everyone {
    482. 

  482. 		return nil, ErrUnauthenticated
    483. 

  483. 	}
    484. 

  484. 	user, err := a.User(username)
    485. 

  485. 	if err != nil {
    486. 

  486. 		log.Tag(tag).Field("user_name", username).Err(err).Trace("Authentication of user failed (1)")
    487. 

  487. 		bcrypt.CompareHashAndPassword([]byte(userAuthIntentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
    488. 

  488. 		return nil, ErrUnauthenticated
    489. 

  489. 	} else if user.Deleted {
    490. 

  490. 		log.Tag(tag).Field("user_name", username).Trace("Authentication of user failed (2): user marked deleted")
    491. 

  491. 		bcrypt.CompareHashAndPassword([]byte(userAuthIntentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
    492. 

  492. 		return nil, ErrUnauthenticated
    493. 

  493. 	} else if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    494. 

  494. 		log.Tag(tag).Field("user_name", username).Err(err).Trace("Authentication of user failed (3)")
    495. 

  495. 		return nil, ErrUnauthenticated
    496. 

  496. 	}
    497. 

  497. 	return user, nil
    498. 

  498. }
    499. 

  499. 

  500. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    501. 

  501. // The method sets the User.Token value to the token that was used for authentication.
    502. 

  502. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    503. 

  503. 	if len(token) != tokenLength {
    504. 

  504. 		return nil, ErrUnauthenticated
    505. 

  505. 	}
    506. 

  506. 	user, err := a.userByToken(token)
    507. 

  507. 	if err != nil {
    508. 

  508. 		log.Tag(tag).Field("token", token).Err(err).Trace("Authentication of token failed")
    509. 

  509. 		return nil, ErrUnauthenticated
    510. 

  510. 	}
    511. 

  511. 	user.Token = token
    512. 

  512. 	return user, nil
    513. 

  513. }
    514. 

  514. 

  515. // CreateToken generates a random token for the given user and returns it. The token expires
    516. 

  516. // after a fixed duration unless ChangeToken is called. This function also prunes tokens for the
    517. 

  517. // given user, if there are too many of them.
    518. 

  518. func (a *Manager) CreateToken(userID, label string, expires time.Time, origin netip.Addr) (*Token, error) {
    519. 

  519. 	token := util.RandomLowerStringPrefix(tokenPrefix, tokenLength) // Lowercase only to support "<topic>+<token>@<domain>" email addresses
    520. 

  520. 	tx, err := a.db.Begin()
    521. 

  521. 	if err != nil {
    522. 

  522. 		return nil, err
    523. 

  523. 	}
    524. 

  524. 	defer tx.Rollback()
    525. 

  525. 	access := time.Now()
    526. 

  526. 	if _, err := tx.Exec(insertTokenQuery, userID, token, label, access.Unix(), origin.String(), expires.Unix()); err != nil {
    527. 

  527. 		return nil, err
    528. 

  528. 	}
    529. 

  529. 	rows, err := tx.Query(selectTokenCountQuery, userID)
    530. 

  530. 	if err != nil {
    531. 

  531. 		return nil, err
    532. 

  532. 	}
    533. 

  533. 	defer rows.Close()
    534. 

  534. 	if !rows.Next() {
    535. 

  535. 		return nil, errNoRows
    536. 

  536. 	}
    537. 

  537. 	var tokenCount int
    538. 

  538. 	if err := rows.Scan(&tokenCount); err != nil {
    539. 

  539. 		return nil, err
    540. 

  540. 	}
    541. 

  541. 	if tokenCount >= tokenMaxCount {
    542. 

  542. 		// This pruning logic is done in two queries for efficiency. The SELECT above is a lookup
    543. 

  543. 		// on two indices, whereas the query below is a full table scan.
    544. 

  544. 		if _, err := tx.Exec(deleteExcessTokensQuery, userID, userID, tokenMaxCount); err != nil {
    545. 

  545. 			return nil, err
    546. 

  546. 		}
    547. 

  547. 	}
    548. 

  548. 	if err := tx.Commit(); err != nil {
    549. 

  549. 		return nil, err
    550. 

  550. 	}
    551. 

  551. 	return &Token{
    552. 

  552. 		Value:      token,
    553. 

  553. 		Label:      label,
    554. 

  554. 		LastAccess: access,
    555. 

  555. 		LastOrigin: origin,
    556. 

  556. 		Expires:    expires,
    557. 

  557. 	}, nil
    558. 

  558. }
    559. 

  559. 

  560. // Tokens returns all existing tokens for the user with the given user ID
    561. 

  561. func (a *Manager) Tokens(userID string) ([]*Token, error) {
    562. 

  562. 	rows, err := a.db.Query(selectTokensQuery, userID)
    563. 

  563. 	if err != nil {
    564. 

  564. 		return nil, err
    565. 

  565. 	}
    566. 

  566. 	defer rows.Close()
    567. 

  567. 	tokens := make([]*Token, 0)
    568. 

  568. 	for {
    569. 

  569. 		token, err := a.readToken(rows)
    570. 

  570. 		if err == ErrTokenNotFound {
    571. 

  571. 			break
    572. 

  572. 		} else if err != nil {
    573. 

  573. 			return nil, err
    574. 

  574. 		}
    575. 

  575. 		tokens = append(tokens, token)
    576. 

  576. 	}
    577. 

  577. 	return tokens, nil
    578. 

  578. }
    579. 

  579. 

  580. // Token returns a specific token for a user
    581. 

  581. func (a *Manager) Token(userID, token string) (*Token, error) {
    582. 

  582. 	rows, err := a.db.Query(selectTokenQuery, userID, token)
    583. 

  583. 	if err != nil {
    584. 

  584. 		return nil, err
    585. 

  585. 	}
    586. 

  586. 	defer rows.Close()
    587. 

  587. 	return a.readToken(rows)
    588. 

  588. }
    589. 

  589. 

  590. func (a *Manager) readToken(rows *sql.Rows) (*Token, error) {
    591. 

  591. 	var token, label, lastOrigin string
    592. 

  592. 	var lastAccess, expires int64
    593. 

  593. 	if !rows.Next() {
    594. 

  594. 		return nil, ErrTokenNotFound
    595. 

  595. 	}
    596. 

  596. 	if err := rows.Scan(&token, &label, &lastAccess, &lastOrigin, &expires); err != nil {
    597. 

  597. 		return nil, err
    598. 

  598. 	} else if err := rows.Err(); err != nil {
    599. 

  599. 		return nil, err
    600. 

  600. 	}
    601. 

  601. 	lastOriginIP, err := netip.ParseAddr(lastOrigin)
    602. 

  602. 	if err != nil {
    603. 

  603. 		lastOriginIP = netip.IPv4Unspecified()
    604. 

  604. 	}
    605. 

  605. 	return &Token{
    606. 

  606. 		Value:      token,
    607. 

  607. 		Label:      label,
    608. 

  608. 		LastAccess: time.Unix(lastAccess, 0),
    609. 

  609. 		LastOrigin: lastOriginIP,
    610. 

  610. 		Expires:    time.Unix(expires, 0),
    611. 

  611. 	}, nil
    612. 

  612. }
    613. 

  613. 

  614. // ChangeToken updates a token's label and/or expiry date
    615. 

  615. func (a *Manager) ChangeToken(userID, token string, label *string, expires *time.Time) (*Token, error) {
    616. 

  616. 	if token == "" {
    617. 

  617. 		return nil, errNoTokenProvided
    618. 

  618. 	}
    619. 

  619. 	tx, err := a.db.Begin()
    620. 

  620. 	if err != nil {
    621. 

  621. 		return nil, err
    622. 

  622. 	}
    623. 

  623. 	defer tx.Rollback()
    624. 

  624. 	if label != nil {
    625. 

  625. 		if _, err := tx.Exec(updateTokenLabelQuery, *label, userID, token); err != nil {
    626. 

  626. 			return nil, err
    627. 

  627. 		}
    628. 

  628. 	}
    629. 

  629. 	if expires != nil {
    630. 

  630. 		if _, err := tx.Exec(updateTokenExpiryQuery, expires.Unix(), userID, token); err != nil {
    631. 

  631. 			return nil, err
    632. 

  632. 		}
    633. 

  633. 	}
    634. 

  634. 	if err := tx.Commit(); err != nil {
    635. 

  635. 		return nil, err
    636. 

  636. 	}
    637. 

  637. 	return a.Token(userID, token)
    638. 

  638. }
    639. 

  639. 

  640. // RemoveToken deletes the token defined in User.Token
    641. 

  641. func (a *Manager) RemoveToken(userID, token string) error {
    642. 

  642. 	if token == "" {
    643. 

  643. 		return errNoTokenProvided
    644. 

  644. 	}
    645. 

  645. 	if _, err := a.db.Exec(deleteTokenQuery, userID, token); err != nil {
    646. 

  646. 		return err
    647. 

  647. 	}
    648. 

  648. 	return nil
    649. 

  649. }
    650. 

  650. 

  651. // RemoveExpiredTokens deletes all expired tokens from the database
    652. 

  652. func (a *Manager) RemoveExpiredTokens() error {
    653. 

  653. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    654. 

  654. 		return err
    655. 

  655. 	}
    656. 

  656. 	return nil
    657. 

  657. }
    658. 

  658. 

  659. // PhoneNumbers returns all phone numbers for the user with the given user ID
    660. 

  660. func (a *Manager) PhoneNumbers(userID string) ([]string, error) {
    661. 

  661. 	rows, err := a.db.Query(selectPhoneNumbersQuery, userID)
    662. 

  662. 	if err != nil {
    663. 

  663. 		return nil, err
    664. 

  664. 	}
    665. 

  665. 	defer rows.Close()
    666. 

  666. 	phoneNumbers := make([]string, 0)
    667. 

  667. 	for {
    668. 

  668. 		phoneNumber, err := a.readPhoneNumber(rows)
    669. 

  669. 		if err == ErrPhoneNumberNotFound {
    670. 

  670. 			break
    671. 

  671. 		} else if err != nil {
    672. 

  672. 			return nil, err
    673. 

  673. 		}
    674. 

  674. 		phoneNumbers = append(phoneNumbers, phoneNumber)
    675. 

  675. 	}
    676. 

  676. 	return phoneNumbers, nil
    677. 

  677. }
    678. 

  678. 

  679. func (a *Manager) readPhoneNumber(rows *sql.Rows) (string, error) {
    680. 

  680. 	var phoneNumber string
    681. 

  681. 	if !rows.Next() {
    682. 

  682. 		return "", ErrPhoneNumberNotFound
    683. 

  683. 	}
    684. 

  684. 	if err := rows.Scan(&phoneNumber); err != nil {
    685. 

  685. 		return "", err
    686. 

  686. 	} else if err := rows.Err(); err != nil {
    687. 

  687. 		return "", err
    688. 

  688. 	}
    689. 

  689. 	return phoneNumber, nil
    690. 

  690. }
    691. 

  691. 

  692. // AddPhoneNumber adds a phone number to the user with the given user ID
    693. 

  693. func (a *Manager) AddPhoneNumber(userID string, phoneNumber string) error {
    694. 

  694. 	if _, err := a.db.Exec(insertPhoneNumberQuery, userID, phoneNumber); err != nil {
    695. 

  695. 		if sqliteErr, ok := err.(sqlite3.Error); ok && sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique {
    696. 

  696. 			return ErrPhoneNumberExists
    697. 

  697. 		}
    698. 

  698. 		return err
    699. 

  699. 	}
    700. 

  700. 	return nil
    701. 

  701. }
    702. 

  702. 

  703. // RemovePhoneNumber deletes a phone number from the user with the given user ID
    704. 

  704. func (a *Manager) RemovePhoneNumber(userID string, phoneNumber string) error {
    705. 

  705. 	_, err := a.db.Exec(deletePhoneNumberQuery, userID, phoneNumber)
    706. 

  706. 	return err
    707. 

  707. }
    708. 

  708. 

  709. // RemoveDeletedUsers deletes all users that have been marked deleted for
    710. 

  710. func (a *Manager) RemoveDeletedUsers() error {
    711. 

  711. 	if _, err := a.db.Exec(deleteUsersMarkedQuery, time.Now().Unix()); err != nil {
    712. 

  712. 		return err
    713. 

  713. 	}
    714. 

  714. 	return nil
    715. 

  715. }
    716. 

  716. 

  717. // ChangeSettings persists the user settings
    718. 

  718. func (a *Manager) ChangeSettings(userID string, prefs *Prefs) error {
    719. 

  719. 	b, err := json.Marshal(prefs)
    720. 

  720. 	if err != nil {
    721. 

  721. 		return err
    722. 

  722. 	}
    723. 

  723. 	if _, err := a.db.Exec(updateUserPrefsQuery, string(b), userID); err != nil {
    724. 

  724. 		return err
    725. 

  725. 	}
    726. 

  726. 	return nil
    727. 

  727. }
    728. 

  728. 

  729. // ResetStats resets all user stats in the user database. This touches all users.
    730. 

  730. func (a *Manager) ResetStats() error {
    731. 

  731. 	a.mu.Lock() // Includes database query to avoid races!
    732. 

  732. 	defer a.mu.Unlock()
    733. 

  733. 	if _, err := a.db.Exec(updateUserStatsResetAllQuery); err != nil {
    734. 

  734. 		return err
    735. 

  735. 	}
    736. 

  736. 	a.statsQueue = make(map[string]*Stats)
    737. 

  737. 	return nil
    738. 

  738. }
    739. 

  739. 

  740. // EnqueueUserStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    741. 

  741. // batches at a regular interval
    742. 

  742. func (a *Manager) EnqueueUserStats(userID string, stats *Stats) {
    743. 

  743. 	a.mu.Lock()
    744. 

  744. 	defer a.mu.Unlock()
    745. 

  745. 	a.statsQueue[userID] = stats
    746. 

  746. }
    747. 

  747. 

  748. // EnqueueTokenUpdate adds the token update to  a queue which writes out token access times
    749. 

  749. // in batches at a regular interval
    750. 

  750. func (a *Manager) EnqueueTokenUpdate(tokenID string, update *TokenUpdate) {
    751. 

  751. 	a.mu.Lock()
    752. 

  752. 	defer a.mu.Unlock()
    753. 

  753. 	a.tokenQueue[tokenID] = update
    754. 

  754. }
    755. 

  755. 

  756. func (a *Manager) asyncQueueWriter(interval time.Duration) {
    757. 

  757. 	ticker := time.NewTicker(interval)
    758. 

  758. 	for range ticker.C {
    759. 

  759. 		if err := a.writeUserStatsQueue(); err != nil {
    760. 

  760. 			log.Tag(tag).Err(err).Warn("Writing user stats queue failed")
    761. 

  761. 		}
    762. 

  762. 		if err := a.writeTokenUpdateQueue(); err != nil {
    763. 

  763. 			log.Tag(tag).Err(err).Warn("Writing token update queue failed")
    764. 

  764. 		}
    765. 

  765. 	}
    766. 

  766. }
    767. 

  767. 

  768. func (a *Manager) writeUserStatsQueue() error {
    769. 

  769. 	a.mu.Lock()
    770. 

  770. 	if len(a.statsQueue) == 0 {
    771. 

  771. 		a.mu.Unlock()
    772. 

  772. 		log.Tag(tag).Trace("No user stats updates to commit")
    773. 

  773. 		return nil
    774. 

  774. 	}
    775. 

  775. 	statsQueue := a.statsQueue
    776. 

  776. 	a.statsQueue = make(map[string]*Stats)
    777. 

  777. 	a.mu.Unlock()
    778. 

  778. 	tx, err := a.db.Begin()
    779. 

  779. 	if err != nil {
    780. 

  780. 		return err
    781. 

  781. 	}
    782. 

  782. 	defer tx.Rollback()
    783. 

  783. 	log.Tag(tag).Debug("Writing user stats queue for %d user(s)", len(statsQueue))
    784. 

  784. 	for userID, update := range statsQueue {
    785. 

  785. 		log.
    786. 

  786. 			Tag(tag).
    787. 

  787. 			Fields(log.Context{
    788. 

  788. 				"user_id":        userID,
    789. 

  789. 				"messages_count": update.Messages,
    790. 

  790. 				"emails_count":   update.Emails,
    791. 

  791. 				"calls_count":    update.Calls,
    792. 

  792. 			}).
    793. 

  793. 			Trace("Updating stats for user %s", userID)
    794. 

  794. 		if _, err := tx.Exec(updateUserStatsQuery, update.Messages, update.Emails, update.Calls, userID); err != nil {
    795. 

  795. 			return err
    796. 

  796. 		}
    797. 

  797. 	}
    798. 

  798. 	return tx.Commit()
    799. 

  799. }
    800. 

  800. 

  801. func (a *Manager) writeTokenUpdateQueue() error {
    802. 

  802. 	a.mu.Lock()
    803. 

  803. 	if len(a.tokenQueue) == 0 {
    804. 

  804. 		a.mu.Unlock()
    805. 

  805. 		log.Tag(tag).Trace("No token updates to commit")
    806. 

  806. 		return nil
    807. 

  807. 	}
    808. 

  808. 	tokenQueue := a.tokenQueue
    809. 

  809. 	a.tokenQueue = make(map[string]*TokenUpdate)
    810. 

  810. 	a.mu.Unlock()
    811. 

  811. 	tx, err := a.db.Begin()
    812. 

  812. 	if err != nil {
    813. 

  813. 		return err
    814. 

  814. 	}
    815. 

  815. 	defer tx.Rollback()
    816. 

  816. 	log.Tag(tag).Debug("Writing token update queue for %d token(s)", len(tokenQueue))
    817. 

  817. 	for tokenID, update := range tokenQueue {
    818. 

  818. 		log.Tag(tag).Trace("Updating token %s with last access time %v", tokenID, update.LastAccess.Unix())
    819. 

  819. 		if _, err := tx.Exec(updateTokenLastAccessQuery, update.LastAccess.Unix(), update.LastOrigin.String(), tokenID); err != nil {
    820. 

  820. 			return err
    821. 

  821. 		}
    822. 

  822. 	}
    823. 

  823. 	return tx.Commit()
    824. 

  824. }
    825. 

  825. 

  826. // Authorize returns nil if the given user has access to the given topic using the desired
    827. 

  827. // permission. The user param may be nil to signal an anonymous user.
    828. 

  828. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    829. 

  829. 	if user != nil && user.Role == RoleAdmin {
    830. 

  830. 		return nil // Admin can do everything
    831. 

  831. 	}
    832. 

  832. 	username := Everyone
    833. 

  833. 	if user != nil {
    834. 

  834. 		username = user.Name
    835. 

  835. 	}
    836. 

  836. 	// Select the read/write permissions for this user/topic combo.
    837. 

  837. 	// - The query may return two rows (one for everyone, and one for the user), but prioritizes the user.
    838. 

  838. 	// - Furthermore, the query prioritizes more specific permissions (longer!) over more generic ones, e.g. "test*" > "*"
    839. 

  839. 	// - It also prioritizes write permissions over read permissions
    840. 

  840. 	rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
    841. 

  841. 	if err != nil {
    842. 

  842. 		return err
    843. 

  843. 	}
    844. 

  844. 	defer rows.Close()
    845. 

  845. 	if !rows.Next() {
    846. 

  846. 		return a.resolvePerms(a.defaultAccess, perm)
    847. 

  847. 	}
    848. 

  848. 	var read, write bool
    849. 

  849. 	if err := rows.Scan(&read, &write); err != nil {
    850. 

  850. 		return err
    851. 

  851. 	} else if err := rows.Err(); err != nil {
    852. 

  852. 		return err
    853. 

  853. 	}
    854. 

  854. 	return a.resolvePerms(NewPermission(read, write), perm)
    855. 

  855. }
    856. 

  856. 

  857. func (a *Manager) resolvePerms(base, perm Permission) error {
    858. 

  858. 	if perm == PermissionRead && base.IsRead() {
    859. 

  859. 		return nil
    860. 

  860. 	} else if perm == PermissionWrite && base.IsWrite() {
    861. 

  861. 		return nil
    862. 

  862. 	}
    863. 

  863. 	return ErrUnauthorized
    864. 

  864. }
    865. 

  865. 

  866. // AddUser adds a user with the given username, password and role
    867. 

  867. func (a *Manager) AddUser(username, password string, role Role, hashed bool) error {
    868. 

  868. 	if !AllowedUsername(username) || !AllowedRole(role) {
    869. 

  869. 		return ErrInvalidArgument
    870. 

  870. 	}
    871. 

  871. 	var hash []byte
    872. 

  872. 	var err error = nil
    873. 

  873. 	if hashed {
    874. 

  874. 		hash = []byte(password)
    875. 

  875. 	} else {
    876. 

  876. 		hash, err = bcrypt.GenerateFromPassword([]byte(password), a.bcryptCost)
    877. 

  877. 		if err != nil {
    878. 

  878. 			return err
    879. 

  879. 		}
    880. 

  880. 	}
    881. 

  881. 	userID := util.RandomStringPrefix(userIDPrefix, userIDLength)
    882. 

  882. 	syncTopic, now := util.RandomStringPrefix(syncTopicPrefix, syncTopicLength), time.Now().Unix()
    883. 

  883. 	if _, err = a.db.Exec(insertUserQuery, userID, username, hash, role, syncTopic, now); err != nil {
    884. 

  884. 		if sqliteErr, ok := err.(sqlite3.Error); ok && sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique {
    885. 

  885. 			return ErrUserExists
    886. 

  886. 		}
    887. 

  887. 		return err
    888. 

  888. 	}
    889. 

  889. 	return nil
    890. 

  890. }
    891. 

  891. 

  892. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    893. 

  893. // if the user did not exist in the first place.
    894. 

  894. func (a *Manager) RemoveUser(username string) error {
    895. 

  895. 	if !AllowedUsername(username) {
    896. 

  896. 		return ErrInvalidArgument
    897. 

  897. 	}
    898. 

  898. 	// Rows in user_access, user_token, etc. are deleted via foreign keys
    899. 

  899. 	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
    900. 

  900. 		return err
    901. 

  901. 	}
    902. 

  902. 	return nil
    903. 

  903. }
    904. 

  904. 

  905. // MarkUserRemoved sets the deleted flag on the user, and deletes all access tokens. This prevents
    906. 

  906. // successful auth via Authenticate. A background process will delete the user at a later date.
    907. 

  907. func (a *Manager) MarkUserRemoved(user *User) error {
    908. 

  908. 	if !AllowedUsername(user.Name) {
    909. 

  909. 		return ErrInvalidArgument
    910. 

  910. 	}
    911. 

  911. 	tx, err := a.db.Begin()
    912. 

  912. 	if err != nil {
    913. 

  913. 		return err
    914. 

  914. 	}
    915. 

  915. 	defer tx.Rollback()
    916. 

  916. 	if _, err := tx.Exec(deleteUserAccessQuery, user.Name, user.Name); err != nil {
    917. 

  917. 		return err
    918. 

  918. 	}
    919. 

  919. 	if _, err := tx.Exec(deleteAllTokenQuery, user.ID); err != nil {
    920. 

  920. 		return err
    921. 

  921. 	}
    922. 

  922. 	if _, err := tx.Exec(updateUserDeletedQuery, time.Now().Add(userHardDeleteAfterDuration).Unix(), user.ID); err != nil {
    923. 

  923. 		return err
    924. 

  924. 	}
    925. 

  925. 	return tx.Commit()
    926. 

  926. }
    927. 

  927. 

  928. // Users returns a list of users. It always also returns the Everyone user ("*").
    929. 

  929. func (a *Manager) Users() ([]*User, error) {
    930. 

  930. 	rows, err := a.db.Query(selectUsernamesQuery)
    931. 

  931. 	if err != nil {
    932. 

  932. 		return nil, err
    933. 

  933. 	}
    934. 

  934. 	defer rows.Close()
    935. 

  935. 	usernames := make([]string, 0)
    936. 

  936. 	for rows.Next() {
    937. 

  937. 		var username string
    938. 

  938. 		if err := rows.Scan(&username); err != nil {
    939. 

  939. 			return nil, err
    940. 

  940. 		} else if err := rows.Err(); err != nil {
    941. 

  941. 			return nil, err
    942. 

  942. 		}
    943. 

  943. 		usernames = append(usernames, username)
    944. 

  944. 	}
    945. 

  945. 	rows.Close()
    946. 

  946. 	users := make([]*User, 0)
    947. 

  947. 	for _, username := range usernames {
    948. 

  948. 		user, err := a.User(username)
    949. 

  949. 		if err != nil {
    950. 

  950. 			return nil, err
    951. 

  951. 		}
    952. 

  952. 		users = append(users, user)
    953. 

  953. 	}
    954. 

  954. 	return users, nil
    955. 

  955. }
    956. 

  956. 

  957. // UsersCount returns the number of users in the databsae
    958. 

  958. func (a *Manager) UsersCount() (int64, error) {
    959. 

  959. 	rows, err := a.db.Query(selectUserCountQuery)
    960. 

  960. 	if err != nil {
    961. 

  961. 		return 0, err
    962. 

  962. 	}
    963. 

  963. 	defer rows.Close()
    964. 

  964. 	if !rows.Next() {
    965. 

  965. 		return 0, errNoRows
    966. 

  966. 	}
    967. 

  967. 	var count int64
    968. 

  968. 	if err := rows.Scan(&count); err != nil {
    969. 

  969. 		return 0, err
    970. 

  970. 	}
    971. 

  971. 	return count, nil
    972. 

  972. }
    973. 

  973. 

  974. // User returns the user with the given username if it exists, or ErrUserNotFound otherwise.
    975. 

  975. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    976. 

  976. func (a *Manager) User(username string) (*User, error) {
    977. 

  977. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    978. 

  978. 	if err != nil {
    979. 

  979. 		return nil, err
    980. 

  980. 	}
    981. 

  981. 	return a.readUser(rows)
    982. 

  982. }
    983. 

  983. 

  984. // UserByID returns the user with the given ID if it exists, or ErrUserNotFound otherwise
    985. 

  985. func (a *Manager) UserByID(id string) (*User, error) {
    986. 

  986. 	rows, err := a.db.Query(selectUserByIDQuery, id)
    987. 

  987. 	if err != nil {
    988. 

  988. 		return nil, err
    989. 

  989. 	}
    990. 

  990. 	return a.readUser(rows)
    991. 

  991. }
    992. 

  992. 

  993. // UserByStripeCustomer returns the user with the given Stripe customer ID if it exists, or ErrUserNotFound otherwise.
    994. 

  994. func (a *Manager) UserByStripeCustomer(stripeCustomerID string) (*User, error) {
    995. 

  995. 	rows, err := a.db.Query(selectUserByStripeCustomerIDQuery, stripeCustomerID)
    996. 

  996. 	if err != nil {
    997. 

  997. 		return nil, err
    998. 

  998. 	}
    999. 

  999. 	return a.readUser(rows)
    1000. 

  1000. }
    1001. 

  1001. 

  1002. func (a *Manager) userByToken(token string) (*User, error) {
    1003. 

  1003. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    1004. 

  1004. 	if err != nil {
    1005. 

  1005. 		return nil, err
    1006. 

  1006. 	}
    1007. 

  1007. 	return a.readUser(rows)
    1008. 

  1008. }
    1009. 

  1009. 

  1010. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    1011. 

  1011. 	defer rows.Close()
    1012. 

  1012. 	var id, username, hash, role, prefs, syncTopic string
    1013. 

  1013. 	var stripeCustomerID, stripeSubscriptionID, stripeSubscriptionStatus, stripeSubscriptionInterval, stripeMonthlyPriceID, stripeYearlyPriceID, tierID, tierCode, tierName sql.NullString
    1014. 

  1014. 	var messages, emails, calls int64
    1015. 

  1015. 	var messagesLimit, messagesExpiryDuration, emailsLimit, callsLimit, reservationsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit, attachmentExpiryDuration, attachmentBandwidthLimit, stripeSubscriptionPaidUntil, stripeSubscriptionCancelAt, deleted sql.NullInt64
    1016. 

  1016. 	if !rows.Next() {
    1017. 

  1017. 		return nil, ErrUserNotFound
    1018. 

  1018. 	}
    1019. 

  1019. 	if err := rows.Scan(&id, &username, &hash, &role, &prefs, &syncTopic, &messages, &emails, &calls, &stripeCustomerID, &stripeSubscriptionID, &stripeSubscriptionStatus, &stripeSubscriptionInterval, &stripeSubscriptionPaidUntil, &stripeSubscriptionCancelAt, &deleted, &tierID, &tierCode, &tierName, &messagesLimit, &messagesExpiryDuration, &emailsLimit, &callsLimit, &reservationsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit, &attachmentExpiryDuration, &attachmentBandwidthLimit, &stripeMonthlyPriceID, &stripeYearlyPriceID); err != nil {
    1020. 

  1020. 		return nil, err
    1021. 

  1021. 	} else if err := rows.Err(); err != nil {
    1022. 

  1022. 		return nil, err
    1023. 

  1023. 	}
    1024. 

  1024. 	user := &User{
    1025. 

  1025. 		ID:        id,
    1026. 

  1026. 		Name:      username,
    1027. 

  1027. 		Hash:      hash,
    1028. 

  1028. 		Role:      Role(role),
    1029. 

  1029. 		Prefs:     &Prefs{},
    1030. 

  1030. 		SyncTopic: syncTopic,
    1031. 

  1031. 		Stats: &Stats{
    1032. 

  1032. 			Messages: messages,
    1033. 

  1033. 			Emails:   emails,
    1034. 

  1034. 			Calls:    calls,
    1035. 

  1035. 		},
    1036. 

  1036. 		Billing: &Billing{
    1037. 

  1037. 			StripeCustomerID:            stripeCustomerID.String,                                          // May be empty
    1038. 

  1038. 			StripeSubscriptionID:        stripeSubscriptionID.String,                                      // May be empty
    1039. 

  1039. 			StripeSubscriptionStatus:    stripe.SubscriptionStatus(stripeSubscriptionStatus.String),       // May be empty
    1040. 

  1040. 			StripeSubscriptionInterval:  stripe.PriceRecurringInterval(stripeSubscriptionInterval.String), // May be empty
    1041. 

  1041. 			StripeSubscriptionPaidUntil: time.Unix(stripeSubscriptionPaidUntil.Int64, 0),                  // May be zero
    1042. 

  1042. 			StripeSubscriptionCancelAt:  time.Unix(stripeSubscriptionCancelAt.Int64, 0),                   // May be zero
    1043. 

  1043. 		},
    1044. 

  1044. 		Deleted: deleted.Valid,
    1045. 

  1045. 	}
    1046. 

  1046. 	if err := json.Unmarshal([]byte(prefs), user.Prefs); err != nil {
    1047. 

  1047. 		return nil, err
    1048. 

  1048. 	}
    1049. 

  1049. 	if tierCode.Valid {
    1050. 

  1050. 		// See readTier() when this is changed!
    1051. 

  1051. 		user.Tier = &Tier{
    1052. 

  1052. 			ID:                       tierID.String,
    1053. 

  1053. 			Code:                     tierCode.String,
    1054. 

  1054. 			Name:                     tierName.String,
    1055. 

  1055. 			MessageLimit:             messagesLimit.Int64,
    1056. 

  1056. 			MessageExpiryDuration:    time.Duration(messagesExpiryDuration.Int64) * time.Second,
    1057. 

  1057. 			EmailLimit:               emailsLimit.Int64,
    1058. 

  1058. 			CallLimit:                callsLimit.Int64,
    1059. 

  1059. 			ReservationLimit:         reservationsLimit.Int64,
    1060. 

  1060. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    1061. 

  1061. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    1062. 

  1062. 			AttachmentExpiryDuration: time.Duration(attachmentExpiryDuration.Int64) * time.Second,
    1063. 

  1063. 			AttachmentBandwidthLimit: attachmentBandwidthLimit.Int64,
    1064. 

  1064. 			StripeMonthlyPriceID:     stripeMonthlyPriceID.String, // May be empty
    1065. 

  1065. 			StripeYearlyPriceID:      stripeYearlyPriceID.String,  // May be empty
    1066. 

  1066. 		}
    1067. 

  1067. 	}
    1068. 

  1068. 	return user, nil
    1069. 

  1069. }
    1070. 

  1070. 

  1071. // AllGrants returns all user-specific access control entries, mapped to their respective user IDs
    1072. 

  1072. func (a *Manager) AllGrants() (map[string][]Grant, error) {
    1073. 

  1073. 	rows, err := a.db.Query(selectUserAllAccessQuery)
    1074. 

  1074. 	if err != nil {
    1075. 

  1075. 		return nil, err
    1076. 

  1076. 	}
    1077. 

  1077. 	defer rows.Close()
    1078. 

  1078. 	grants := make(map[string][]Grant, 0)
    1079. 

  1079. 	for rows.Next() {
    1080. 

  1080. 		var userID, topic string
    1081. 

  1081. 		var read, write bool
    1082. 

  1082. 		if err := rows.Scan(&userID, &topic, &read, &write); err != nil {
    1083. 

  1083. 			return nil, err
    1084. 

  1084. 		} else if err := rows.Err(); err != nil {
    1085. 

  1085. 			return nil, err
    1086. 

  1086. 		}
    1087. 

  1087. 		if _, ok := grants[userID]; !ok {
    1088. 

  1088. 			grants[userID] = make([]Grant, 0)
    1089. 

  1089. 		}
    1090. 

  1090. 		grants[userID] = append(grants[userID], Grant{
    1091. 

  1091. 			TopicPattern: fromSQLWildcard(topic),
    1092. 

  1092. 			Allow:        NewPermission(read, write),
    1093. 

  1093. 		})
    1094. 

  1094. 	}
    1095. 

  1095. 	return grants, nil
    1096. 

  1096. }
    1097. 

  1097. 

  1098. // Grants returns all user-specific access control entries
    1099. 

  1099. func (a *Manager) Grants(username string) ([]Grant, error) {
    1100. 

  1100. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    1101. 

  1101. 	if err != nil {
    1102. 

  1102. 		return nil, err
    1103. 

  1103. 	}
    1104. 

  1104. 	defer rows.Close()
    1105. 

  1105. 	grants := make([]Grant, 0)
    1106. 

  1106. 	for rows.Next() {
    1107. 

  1107. 		var topic string
    1108. 

  1108. 		var read, write bool
    1109. 

  1109. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    1110. 

  1110. 			return nil, err
    1111. 

  1111. 		} else if err := rows.Err(); err != nil {
    1112. 

  1112. 			return nil, err
    1113. 

  1113. 		}
    1114. 

  1114. 		grants = append(grants, Grant{
    1115. 

  1115. 			TopicPattern: fromSQLWildcard(topic),
    1116. 

  1116. 			Allow:        NewPermission(read, write),
    1117. 

  1117. 		})
    1118. 

  1118. 	}
    1119. 

  1119. 	return grants, nil
    1120. 

  1120. }
    1121. 

  1121. 

  1122. // Reservations returns all user-owned topics, and the associated everyone-access
    1123. 

  1123. func (a *Manager) Reservations(username string) ([]Reservation, error) {
    1124. 

  1124. 	rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
    1125. 

  1125. 	if err != nil {
    1126. 

  1126. 		return nil, err
    1127. 

  1127. 	}
    1128. 

  1128. 	defer rows.Close()
    1129. 

  1129. 	reservations := make([]Reservation, 0)
    1130. 

  1130. 	for rows.Next() {
    1131. 

  1131. 		var topic string
    1132. 

  1132. 		var ownerRead, ownerWrite bool
    1133. 

  1133. 		var everyoneRead, everyoneWrite sql.NullBool
    1134. 

  1134. 		if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
    1135. 

  1135. 			return nil, err
    1136. 

  1136. 		} else if err := rows.Err(); err != nil {
    1137. 

  1137. 			return nil, err
    1138. 

  1138. 		}
    1139. 

  1139. 		reservations = append(reservations, Reservation{
    1140. 

  1140. 			Topic:    unescapeUnderscore(topic),
    1141. 

  1141. 			Owner:    NewPermission(ownerRead, ownerWrite),
    1142. 

  1142. 			Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
    1143. 

  1143. 		})
    1144. 

  1144. 	}
    1145. 

  1145. 	return reservations, nil
    1146. 

  1146. }
    1147. 

  1147. 

  1148. // HasReservation returns true if the given topic access is owned by the user
    1149. 

  1149. func (a *Manager) HasReservation(username, topic string) (bool, error) {
    1150. 

  1150. 	rows, err := a.db.Query(selectUserHasReservationQuery, username, escapeUnderscore(topic))
    1151. 

  1151. 	if err != nil {
    1152. 

  1152. 		return false, err
    1153. 

  1153. 	}
    1154. 

  1154. 	defer rows.Close()
    1155. 

  1155. 	if !rows.Next() {
    1156. 

  1156. 		return false, errNoRows
    1157. 

  1157. 	}
    1158. 

  1158. 	var count int64
    1159. 

  1159. 	if err := rows.Scan(&count); err != nil {
    1160. 

  1160. 		return false, err
    1161. 

  1161. 	}
    1162. 

  1162. 	return count > 0, nil
    1163. 

  1163. }
    1164. 

  1164. 

  1165. // ReservationsCount returns the number of reservations owned by this user
    1166. 

  1166. func (a *Manager) ReservationsCount(username string) (int64, error) {
    1167. 

  1167. 	rows, err := a.db.Query(selectUserReservationsCountQuery, username)
    1168. 

  1168. 	if err != nil {
    1169. 

  1169. 		return 0, err
    1170. 

  1170. 	}
    1171. 

  1171. 	defer rows.Close()
    1172. 

  1172. 	if !rows.Next() {
    1173. 

  1173. 		return 0, errNoRows
    1174. 

  1174. 	}
    1175. 

  1175. 	var count int64
    1176. 

  1176. 	if err := rows.Scan(&count); err != nil {
    1177. 

  1177. 		return 0, err
    1178. 

  1178. 	}
    1179. 

  1179. 	return count, nil
    1180. 

  1180. }
    1181. 

  1181. 

  1182. // ReservationOwner returns user ID of the user that owns this topic, or an
    1183. 

  1183. // empty string if it's not owned by anyone
    1184. 

  1184. func (a *Manager) ReservationOwner(topic string) (string, error) {
    1185. 

  1185. 	rows, err := a.db.Query(selectUserReservationsOwnerQuery, escapeUnderscore(topic))
    1186. 

  1186. 	if err != nil {
    1187. 

  1187. 		return "", err
    1188. 

  1188. 	}
    1189. 

  1189. 	defer rows.Close()
    1190. 

  1190. 	if !rows.Next() {
    1191. 

  1191. 		return "", nil
    1192. 

  1192. 	}
    1193. 

  1193. 	var ownerUserID string
    1194. 

  1194. 	if err := rows.Scan(&ownerUserID); err != nil {
    1195. 

  1195. 		return "", err
    1196. 

  1196. 	}
    1197. 

  1197. 	return ownerUserID, nil
    1198. 

  1198. }
    1199. 

  1199. 

  1200. // ChangePassword changes a user's password
    1201. 

  1201. func (a *Manager) ChangePassword(username, password string, hashed bool) error {
    1202. 

  1202. 	var hash []byte
    1203. 

  1203. 	var err error
    1204. 

  1204. 

  1205. 	if hashed {
    1206. 

  1206. 		hash = []byte(password)
    1207. 

  1207. 	} else {
    1208. 

  1208. 		hash, err = bcrypt.GenerateFromPassword([]byte(password), a.bcryptCost)
    1209. 

  1209. 		if err != nil {
    1210. 

  1210. 			return err
    1211. 

  1211. 		}
    1212. 

  1212. 	}
    1213. 

  1213. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    1214. 

  1214. 		return err
    1215. 

  1215. 	}
    1216. 

  1216. 	return nil
    1217. 

  1217. }
    1218. 

  1218. 

  1219. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    1220. 

  1220. // all existing access control entries (Grant) are removed, since they are no longer needed.
    1221. 

  1221. func (a *Manager) ChangeRole(username string, role Role) error {
    1222. 

  1222. 	if !AllowedUsername(username) || !AllowedRole(role) {
    1223. 

  1223. 		return ErrInvalidArgument
    1224. 

  1224. 	}
    1225. 

  1225. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    1226. 

  1226. 		return err
    1227. 

  1227. 	}
    1228. 

  1228. 	if role == RoleAdmin {
    1229. 

  1229. 		if _, err := a.db.Exec(deleteUserAccessQuery, username, username); err != nil {
    1230. 

  1230. 			return err
    1231. 

  1231. 		}
    1232. 

  1232. 	}
    1233. 

  1233. 	return nil
    1234. 

  1234. }
    1235. 

  1235. 

  1236. // ChangeTier changes a user's tier using the tier code. This function does not delete reservations, messages,
    1237. 

  1237. // or attachments, even if the new tier has lower limits in this regard. That has to be done elsewhere.
    1238. 

  1238. func (a *Manager) ChangeTier(username, tier string) error {
    1239. 

  1239. 	if !AllowedUsername(username) {
    1240. 

  1240. 		return ErrInvalidArgument
    1241. 

  1241. 	}
    1242. 

  1242. 	t, err := a.Tier(tier)
    1243. 

  1243. 	if err != nil {
    1244. 

  1244. 		return err
    1245. 

  1245. 	} else if err := a.checkReservationsLimit(username, t.ReservationLimit); err != nil {
    1246. 

  1246. 		return err
    1247. 

  1247. 	}
    1248. 

  1248. 	if _, err := a.db.Exec(updateUserTierQuery, tier, username); err != nil {
    1249. 

  1249. 		return err
    1250. 

  1250. 	}
    1251. 

  1251. 	return nil
    1252. 

  1252. }
    1253. 

  1253. 

  1254. // ResetTier removes the tier from the given user
    1255. 

  1255. func (a *Manager) ResetTier(username string) error {
    1256. 

  1256. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    1257. 

  1257. 		return ErrInvalidArgument
    1258. 

  1258. 	} else if err := a.checkReservationsLimit(username, 0); err != nil {
    1259. 

  1259. 		return err
    1260. 

  1260. 	}
    1261. 

  1261. 	_, err := a.db.Exec(deleteUserTierQuery, username)
    1262. 

  1262. 	return err
    1263. 

  1263. }
    1264. 

  1264. 

  1265. func (a *Manager) checkReservationsLimit(username string, reservationsLimit int64) error {
    1266. 

  1266. 	u, err := a.User(username)
    1267. 

  1267. 	if err != nil {
    1268. 

  1268. 		return err
    1269. 

  1269. 	}
    1270. 

  1270. 	if u.Tier != nil && reservationsLimit < u.Tier.ReservationLimit {
    1271. 

  1271. 		reservations, err := a.Reservations(username)
    1272. 

  1272. 		if err != nil {
    1273. 

  1273. 			return err
    1274. 

  1274. 		} else if int64(len(reservations)) > reservationsLimit {
    1275. 

  1275. 			return ErrTooManyReservations
    1276. 

  1276. 		}
    1277. 

  1277. 	}
    1278. 

  1278. 	return nil
    1279. 

  1279. }
    1280. 

  1280. 

  1281. // AllowReservation tests if a user may create an access control entry for the given topic.
    1282. 

  1282. // If there are any ACL entries that are not owned by the user, an error is returned.
    1283. 

  1283. func (a *Manager) AllowReservation(username string, topic string) error {
    1284. 

  1284. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
    1285. 

  1285. 		return ErrInvalidArgument
    1286. 

  1286. 	}
    1287. 

  1287. 	rows, err := a.db.Query(selectOtherAccessCountQuery, escapeUnderscore(topic), escapeUnderscore(topic), username)
    1288. 

  1288. 	if err != nil {
    1289. 

  1289. 		return err
    1290. 

  1290. 	}
    1291. 

  1291. 	defer rows.Close()
    1292. 

  1292. 	if !rows.Next() {
    1293. 

  1293. 		return errNoRows
    1294. 

  1294. 	}
    1295. 

  1295. 	var otherCount int
    1296. 

  1296. 	if err := rows.Scan(&otherCount); err != nil {
    1297. 

  1297. 		return err
    1298. 

  1298. 	}
    1299. 

  1299. 	if otherCount > 0 {
    1300. 

  1300. 		return errTopicOwnedByOthers
    1301. 

  1301. 	}
    1302. 

  1302. 	return nil
    1303. 

  1303. }
    1304. 

  1304. 

  1305. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    1306. 

  1306. // read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
    1307. 

  1307. // owner may either be a user (username), or the system (empty).
    1308. 

  1308. func (a *Manager) AllowAccess(username string, topicPattern string, permission Permission) error {
    1309. 

  1309. 	if !AllowedUsername(username) && username != Everyone {
    1310. 

  1310. 		return ErrInvalidArgument
    1311. 

  1311. 	} else if !AllowedTopicPattern(topicPattern) {
    1312. 

  1312. 		return ErrInvalidArgument
    1313. 

  1313. 	}
    1314. 

  1314. 	owner := ""
    1315. 

  1315. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), permission.IsRead(), permission.IsWrite(), owner, owner); err != nil {
    1316. 

  1316. 		return err
    1317. 

  1317. 	}
    1318. 

  1318. 	return nil
    1319. 

  1319. }
    1320. 

  1320. 

  1321. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    1322. 

  1322. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    1323. 

  1323. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    1324. 

  1324. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    1325. 

  1325. 		return ErrInvalidArgument
    1326. 

  1326. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    1327. 

  1327. 		return ErrInvalidArgument
    1328. 

  1328. 	}
    1329. 

  1329. 	if username == "" && topicPattern == "" {
    1330. 

  1330. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    1331. 

  1331. 		return err
    1332. 

  1332. 	} else if topicPattern == "" {
    1333. 

  1333. 		_, err := a.db.Exec(deleteUserAccessQuery, username, username)
    1334. 

  1334. 		return err
    1335. 

  1335. 	}
    1336. 

  1336. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, username, toSQLWildcard(topicPattern))
    1337. 

  1337. 	return err
    1338. 

  1338. }
    1339. 

  1339. 

  1340. // AddReservation creates two access control entries for the given topic: one with full read/write access for the
    1341. 

  1341. // given user, and one for Everyone with the permission passed as everyone. The user also owns the entries, and
    1342. 

  1342. // can modify or delete them.
    1343. 

  1343. func (a *Manager) AddReservation(username string, topic string, everyone Permission) error {
    1344. 

  1344. 	if !AllowedUsername(username) || username == Everyone || !AllowedTopic(topic) {
    1345. 

  1345. 		return ErrInvalidArgument
    1346. 

  1346. 	}
    1347. 

  1347. 	tx, err := a.db.Begin()
    1348. 

  1348. 	if err != nil {
    1349. 

  1349. 		return err
    1350. 

  1350. 	}
    1351. 

  1351. 	defer tx.Rollback()
    1352. 

  1352. 	if _, err := tx.Exec(upsertUserAccessQuery, username, escapeUnderscore(topic), true, true, username, username); err != nil {
    1353. 

  1353. 		return err
    1354. 

  1354. 	}
    1355. 

  1355. 	if _, err := tx.Exec(upsertUserAccessQuery, Everyone, escapeUnderscore(topic), everyone.IsRead(), everyone.IsWrite(), username, username); err != nil {
    1356. 

  1356. 		return err
    1357. 

  1357. 	}
    1358. 

  1358. 	return tx.Commit()
    1359. 

  1359. }
    1360. 

  1360. 

  1361. // RemoveReservations deletes the access control entries associated with the given username/topic, as
    1362. 

  1362. // well as all entries with Everyone/topic. This is the counterpart for AddReservation.
    1363. 

  1363. func (a *Manager) RemoveReservations(username string, topics ...string) error {
    1364. 

  1364. 	if !AllowedUsername(username) || username == Everyone || len(topics) == 0 {
    1365. 

  1365. 		return ErrInvalidArgument
    1366. 

  1366. 	}
    1367. 

  1367. 	for _, topic := range topics {
    1368. 

  1368. 		if !AllowedTopic(topic) {
    1369. 

  1369. 			return ErrInvalidArgument
    1370. 

  1370. 		}
    1371. 

  1371. 	}
    1372. 

  1372. 	tx, err := a.db.Begin()
    1373. 

  1373. 	if err != nil {
    1374. 

  1374. 		return err
    1375. 

  1375. 	}
    1376. 

  1376. 	defer tx.Rollback()
    1377. 

  1377. 	for _, topic := range topics {
    1378. 

  1378. 		if _, err := tx.Exec(deleteTopicAccessQuery, username, username, escapeUnderscore(topic)); err != nil {
    1379. 

  1379. 			return err
    1380. 

  1380. 		}
    1381. 

  1381. 		if _, err := tx.Exec(deleteTopicAccessQuery, Everyone, Everyone, escapeUnderscore(topic)); err != nil {
    1382. 

  1382. 			return err
    1383. 

  1383. 		}
    1384. 

  1384. 	}
    1385. 

  1385. 	return tx.Commit()
    1386. 

  1386. }
    1387. 

  1387. 

  1388. // DefaultAccess returns the default read/write access if no access control entry matches
    1389. 

  1389. func (a *Manager) DefaultAccess() Permission {
    1390. 

  1390. 	return a.defaultAccess
    1391. 

  1391. }
    1392. 

  1392. 

  1393. // AddTier creates a new tier in the database
    1394. 

  1394. func (a *Manager) AddTier(tier *Tier) error {
    1395. 

  1395. 	if tier.ID == "" {
    1396. 

  1396. 		tier.ID = util.RandomStringPrefix(tierIDPrefix, tierIDLength)
    1397. 

  1397. 	}
    1398. 

  1398. 	if _, err := a.db.Exec(insertTierQuery, tier.ID, tier.Code, tier.Name, tier.MessageLimit, int64(tier.MessageExpiryDuration.Seconds()), tier.EmailLimit, tier.CallLimit, tier.ReservationLimit, tier.AttachmentFileSizeLimit, tier.AttachmentTotalSizeLimit, int64(tier.AttachmentExpiryDuration.Seconds()), tier.AttachmentBandwidthLimit, nullString(tier.StripeMonthlyPriceID), nullString(tier.StripeYearlyPriceID)); err != nil {
    1399. 

  1399. 		return err
    1400. 

  1400. 	}
    1401. 

  1401. 	return nil
    1402. 

  1402. }
    1403. 

  1403. 

  1404. // UpdateTier updates a tier's properties in the database
    1405. 

  1405. func (a *Manager) UpdateTier(tier *Tier) error {
    1406. 

  1406. 	if _, err := a.db.Exec(updateTierQuery, tier.Name, tier.MessageLimit, int64(tier.MessageExpiryDuration.Seconds()), tier.EmailLimit, tier.CallLimit, tier.ReservationLimit, tier.AttachmentFileSizeLimit, tier.AttachmentTotalSizeLimit, int64(tier.AttachmentExpiryDuration.Seconds()), tier.AttachmentBandwidthLimit, nullString(tier.StripeMonthlyPriceID), nullString(tier.StripeYearlyPriceID), tier.Code); err != nil {
    1407. 

  1407. 		return err
    1408. 

  1408. 	}
    1409. 

  1409. 	return nil
    1410. 

  1410. }
    1411. 

  1411. 

  1412. // RemoveTier deletes the tier with the given code
    1413. 

  1413. func (a *Manager) RemoveTier(code string) error {
    1414. 

  1414. 	if !AllowedTier(code) {
    1415. 

  1415. 		return ErrInvalidArgument
    1416. 

  1416. 	}
    1417. 

  1417. 	// This fails if any user has this tier
    1418. 

  1418. 	if _, err := a.db.Exec(deleteTierQuery, code); err != nil {
    1419. 

  1419. 		return err
    1420. 

  1420. 	}
    1421. 

  1421. 	return nil
    1422. 

  1422. }
    1423. 

  1423. 

  1424. // ChangeBilling updates a user's billing fields, namely the Stripe customer ID, and subscription information
    1425. 

  1425. func (a *Manager) ChangeBilling(username string, billing *Billing) error {
    1426. 

  1426. 	if _, err := a.db.Exec(updateBillingQuery, nullString(billing.StripeCustomerID), nullString(billing.StripeSubscriptionID), nullString(string(billing.StripeSubscriptionStatus)), nullString(string(billing.StripeSubscriptionInterval)), nullInt64(billing.StripeSubscriptionPaidUntil.Unix()), nullInt64(billing.StripeSubscriptionCancelAt.Unix()), username); err != nil {
    1427. 

  1427. 		return err
    1428. 

  1428. 	}
    1429. 

  1429. 	return nil
    1430. 

  1430. }
    1431. 

  1431. 

  1432. // Tiers returns a list of all Tier structs
    1433. 

  1433. func (a *Manager) Tiers() ([]*Tier, error) {
    1434. 

  1434. 	rows, err := a.db.Query(selectTiersQuery)
    1435. 

  1435. 	if err != nil {
    1436. 

  1436. 		return nil, err
    1437. 

  1437. 	}
    1438. 

  1438. 	defer rows.Close()
    1439. 

  1439. 	tiers := make([]*Tier, 0)
    1440. 

  1440. 	for {
    1441. 

  1441. 		tier, err := a.readTier(rows)
    1442. 

  1442. 		if err == ErrTierNotFound {
    1443. 

  1443. 			break
    1444. 

  1444. 		} else if err != nil {
    1445. 

  1445. 			return nil, err
    1446. 

  1446. 		}
    1447. 

  1447. 		tiers = append(tiers, tier)
    1448. 

  1448. 	}
    1449. 

  1449. 	return tiers, nil
    1450. 

  1450. }
    1451. 

  1451. 

  1452. // Tier returns a Tier based on the code, or ErrTierNotFound if it does not exist
    1453. 

  1453. func (a *Manager) Tier(code string) (*Tier, error) {
    1454. 

  1454. 	rows, err := a.db.Query(selectTierByCodeQuery, code)
    1455. 

  1455. 	if err != nil {
    1456. 

  1456. 		return nil, err
    1457. 

  1457. 	}
    1458. 

  1458. 	defer rows.Close()
    1459. 

  1459. 	return a.readTier(rows)
    1460. 

  1460. }
    1461. 

  1461. 

  1462. // TierByStripePrice returns a Tier based on the Stripe price ID, or ErrTierNotFound if it does not exist
    1463. 

  1463. func (a *Manager) TierByStripePrice(priceID string) (*Tier, error) {
    1464. 

  1464. 	rows, err := a.db.Query(selectTierByPriceIDQuery, priceID, priceID)
    1465. 

  1465. 	if err != nil {
    1466. 

  1466. 		return nil, err
    1467. 

  1467. 	}
    1468. 

  1468. 	defer rows.Close()
    1469. 

  1469. 	return a.readTier(rows)
    1470. 

  1470. }
    1471. 

  1471. 

  1472. func (a *Manager) readTier(rows *sql.Rows) (*Tier, error) {
    1473. 

  1473. 	var id, code, name string
    1474. 

  1474. 	var stripeMonthlyPriceID, stripeYearlyPriceID sql.NullString
    1475. 

  1475. 	var messagesLimit, messagesExpiryDuration, emailsLimit, callsLimit, reservationsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit, attachmentExpiryDuration, attachmentBandwidthLimit sql.NullInt64
    1476. 

  1476. 	if !rows.Next() {
    1477. 

  1477. 		return nil, ErrTierNotFound
    1478. 

  1478. 	}
    1479. 

  1479. 	if err := rows.Scan(&id, &code, &name, &messagesLimit, &messagesExpiryDuration, &emailsLimit, &callsLimit, &reservationsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit, &attachmentExpiryDuration, &attachmentBandwidthLimit, &stripeMonthlyPriceID, &stripeYearlyPriceID); err != nil {
    1480. 

  1480. 		return nil, err
    1481. 

  1481. 	} else if err := rows.Err(); err != nil {
    1482. 

  1482. 		return nil, err
    1483. 

  1483. 	}
    1484. 

  1484. 	// When changed, note readUser() as well
    1485. 

  1485. 	return &Tier{
    1486. 

  1486. 		ID:                       id,
    1487. 

  1487. 		Code:                     code,
    1488. 

  1488. 		Name:                     name,
    1489. 

  1489. 		MessageLimit:             messagesLimit.Int64,
    1490. 

  1490. 		MessageExpiryDuration:    time.Duration(messagesExpiryDuration.Int64) * time.Second,
    1491. 

  1491. 		EmailLimit:               emailsLimit.Int64,
    1492. 

  1492. 		CallLimit:                callsLimit.Int64,
    1493. 

  1493. 		ReservationLimit:         reservationsLimit.Int64,
    1494. 

  1494. 		AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    1495. 

  1495. 		AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    1496. 

  1496. 		AttachmentExpiryDuration: time.Duration(attachmentExpiryDuration.Int64) * time.Second,
    1497. 

  1497. 		AttachmentBandwidthLimit: attachmentBandwidthLimit.Int64,
    1498. 

  1498. 		StripeMonthlyPriceID:     stripeMonthlyPriceID.String, // May be empty
    1499. 

  1499. 		StripeYearlyPriceID:      stripeYearlyPriceID.String,  // May be empty
    1500. 

  1500. 	}, nil
    1501. 

  1501. }
    1502. 

  1502. 

  1503. // Close closes the underlying database
    1504. 

  1504. func (a *Manager) Close() error {
    1505. 

  1505. 	return a.db.Close()
    1506. 

  1506. }
    1507. 

  1507. 

  1508. // toSQLWildcard converts a wildcard string to a SQL wildcard string. It only allows '*' as wildcards,
    1509. 

  1509. // and escapes '_', assuming '\' as escape character.
    1510. 

  1510. func toSQLWildcard(s string) string {
    1511. 

  1511. 	return escapeUnderscore(strings.ReplaceAll(s, "*", "%"))
    1512. 

  1512. }
    1513. 

  1513. 

  1514. // fromSQLWildcard converts a SQL wildcard string to a wildcard string. It converts '%' to '*',
    1515. 

  1515. // and removes the '\_' escape character.
    1516. 

  1516. func fromSQLWildcard(s string) string {
    1517. 

  1517. 	return strings.ReplaceAll(unescapeUnderscore(s), "%", "*")
    1518. 

  1518. }
    1519. 

  1519. 

  1520. func escapeUnderscore(s string) string {
    1521. 

  1521. 	return strings.ReplaceAll(s, "_", "\\_")
    1522. 

  1522. }
    1523. 

  1523. 

  1524. func unescapeUnderscore(s string) string {
    1525. 

  1525. 	return strings.ReplaceAll(s, "\\_", "_")
    1526. 

  1526. }
    1527. 

  1527. 

  1528. func runStartupQueries(db *sql.DB, startupQueries string) error {
    1529. 

  1529. 	if _, err := db.Exec(startupQueries); err != nil {
    1530. 

  1530. 		return err
    1531. 

  1531. 	}
    1532. 

  1532. 	if _, err := db.Exec(builtinStartupQueries); err != nil {
    1533. 

  1533. 		return err
    1534. 

  1534. 	}
    1535. 

  1535. 	return nil
    1536. 

  1536. }
    1537. 

  1537. 

  1538. func setupDB(db *sql.DB) error {
    1539. 

  1539. 	// If 'schemaVersion' table does not exist, this must be a new database
    1540. 

  1540. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    1541. 

  1541. 	if err != nil {
    1542. 

  1542. 		return setupNewDB(db)
    1543. 

  1543. 	}
    1544. 

  1544. 	defer rowsSV.Close()
    1545. 

  1545. 

  1546. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    1547. 

  1547. 	schemaVersion := 0
    1548. 

  1548. 	if !rowsSV.Next() {
    1549. 

  1549. 		return errors.New("cannot determine schema version: database file may be corrupt")
    1550. 

  1550. 	}
    1551. 

  1551. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    1552. 

  1552. 		return err
    1553. 

  1553. 	}
    1554. 

  1554. 	rowsSV.Close()
    1555. 

  1555. 

  1556. 	// Do migrations
    1557. 

  1557. 	if schemaVersion == currentSchemaVersion {
    1558. 

  1558. 		return nil
    1559. 

  1559. 	} else if schemaVersion > currentSchemaVersion {
    1560. 

  1560. 		return fmt.Errorf("unexpected schema version: version %d is higher than current version %d", schemaVersion, currentSchemaVersion)
    1561. 

  1561. 	}
    1562. 

  1562. 	for i := schemaVersion; i < currentSchemaVersion; i++ {
    1563. 

  1563. 		fn, ok := migrations[i]
    1564. 

  1564. 		if !ok {
    1565. 

  1565. 			return fmt.Errorf("cannot find migration step from schema version %d to %d", i, i+1)
    1566. 

  1566. 		} else if err := fn(db); err != nil {
    1567. 

  1567. 			return err
    1568. 

  1568. 		}
    1569. 

  1569. 	}
    1570. 

  1570. 	return nil
    1571. 

  1571. }
    1572. 

  1572. 

  1573. func setupNewDB(db *sql.DB) error {
    1574. 

  1574. 	if _, err := db.Exec(createTablesQueries); err != nil {
    1575. 

  1575. 		return err
    1576. 

  1576. 	}
    1577. 

  1577. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    1578. 

  1578. 		return err
    1579. 

  1579. 	}
    1580. 

  1580. 	return nil
    1581. 

  1581. }
    1582. 

  1582. 

  1583. func migrateFrom1(db *sql.DB) error {
    1584. 

  1584. 	log.Tag(tag).Info("Migrating user database schema: from 1 to 2")
    1585. 

  1585. 	tx, err := db.Begin()
    1586. 

  1586. 	if err != nil {
    1587. 

  1587. 		return err
    1588. 

  1588. 	}
    1589. 

  1589. 	defer tx.Rollback()
    1590. 

  1590. 	// Rename user -> user_old, and create new tables
    1591. 

  1591. 	if _, err := tx.Exec(migrate1To2CreateTablesQueries); err != nil {
    1592. 

  1592. 		return err
    1593. 

  1593. 	}
    1594. 

  1594. 	// Insert users from user_old into new user table, with ID and sync_topic
    1595. 

  1595. 	rows, err := tx.Query(migrate1To2SelectAllOldUsernamesNoTx)
    1596. 

  1596. 	if err != nil {
    1597. 

  1597. 		return err
    1598. 

  1598. 	}
    1599. 

  1599. 	defer rows.Close()
    1600. 

  1600. 	usernames := make([]string, 0)
    1601. 

  1601. 	for rows.Next() {
    1602. 

  1602. 		var username string
    1603. 

  1603. 		if err := rows.Scan(&username); err != nil {
    1604. 

  1604. 			return err
    1605. 

  1605. 		}
    1606. 

  1606. 		usernames = append(usernames, username)
    1607. 

  1607. 	}
    1608. 

  1608. 	if err := rows.Close(); err != nil {
    1609. 

  1609. 		return err
    1610. 

  1610. 	}
    1611. 

  1611. 	for _, username := range usernames {
    1612. 

  1612. 		userID := util.RandomStringPrefix(userIDPrefix, userIDLength)
    1613. 

  1613. 		syncTopic := util.RandomStringPrefix(syncTopicPrefix, syncTopicLength)
    1614. 

  1614. 		if _, err := tx.Exec(migrate1To2InsertUserNoTx, userID, syncTopic, username); err != nil {
    1615. 

  1615. 			return err
    1616. 

  1616. 		}
    1617. 

  1617. 	}
    1618. 

  1618. 	// Migrate old "access" table to "user_access" and drop "access" and "user_old"
    1619. 

  1619. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    1620. 

  1620. 		return err
    1621. 

  1621. 	}
    1622. 

  1622. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    1623. 

  1623. 		return err
    1624. 

  1624. 	}
    1625. 

  1625. 	if err := tx.Commit(); err != nil {
    1626. 

  1626. 		return err
    1627. 

  1627. 	}
    1628. 

  1628. 	return nil
    1629. 

  1629. }
    1630. 

  1630. 

  1631. func migrateFrom2(db *sql.DB) error {
    1632. 

  1632. 	log.Tag(tag).Info("Migrating user database schema: from 2 to 3")
    1633. 

  1633. 	tx, err := db.Begin()
    1634. 

  1634. 	if err != nil {
    1635. 

  1635. 		return err
    1636. 

  1636. 	}
    1637. 

  1637. 	defer tx.Rollback()
    1638. 

  1638. 	if _, err := tx.Exec(migrate2To3UpdateQueries); err != nil {
    1639. 

  1639. 		return err
    1640. 

  1640. 	}
    1641. 

  1641. 	if _, err := tx.Exec(updateSchemaVersion, 3); err != nil {
    1642. 

  1642. 		return err
    1643. 

  1643. 	}
    1644. 

  1644. 	return tx.Commit()
    1645. 

  1645. }
    1646. 

  1646. 

  1647. func migrateFrom3(db *sql.DB) error {
    1648. 

  1648. 	log.Tag(tag).Info("Migrating user database schema: from 3 to 4")
    1649. 

  1649. 	tx, err := db.Begin()
    1650. 

  1650. 	if err != nil {
    1651. 

  1651. 		return err
    1652. 

  1652. 	}
    1653. 

  1653. 	defer tx.Rollback()
    1654. 

  1654. 	if _, err := tx.Exec(migrate3To4UpdateQueries); err != nil {
    1655. 

  1655. 		return err
    1656. 

  1656. 	}
    1657. 

  1657. 	if _, err := tx.Exec(updateSchemaVersion, 4); err != nil {
    1658. 

  1658. 		return err
    1659. 

  1659. 	}
    1660. 

  1660. 	return tx.Commit()
    1661. 

  1661. }
    1662. 

  1662. 

  1663. func migrateFrom4(db *sql.DB) error {
    1664. 

  1664. 	log.Tag(tag).Info("Migrating user database schema: from 4 to 5")
    1665. 

  1665. 	tx, err := db.Begin()
    1666. 

  1666. 	if err != nil {
    1667. 

  1667. 		return err
    1668. 

  1668. 	}
    1669. 

  1669. 	defer tx.Rollback()
    1670. 

  1670. 	if _, err := tx.Exec(migrate4To5UpdateQueries); err != nil {
    1671. 

  1671. 		return err
    1672. 

  1672. 	}
    1673. 

  1673. 	if _, err := tx.Exec(updateSchemaVersion, 5); err != nil {
    1674. 

  1674. 		return err
    1675. 

  1675. 	}
    1676. 

  1676. 	return tx.Commit()
    1677. 

  1677. }
    1678. 

  1678. 

  1679. func nullString(s string) sql.NullString {
    1680. 

  1680. 	if s == "" {
    1681. 

  1681. 		return sql.NullString{}
    1682. 

  1682. 	}
    1683. 

  1683. 	return sql.NullString{String: s, Valid: true}
    1684. 

  1684. }
    1685. 

  1685. 

  1686. func nullInt64(v int64) sql.NullInt64 {
    1687. 

  1687. 	if v == 0 {
    1688. 

  1688. 		return sql.NullInt64{}
    1689. 

  1689. 	}
    1690. 

  1690. 	return sql.NullInt64{Int64: v, Valid: true}
    1691. 

  1691. }
    1692.