Home Explore Help
Sign In
mirrors
/
ntfy
mirror of https://github.com/binwiederhier/ntfy
1
0
Fork 0
Files Issues 0 Wiki
Tree: a54a11db88
Branches Tags
ntfy
/
user
/
manager.go

manager.go 25 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	bcryptCost                   = 10
    19. 

  19. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    20. 

  20. 	userStatsQueueWriterInterval = 33 * time.Second
    21. 

  21. 	tokenLength                  = 32
    22. 

  22. 	tokenExpiryDuration          = 72 * time.Hour // Extend tokens by this much
    23. 

  23. 	tokenMaxCount                = 10             // Only keep this many tokens in the table per user
    24. 

  24. )
    25. 

  25. 

  26. var (
    27. 

  27. 	errNoTokenProvided    = errors.New("no token provided")
    28. 

  28. 	errTopicOwnedByOthers = errors.New("topic owned by others")
    29. 

  29. 	errNoRows             = errors.New("no rows found")
    30. 

  30. )
    31. 

  31. 

  32. // Manager-related queries
    33. 

  33. const (
    34. 

  34. 	createTablesQueriesNoTx = `
    35. 

  35. 		CREATE TABLE IF NOT EXISTS plan (
    36. 

  36. 			id INT NOT NULL,		
    37. 

  37. 			code TEXT NOT NULL,
    38. 

  38. 			messages_limit INT NOT NULL,
    39. 

  39. 			messages_expiry_duration INT NOT NULL,
    40. 

  40. 			emails_limit INT NOT NULL,
    41. 

  41. 			topics_limit INT NOT NULL,
    42. 

  42. 			attachment_file_size_limit INT NOT NULL,
    43. 

  43. 			attachment_total_size_limit INT NOT NULL,
    44. 

  44. 			attachment_expiry_duration INT NOT NULL,
    45. 

  45. 			PRIMARY KEY (id)
    46. 

  46. 		);
    47. 

  47. 		CREATE TABLE IF NOT EXISTS user (
    48. 

  48. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    49. 

  49. 			plan_id INT,
    50. 

  50. 			user TEXT NOT NULL,
    51. 

  51. 			pass TEXT NOT NULL,
    52. 

  52. 			role TEXT NOT NULL,
    53. 

  53. 			messages INT NOT NULL DEFAULT (0),
    54. 

  54. 			emails INT NOT NULL DEFAULT (0),			
    55. 

  55. 			settings JSON,
    56. 

  56. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    57. 

  57. 		);
    58. 

  58. 		CREATE UNIQUE INDEX idx_user ON user (user);
    59. 

  59. 		CREATE TABLE IF NOT EXISTS user_access (
    60. 

  60. 			user_id INT NOT NULL,
    61. 

  61. 			topic TEXT NOT NULL,
    62. 

  62. 			read INT NOT NULL,
    63. 

  63. 			write INT NOT NULL,
    64. 

  64. 			owner_user_id INT,			
    65. 

  65. 			PRIMARY KEY (user_id, topic),
    66. 

  66. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
    67. 

  67. 		    FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
    68. 

  68. 		);
    69. 

  69. 		CREATE TABLE IF NOT EXISTS user_token (
    70. 

  70. 			user_id INT NOT NULL,
    71. 

  71. 			token TEXT NOT NULL,
    72. 

  72. 			expires INT NOT NULL,
    73. 

  73. 			PRIMARY KEY (user_id, token),
    74. 

  74. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    75. 

  75. 		);
    76. 

  76. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    77. 

  77. 			id INT PRIMARY KEY,
    78. 

  78. 			version INT NOT NULL
    79. 

  79. 		);
    80. 

  80. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    81. 

  81. 	`
    82. 

  82. 	createTablesQueries   = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
    83. 

  83. 	builtinStartupQueries = `
    84. 

  84. 		PRAGMA foreign_keys = ON;
    85. 

  85. 	`
    86. 

  86. 

  87. 	selectUserByNameQuery = `
    88. 

  88. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.messages_expiry_duration, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit, p.attachment_expiry_duration
    89. 

  89. 		FROM user u
    90. 

  90. 		LEFT JOIN plan p on p.id = u.plan_id
    91. 

  91. 		WHERE user = ?		
    92. 

  92. 	`
    93. 

  93. 	selectUserByTokenQuery = `
    94. 

  94. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.messages_expiry_duration, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit, p.attachment_expiry_duration
    95. 

  95. 		FROM user u
    96. 

  96. 		JOIN user_token t on u.id = t.user_id
    97. 

  97. 		LEFT JOIN plan p on p.id = u.plan_id
    98. 

  98. 		WHERE t.token = ? AND t.expires >= ?
    99. 

  99. 	`
    100. 

  100. 	selectTopicPermsQuery = `
    101. 

  101. 		SELECT read, write
    102. 

  102. 		FROM user_access a
    103. 

  103. 		JOIN user u ON u.id = a.user_id
    104. 

  104. 		WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic
    105. 

  105. 		ORDER BY u.user DESC
    106. 

  106. 	`
    107. 

  107. 

  108. 	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    109. 

  109. 	selectUsernamesQuery = `
    110. 

  110. 		SELECT user 
    111. 

  111. 		FROM user 
    112. 

  112. 		ORDER BY
    113. 

  113. 			CASE role
    114. 

  114. 				WHEN 'admin' THEN 1
    115. 

  115. 				WHEN 'anonymous' THEN 3
    116. 

  116. 				ELSE 2
    117. 

  117. 			END, user
    118. 

  118. 	`
    119. 

  119. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    120. 

  120. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    121. 

  121. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    122. 

  122. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    123. 

  123. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    124. 

  124. 

  125. 	upsertUserAccessQuery = `
    126. 

  126. 		INSERT INTO user_access (user_id, topic, read, write, owner_user_id) 
    127. 

  127. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
    128. 

  128. 		ON CONFLICT (user_id, topic) 
    129. 

  129. 		DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
    130. 

  130. 	`
    131. 

  131. 	selectUserAccessQuery = `
    132. 

  132. 		SELECT topic, read, write
    133. 

  133. 		FROM user_access 
    134. 

  134. 		WHERE user_id = (SELECT id FROM user WHERE user = ?) 
    135. 

  135. 		ORDER BY write DESC, read DESC, topic
    136. 

  136. 	`
    137. 

  137. 	selectUserReservationsQuery = `
    138. 

  138. 		SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
    139. 

  139. 		FROM user_access a_user
    140. 

  140. 		LEFT JOIN  user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
    141. 

  141. 		WHERE a_user.user_id = a_user.owner_user_id
    142. 

  142. 		  AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
    143. 

  143. 		ORDER BY a_user.topic
    144. 

  144. 	`
    145. 

  145. 	selectUserReservationsCountQuery = `
    146. 

  146. 		SELECT COUNT(*)
    147. 

  147. 		FROM user_access
    148. 

  148. 		WHERE user_id = owner_user_id AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    149. 

  149. 	`
    150. 

  150. 	selectUserHasReservationQuery = `
    151. 

  151. 		SELECT COUNT(*)
    152. 

  152. 		FROM user_access
    153. 

  153. 		WHERE user_id = owner_user_id 
    154. 

  154. 		  AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    155. 

  155. 		  AND topic = ?	
    156. 

  156. 	`
    157. 

  157. 	selectOtherAccessCountQuery = `
    158. 

  158. 		SELECT COUNT(*)
    159. 

  159. 		FROM user_access
    160. 

  160. 		WHERE (topic = ? OR ? LIKE topic)
    161. 

  161. 		  AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
    162. 

  162. 	`
    163. 

  163. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    164. 

  164. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    165. 

  165. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    166. 

  166. 

  167. 	selectTokenCountQuery    = `SELECT COUNT(*) FROM user_token WHERE (SELECT id FROM user WHERE user = ?)`
    168. 

  168. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    169. 

  169. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    170. 

  170. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    171. 

  171. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    172. 

  172. 	deleteExcessTokensQuery  = `
    173. 

  173. 		DELETE FROM user_token
    174. 

  174. 		WHERE (user_id, token) NOT IN (
    175. 

  175. 			SELECT user_id, token
    176. 

  176. 			FROM user_token
    177. 

  177. 			WHERE user_id = (SELECT id FROM user WHERE user = ?)
    178. 

  178. 			ORDER BY expires DESC 
    179. 

  179. 			LIMIT ?
    180. 

  180. 		)
    181. 

  181. ;
    182. 

  182. 	`
    183. 

  183. )
    184. 

  184. 

  185. // Schema management queries
    186. 

  186. const (
    187. 

  187. 	currentSchemaVersion     = 2
    188. 

  188. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    189. 

  189. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    190. 

  190. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    191. 

  191. 

  192. 	// 1 -> 2 (complex migration!)
    193. 

  193. 	migrate1To2RenameUserTableQueryNoTx = `
    194. 

  194. 		ALTER TABLE user RENAME TO user_old;
    195. 

  195. 	`
    196. 

  196. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    197. 

  197. 		INSERT INTO user (user, pass, role) 
    198. 

  198. 		SELECT user, pass, role FROM user_old;
    199. 

  199. 

  200. 		INSERT INTO user_access (user_id, topic, read, write)
    201. 

  201. 		SELECT u.id, a.topic, a.read, a.write
    202. 

  202. 		FROM user u
    203. 

  203. 	 	JOIN access a ON u.user = a.user;
    204. 

  204. 

  205. 		DROP TABLE access;
    206. 

  206. 		DROP TABLE user_old;
    207. 

  207. 	`
    208. 

  208. )
    209. 

  209. 

  210. // Manager is an implementation of Manager. It stores users and access control list
    211. 

  211. // in a SQLite database.
    212. 

  212. type Manager struct {
    213. 

  213. 	db            *sql.DB
    214. 

  214. 	defaultAccess Permission       // Default permission if no ACL matches
    215. 

  215. 	statsQueue    map[string]*User // Username -> User, for "unimportant" user updates
    216. 

  216. 	mu            sync.Mutex
    217. 

  217. }
    218. 

  218. 

  219. var _ Auther = (*Manager)(nil)
    220. 

  220. 

  221. // NewManager creates a new Manager instance
    222. 

  222. func NewManager(filename, startupQueries string, defaultAccess Permission) (*Manager, error) {
    223. 

  223. 	return newManager(filename, startupQueries, defaultAccess, userStatsQueueWriterInterval)
    224. 

  224. }
    225. 

  225. 

  226. // NewManager creates a new Manager instance
    227. 

  227. func newManager(filename, startupQueries string, defaultAccess Permission, statsWriterInterval time.Duration) (*Manager, error) {
    228. 

  228. 	db, err := sql.Open("sqlite3", filename)
    229. 

  229. 	if err != nil {
    230. 

  230. 		return nil, err
    231. 

  231. 	}
    232. 

  232. 	if err := setupDB(db); err != nil {
    233. 

  233. 		return nil, err
    234. 

  234. 	}
    235. 

  235. 	if err := runStartupQueries(db, startupQueries); err != nil {
    236. 

  236. 		return nil, err
    237. 

  237. 	}
    238. 

  238. 	manager := &Manager{
    239. 

  239. 		db:            db,
    240. 

  240. 		defaultAccess: defaultAccess,
    241. 

  241. 		statsQueue:    make(map[string]*User),
    242. 

  242. 	}
    243. 

  243. 	go manager.userStatsQueueWriter(statsWriterInterval)
    244. 

  244. 	return manager, nil
    245. 

  245. }
    246. 

  246. 

  247. // Authenticate checks username and password and returns a User if correct. The method
    248. 

  248. // returns in constant-ish time, regardless of whether the user exists or the password is
    249. 

  249. // correct or incorrect.
    250. 

  250. func (a *Manager) Authenticate(username, password string) (*User, error) {
    251. 

  251. 	if username == Everyone {
    252. 

  252. 		return nil, ErrUnauthenticated
    253. 

  253. 	}
    254. 

  254. 	user, err := a.User(username)
    255. 

  255. 	if err != nil {
    256. 

  256. 		log.Trace("authentication of user %s failed (1): %s", username, err.Error())
    257. 

  257. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
    258. 

  258. 		return nil, ErrUnauthenticated
    259. 

  259. 	}
    260. 

  260. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    261. 

  261. 		log.Trace("authentication of user %s failed (2): %s", username, err.Error())
    262. 

  262. 		return nil, ErrUnauthenticated
    263. 

  263. 	}
    264. 

  264. 	return user, nil
    265. 

  265. }
    266. 

  266. 

  267. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    268. 

  268. // The method sets the User.Token value to the token that was used for authentication.
    269. 

  269. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    270. 

  270. 	if len(token) != tokenLength {
    271. 

  271. 		return nil, ErrUnauthenticated
    272. 

  272. 	}
    273. 

  273. 	user, err := a.userByToken(token)
    274. 

  274. 	if err != nil {
    275. 

  275. 		return nil, ErrUnauthenticated
    276. 

  276. 	}
    277. 

  277. 	user.Token = token
    278. 

  278. 	return user, nil
    279. 

  279. }
    280. 

  280. 

  281. // CreateToken generates a random token for the given user and returns it. The token expires
    282. 

  282. // after a fixed duration unless ExtendToken is called. This function also prunes tokens for the
    283. 

  283. // given user, if there are too many of them.
    284. 

  284. func (a *Manager) CreateToken(user *User) (*Token, error) {
    285. 

  285. 	token, expires := util.RandomString(tokenLength), time.Now().Add(tokenExpiryDuration)
    286. 

  286. 	tx, err := a.db.Begin()
    287. 

  287. 	if err != nil {
    288. 

  288. 		return nil, err
    289. 

  289. 	}
    290. 

  290. 	defer tx.Rollback()
    291. 

  291. 	if _, err := tx.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    292. 

  292. 		return nil, err
    293. 

  293. 	}
    294. 

  294. 	rows, err := tx.Query(selectTokenCountQuery, user.Name)
    295. 

  295. 	if err != nil {
    296. 

  296. 		return nil, err
    297. 

  297. 	}
    298. 

  298. 	defer rows.Close()
    299. 

  299. 	if !rows.Next() {
    300. 

  300. 		return nil, errNoRows
    301. 

  301. 	}
    302. 

  302. 	var tokenCount int
    303. 

  303. 	if err := rows.Scan(&tokenCount); err != nil {
    304. 

  304. 		return nil, err
    305. 

  305. 	}
    306. 

  306. 	if tokenCount >= tokenMaxCount {
    307. 

  307. 		// This pruning logic is done in two queries for efficiency. The SELECT above is a lookup
    308. 

  308. 		// on two indices, whereas the query below is a full table scan.
    309. 

  309. 		if _, err := tx.Exec(deleteExcessTokensQuery, user.Name, tokenMaxCount); err != nil {
    310. 

  310. 			return nil, err
    311. 

  311. 		}
    312. 

  312. 	}
    313. 

  313. 	if err := tx.Commit(); err != nil {
    314. 

  314. 		return nil, err
    315. 

  315. 	}
    316. 

  316. 	return &Token{
    317. 

  317. 		Value:   token,
    318. 

  318. 		Expires: expires,
    319. 

  319. 	}, nil
    320. 

  320. }
    321. 

  321. 

  322. // ExtendToken sets the new expiry date for a token, thereby extending its use further into the future.
    323. 

  323. func (a *Manager) ExtendToken(user *User) (*Token, error) {
    324. 

  324. 	if user.Token == "" {
    325. 

  325. 		return nil, errNoTokenProvided
    326. 

  326. 	}
    327. 

  327. 	newExpires := time.Now().Add(tokenExpiryDuration)
    328. 

  328. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    329. 

  329. 		return nil, err
    330. 

  330. 	}
    331. 

  331. 	return &Token{
    332. 

  332. 		Value:   user.Token,
    333. 

  333. 		Expires: newExpires,
    334. 

  334. 	}, nil
    335. 

  335. }
    336. 

  336. 

  337. // RemoveToken deletes the token defined in User.Token
    338. 

  338. func (a *Manager) RemoveToken(user *User) error {
    339. 

  339. 	if user.Token == "" {
    340. 

  340. 		return ErrUnauthorized
    341. 

  341. 	}
    342. 

  342. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    343. 

  343. 		return err
    344. 

  344. 	}
    345. 

  345. 	return nil
    346. 

  346. }
    347. 

  347. 

  348. // RemoveExpiredTokens deletes all expired tokens from the database
    349. 

  349. func (a *Manager) RemoveExpiredTokens() error {
    350. 

  350. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    351. 

  351. 		return err
    352. 

  352. 	}
    353. 

  353. 	return nil
    354. 

  354. }
    355. 

  355. 

  356. // ChangeSettings persists the user settings
    357. 

  357. func (a *Manager) ChangeSettings(user *User) error {
    358. 

  358. 	settings, err := json.Marshal(user.Prefs)
    359. 

  359. 	if err != nil {
    360. 

  360. 		return err
    361. 

  361. 	}
    362. 

  362. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    363. 

  363. 		return err
    364. 

  364. 	}
    365. 

  365. 	return nil
    366. 

  366. }
    367. 

  367. 

  368. // EnqueueStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    369. 

  369. // batches at a regular interval
    370. 

  370. func (a *Manager) EnqueueStats(user *User) {
    371. 

  371. 	a.mu.Lock()
    372. 

  372. 	defer a.mu.Unlock()
    373. 

  373. 	a.statsQueue[user.Name] = user
    374. 

  374. }
    375. 

  375. 

  376. func (a *Manager) userStatsQueueWriter(interval time.Duration) {
    377. 

  377. 	ticker := time.NewTicker(interval)
    378. 

  378. 	for range ticker.C {
    379. 

  379. 		if err := a.writeUserStatsQueue(); err != nil {
    380. 

  380. 			log.Warn("User Manager: Writing user stats queue failed: %s", err.Error())
    381. 

  381. 		}
    382. 

  382. 	}
    383. 

  383. }
    384. 

  384. 

  385. func (a *Manager) writeUserStatsQueue() error {
    386. 

  386. 	a.mu.Lock()
    387. 

  387. 	if len(a.statsQueue) == 0 {
    388. 

  388. 		a.mu.Unlock()
    389. 

  389. 		log.Trace("User Manager: No user stats updates to commit")
    390. 

  390. 		return nil
    391. 

  391. 	}
    392. 

  392. 	statsQueue := a.statsQueue
    393. 

  393. 	a.statsQueue = make(map[string]*User)
    394. 

  394. 	a.mu.Unlock()
    395. 

  395. 	tx, err := a.db.Begin()
    396. 

  396. 	if err != nil {
    397. 

  397. 		return err
    398. 

  398. 	}
    399. 

  399. 	defer tx.Rollback()
    400. 

  400. 	log.Debug("User Manager: Writing user stats queue for %d user(s)", len(statsQueue))
    401. 

  401. 	for username, u := range statsQueue {
    402. 

  402. 		log.Trace("User Manager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    403. 

  403. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    404. 

  404. 			return err
    405. 

  405. 		}
    406. 

  406. 	}
    407. 

  407. 	return tx.Commit()
    408. 

  408. }
    409. 

  409. 

  410. // Authorize returns nil if the given user has access to the given topic using the desired
    411. 

  411. // permission. The user param may be nil to signal an anonymous user.
    412. 

  412. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    413. 

  413. 	if user != nil && user.Role == RoleAdmin {
    414. 

  414. 		return nil // Admin can do everything
    415. 

  415. 	}
    416. 

  416. 	username := Everyone
    417. 

  417. 	if user != nil {
    418. 

  418. 		username = user.Name
    419. 

  419. 	}
    420. 

  420. 	// Select the read/write permissions for this user/topic combo. The query may return two
    421. 

  421. 	// rows (one for everyone, and one for the user), but prioritizes the user.
    422. 

  422. 	rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
    423. 

  423. 	if err != nil {
    424. 

  424. 		return err
    425. 

  425. 	}
    426. 

  426. 	defer rows.Close()
    427. 

  427. 	if !rows.Next() {
    428. 

  428. 		return a.resolvePerms(a.defaultAccess, perm)
    429. 

  429. 	}
    430. 

  430. 	var read, write bool
    431. 

  431. 	if err := rows.Scan(&read, &write); err != nil {
    432. 

  432. 		return err
    433. 

  433. 	} else if err := rows.Err(); err != nil {
    434. 

  434. 		return err
    435. 

  435. 	}
    436. 

  436. 	return a.resolvePerms(NewPermission(read, write), perm)
    437. 

  437. }
    438. 

  438. 

  439. func (a *Manager) resolvePerms(base, perm Permission) error {
    440. 

  440. 	if perm == PermissionRead && base.IsRead() {
    441. 

  441. 		return nil
    442. 

  442. 	} else if perm == PermissionWrite && base.IsWrite() {
    443. 

  443. 		return nil
    444. 

  444. 	}
    445. 

  445. 	return ErrUnauthorized
    446. 

  446. }
    447. 

  447. 

  448. // AddUser adds a user with the given username, password and role
    449. 

  449. func (a *Manager) AddUser(username, password string, role Role) error {
    450. 

  450. 	if !AllowedUsername(username) || !AllowedRole(role) {
    451. 

  451. 		return ErrInvalidArgument
    452. 

  452. 	}
    453. 

  453. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    454. 

  454. 	if err != nil {
    455. 

  455. 		return err
    456. 

  456. 	}
    457. 

  457. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    458. 

  458. 		return err
    459. 

  459. 	}
    460. 

  460. 	return nil
    461. 

  461. }
    462. 

  462. 

  463. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    464. 

  464. // if the user did not exist in the first place.
    465. 

  465. func (a *Manager) RemoveUser(username string) error {
    466. 

  466. 	if !AllowedUsername(username) {
    467. 

  467. 		return ErrInvalidArgument
    468. 

  468. 	}
    469. 

  469. 	// Rows in user_access, user_token, etc. are deleted via foreign keys
    470. 

  470. 	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
    471. 

  471. 		return err
    472. 

  472. 	}
    473. 

  473. 	return nil
    474. 

  474. }
    475. 

  475. 

  476. // Users returns a list of users. It always also returns the Everyone user ("*").
    477. 

  477. func (a *Manager) Users() ([]*User, error) {
    478. 

  478. 	rows, err := a.db.Query(selectUsernamesQuery)
    479. 

  479. 	if err != nil {
    480. 

  480. 		return nil, err
    481. 

  481. 	}
    482. 

  482. 	defer rows.Close()
    483. 

  483. 	usernames := make([]string, 0)
    484. 

  484. 	for rows.Next() {
    485. 

  485. 		var username string
    486. 

  486. 		if err := rows.Scan(&username); err != nil {
    487. 

  487. 			return nil, err
    488. 

  488. 		} else if err := rows.Err(); err != nil {
    489. 

  489. 			return nil, err
    490. 

  490. 		}
    491. 

  491. 		usernames = append(usernames, username)
    492. 

  492. 	}
    493. 

  493. 	rows.Close()
    494. 

  494. 	users := make([]*User, 0)
    495. 

  495. 	for _, username := range usernames {
    496. 

  496. 		user, err := a.User(username)
    497. 

  497. 		if err != nil {
    498. 

  498. 			return nil, err
    499. 

  499. 		}
    500. 

  500. 		users = append(users, user)
    501. 

  501. 	}
    502. 

  502. 	return users, nil
    503. 

  503. }
    504. 

  504. 

  505. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    506. 

  506. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    507. 

  507. func (a *Manager) User(username string) (*User, error) {
    508. 

  508. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    509. 

  509. 	if err != nil {
    510. 

  510. 		return nil, err
    511. 

  511. 	}
    512. 

  512. 	return a.readUser(rows)
    513. 

  513. }
    514. 

  514. 

  515. func (a *Manager) userByToken(token string) (*User, error) {
    516. 

  516. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    517. 

  517. 	if err != nil {
    518. 

  518. 		return nil, err
    519. 

  519. 	}
    520. 

  520. 	return a.readUser(rows)
    521. 

  521. }
    522. 

  522. 

  523. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    524. 

  524. 	defer rows.Close()
    525. 

  525. 	var username, hash, role string
    526. 

  526. 	var settings, planCode sql.NullString
    527. 

  527. 	var messages, emails int64
    528. 

  528. 	var messagesLimit, messagesExpiryDuration, emailsLimit, topicsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit, attachmentExpiryDuration sql.NullInt64
    529. 

  529. 	if !rows.Next() {
    530. 

  530. 		return nil, ErrNotFound
    531. 

  531. 	}
    532. 

  532. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &messagesExpiryDuration, &emailsLimit, &topicsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit, &attachmentExpiryDuration); err != nil {
    533. 

  533. 		return nil, err
    534. 

  534. 	} else if err := rows.Err(); err != nil {
    535. 

  535. 		return nil, err
    536. 

  536. 	}
    537. 

  537. 	user := &User{
    538. 

  538. 		Name: username,
    539. 

  539. 		Hash: hash,
    540. 

  540. 		Role: Role(role),
    541. 

  541. 		Stats: &Stats{
    542. 

  542. 			Messages: messages,
    543. 

  543. 			Emails:   emails,
    544. 

  544. 		},
    545. 

  545. 	}
    546. 

  546. 	if settings.Valid {
    547. 

  547. 		user.Prefs = &Prefs{}
    548. 

  548. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    549. 

  549. 			return nil, err
    550. 

  550. 		}
    551. 

  551. 	}
    552. 

  552. 	if planCode.Valid {
    553. 

  553. 		user.Plan = &Plan{
    554. 

  554. 			Code:                     planCode.String,
    555. 

  555. 			Upgradeable:              false,
    556. 

  556. 			MessagesLimit:            messagesLimit.Int64,
    557. 

  557. 			MessagesExpiryDuration:   messagesExpiryDuration.Int64,
    558. 

  558. 			EmailsLimit:              emailsLimit.Int64,
    559. 

  559. 			TopicsLimit:              topicsLimit.Int64,
    560. 

  560. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    561. 

  561. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    562. 

  562. 			AttachmentExpiryDuration: attachmentExpiryDuration.Int64,
    563. 

  563. 		}
    564. 

  564. 	}
    565. 

  565. 	return user, nil
    566. 

  566. }
    567. 

  567. 

  568. // Grants returns all user-specific access control entries
    569. 

  569. func (a *Manager) Grants(username string) ([]Grant, error) {
    570. 

  570. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    571. 

  571. 	if err != nil {
    572. 

  572. 		return nil, err
    573. 

  573. 	}
    574. 

  574. 	defer rows.Close()
    575. 

  575. 	grants := make([]Grant, 0)
    576. 

  576. 	for rows.Next() {
    577. 

  577. 		var topic string
    578. 

  578. 		var read, write bool
    579. 

  579. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    580. 

  580. 			return nil, err
    581. 

  581. 		} else if err := rows.Err(); err != nil {
    582. 

  582. 			return nil, err
    583. 

  583. 		}
    584. 

  584. 		grants = append(grants, Grant{
    585. 

  585. 			TopicPattern: fromSQLWildcard(topic),
    586. 

  586. 			Allow:        NewPermission(read, write),
    587. 

  587. 		})
    588. 

  588. 	}
    589. 

  589. 	return grants, nil
    590. 

  590. }
    591. 

  591. 

  592. // Reservations returns all user-owned topics, and the associated everyone-access
    593. 

  593. func (a *Manager) Reservations(username string) ([]Reservation, error) {
    594. 

  594. 	rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
    595. 

  595. 	if err != nil {
    596. 

  596. 		return nil, err
    597. 

  597. 	}
    598. 

  598. 	defer rows.Close()
    599. 

  599. 	reservations := make([]Reservation, 0)
    600. 

  600. 	for rows.Next() {
    601. 

  601. 		var topic string
    602. 

  602. 		var ownerRead, ownerWrite bool
    603. 

  603. 		var everyoneRead, everyoneWrite sql.NullBool
    604. 

  604. 		if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
    605. 

  605. 			return nil, err
    606. 

  606. 		} else if err := rows.Err(); err != nil {
    607. 

  607. 			return nil, err
    608. 

  608. 		}
    609. 

  609. 		reservations = append(reservations, Reservation{
    610. 

  610. 			Topic:    topic,
    611. 

  611. 			Owner:    NewPermission(ownerRead, ownerWrite),
    612. 

  612. 			Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
    613. 

  613. 		})
    614. 

  614. 	}
    615. 

  615. 	return reservations, nil
    616. 

  616. }
    617. 

  617. 

  618. // HasReservation returns true if the given topic access is owned by the user
    619. 

  619. func (a *Manager) HasReservation(username, topic string) (bool, error) {
    620. 

  620. 	rows, err := a.db.Query(selectUserHasReservationQuery, username, topic)
    621. 

  621. 	if err != nil {
    622. 

  622. 		return false, err
    623. 

  623. 	}
    624. 

  624. 	defer rows.Close()
    625. 

  625. 	if !rows.Next() {
    626. 

  626. 		return false, errNoRows
    627. 

  627. 	}
    628. 

  628. 	var count int64
    629. 

  629. 	if err := rows.Scan(&count); err != nil {
    630. 

  630. 		return false, err
    631. 

  631. 	}
    632. 

  632. 	return count > 0, nil
    633. 

  633. }
    634. 

  634. 

  635. // ReservationsCount returns the number of reservations owned by this user
    636. 

  636. func (a *Manager) ReservationsCount(username string) (int64, error) {
    637. 

  637. 	rows, err := a.db.Query(selectUserReservationsCountQuery, username)
    638. 

  638. 	if err != nil {
    639. 

  639. 		return 0, err
    640. 

  640. 	}
    641. 

  641. 	defer rows.Close()
    642. 

  642. 	if !rows.Next() {
    643. 

  643. 		return 0, errNoRows
    644. 

  644. 	}
    645. 

  645. 	var count int64
    646. 

  646. 	if err := rows.Scan(&count); err != nil {
    647. 

  647. 		return 0, err
    648. 

  648. 	}
    649. 

  649. 	return count, nil
    650. 

  650. }
    651. 

  651. 

  652. // ChangePassword changes a user's password
    653. 

  653. func (a *Manager) ChangePassword(username, password string) error {
    654. 

  654. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    655. 

  655. 	if err != nil {
    656. 

  656. 		return err
    657. 

  657. 	}
    658. 

  658. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    659. 

  659. 		return err
    660. 

  660. 	}
    661. 

  661. 	return nil
    662. 

  662. }
    663. 

  663. 

  664. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    665. 

  665. // all existing access control entries (Grant) are removed, since they are no longer needed.
    666. 

  666. func (a *Manager) ChangeRole(username string, role Role) error {
    667. 

  667. 	if !AllowedUsername(username) || !AllowedRole(role) {
    668. 

  668. 		return ErrInvalidArgument
    669. 

  669. 	}
    670. 

  670. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    671. 

  671. 		return err
    672. 

  672. 	}
    673. 

  673. 	if role == RoleAdmin {
    674. 

  674. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    675. 

  675. 			return err
    676. 

  676. 		}
    677. 

  677. 	}
    678. 

  678. 	return nil
    679. 

  679. }
    680. 

  680. 

  681. // CheckAllowAccess tests if a user may create an access control entry for the given topic.
    682. 

  682. // If there are any ACL entries that are not owned by the user, an error is returned.
    683. 

  683. func (a *Manager) CheckAllowAccess(username string, topic string) error {
    684. 

  684. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
    685. 

  685. 		return ErrInvalidArgument
    686. 

  686. 	}
    687. 

  687. 	rows, err := a.db.Query(selectOtherAccessCountQuery, topic, topic, username)
    688. 

  688. 	if err != nil {
    689. 

  689. 		return err
    690. 

  690. 	}
    691. 

  691. 	defer rows.Close()
    692. 

  692. 	if !rows.Next() {
    693. 

  693. 		return errNoRows
    694. 

  694. 	}
    695. 

  695. 	var otherCount int
    696. 

  696. 	if err := rows.Scan(&otherCount); err != nil {
    697. 

  697. 		return err
    698. 

  698. 	}
    699. 

  699. 	if otherCount > 0 {
    700. 

  700. 		return errTopicOwnedByOthers
    701. 

  701. 	}
    702. 

  702. 	return nil
    703. 

  703. }
    704. 

  704. 

  705. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    706. 

  706. // read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
    707. 

  707. // owner may either be a user (username), or the system (empty).
    708. 

  708. func (a *Manager) AllowAccess(owner, username string, topicPattern string, read bool, write bool) error {
    709. 

  709. 	if !AllowedUsername(username) && username != Everyone {
    710. 

  710. 		return ErrInvalidArgument
    711. 

  711. 	} else if owner != "" && !AllowedUsername(owner) {
    712. 

  712. 		return ErrInvalidArgument
    713. 

  713. 	} else if !AllowedTopicPattern(topicPattern) {
    714. 

  714. 		return ErrInvalidArgument
    715. 

  715. 	}
    716. 

  716. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write, owner, owner); err != nil {
    717. 

  717. 		return err
    718. 

  718. 	}
    719. 

  719. 	return nil
    720. 

  720. }
    721. 

  721. 

  722. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    723. 

  723. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    724. 

  724. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    725. 

  725. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    726. 

  726. 		return ErrInvalidArgument
    727. 

  727. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    728. 

  728. 		return ErrInvalidArgument
    729. 

  729. 	}
    730. 

  730. 	if username == "" && topicPattern == "" {
    731. 

  731. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    732. 

  732. 		return err
    733. 

  733. 	} else if topicPattern == "" {
    734. 

  734. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    735. 

  735. 		return err
    736. 

  736. 	}
    737. 

  737. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    738. 

  738. 	return err
    739. 

  739. }
    740. 

  740. 

  741. // DefaultAccess returns the default read/write access if no access control entry matches
    742. 

  742. func (a *Manager) DefaultAccess() Permission {
    743. 

  743. 	return a.defaultAccess
    744. 

  744. }
    745. 

  745. 

  746. func toSQLWildcard(s string) string {
    747. 

  747. 	return strings.ReplaceAll(s, "*", "%")
    748. 

  748. }
    749. 

  749. 

  750. func fromSQLWildcard(s string) string {
    751. 

  751. 	return strings.ReplaceAll(s, "%", "*")
    752. 

  752. }
    753. 

  753. 

  754. func runStartupQueries(db *sql.DB, startupQueries string) error {
    755. 

  755. 	if _, err := db.Exec(startupQueries); err != nil {
    756. 

  756. 		return err
    757. 

  757. 	}
    758. 

  758. 	if _, err := db.Exec(builtinStartupQueries); err != nil {
    759. 

  759. 		return err
    760. 

  760. 	}
    761. 

  761. 	return nil
    762. 

  762. }
    763. 

  763. 

  764. func setupDB(db *sql.DB) error {
    765. 

  765. 	// If 'schemaVersion' table does not exist, this must be a new database
    766. 

  766. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    767. 

  767. 	if err != nil {
    768. 

  768. 		return setupNewDB(db)
    769. 

  769. 	}
    770. 

  770. 	defer rowsSV.Close()
    771. 

  771. 

  772. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    773. 

  773. 	schemaVersion := 0
    774. 

  774. 	if !rowsSV.Next() {
    775. 

  775. 		return errors.New("cannot determine schema version: database file may be corrupt")
    776. 

  776. 	}
    777. 

  777. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    778. 

  778. 		return err
    779. 

  779. 	}
    780. 

  780. 	rowsSV.Close()
    781. 

  781. 

  782. 	// Do migrations
    783. 

  783. 	if schemaVersion == currentSchemaVersion {
    784. 

  784. 		return nil
    785. 

  785. 	} else if schemaVersion == 1 {
    786. 

  786. 		return migrateFrom1(db)
    787. 

  787. 	}
    788. 

  788. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    789. 

  789. }
    790. 

  790. 

  791. func setupNewDB(db *sql.DB) error {
    792. 

  792. 	if _, err := db.Exec(createTablesQueries); err != nil {
    793. 

  793. 		return err
    794. 

  794. 	}
    795. 

  795. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    796. 

  796. 		return err
    797. 

  797. 	}
    798. 

  798. 	return nil
    799. 

  799. }
    800. 

  800. 

  801. func migrateFrom1(db *sql.DB) error {
    802. 

  802. 	log.Info("Migrating user database schema: from 1 to 2")
    803. 

  803. 	tx, err := db.Begin()
    804. 

  804. 	if err != nil {
    805. 

  805. 		return err
    806. 

  806. 	}
    807. 

  807. 	defer tx.Rollback()
    808. 

  808. 	if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
    809. 

  809. 		return err
    810. 

  810. 	}
    811. 

  811. 	if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
    812. 

  812. 		return err
    813. 

  813. 	}
    814. 

  814. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    815. 

  815. 		return err
    816. 

  816. 	}
    817. 

  817. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    818. 

  818. 		return err
    819. 

  819. 	}
    820. 

  820. 	if err := tx.Commit(); err != nil {
    821. 

  821. 		return err
    822. 

  822. 	}
    823. 

  823. 	return nil // Update this when a new version is added
    824. 

  824. }
    825.