Home Explore Help
Sign In
mirrors
/
ntfy
mirror of https://github.com/binwiederhier/ntfy
1
0
Fork 0
Files Issues 0 Wiki
Tree: ac4042ca04
Branches Tags
ntfy
/
user
/
manager.go

manager.go 25 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820 
  1. package user
    2. 

  2. 

  3. import (
    4. 

  4. 	"database/sql"
    5. 

  5. 	"encoding/json"
    6. 

  6. 	"errors"
    7. 

  7. 	"fmt"
    8. 

  8. 	_ "github.com/mattn/go-sqlite3" // SQLite driver
    9. 

  9. 	"golang.org/x/crypto/bcrypt"
    10. 

  10. 	"heckel.io/ntfy/log"
    11. 

  11. 	"heckel.io/ntfy/util"
    12. 

  12. 	"strings"
    13. 

  13. 	"sync"
    14. 

  14. 	"time"
    15. 

  15. )
    16. 

  16. 

  17. const (
    18. 

  18. 	bcryptCost                   = 10
    19. 

  19. 	intentionalSlowDownHash      = "$2a$10$YFCQvqQDwIIwnJM1xkAYOeih0dg17UVGanaTStnrSzC8NCWxcLDwy" // Cost should match bcryptCost
    20. 

  20. 	userStatsQueueWriterInterval = 33 * time.Second
    21. 

  21. 	tokenLength                  = 32
    22. 

  22. 	tokenExpiryDuration          = 72 * time.Hour // Extend tokens by this much
    23. 

  23. 	tokenMaxCount                = 10             // Only keep this many tokens in the table per user
    24. 

  24. )
    25. 

  25. 

  26. var (
    27. 

  27. 	errNoTokenProvided    = errors.New("no token provided")
    28. 

  28. 	errTopicOwnedByOthers = errors.New("topic owned by others")
    29. 

  29. 	errNoRows             = errors.New("no rows found")
    30. 

  30. )
    31. 

  31. 

  32. // Manager-related queries
    33. 

  33. const (
    34. 

  34. 	createTablesQueriesNoTx = `
    35. 

  35. 		CREATE TABLE IF NOT EXISTS plan (
    36. 

  36. 			id INT NOT NULL,		
    37. 

  37. 			code TEXT NOT NULL,
    38. 

  38. 			messages_limit INT NOT NULL,
    39. 

  39. 			emails_limit INT NOT NULL,
    40. 

  40. 			topics_limit INT NOT NULL,
    41. 

  41. 			attachment_file_size_limit INT NOT NULL,
    42. 

  42. 			attachment_total_size_limit INT NOT NULL,
    43. 

  43. 			PRIMARY KEY (id)
    44. 

  44. 		);
    45. 

  45. 		CREATE TABLE IF NOT EXISTS user (
    46. 

  46. 		    id INTEGER PRIMARY KEY AUTOINCREMENT,
    47. 

  47. 			plan_id INT,
    48. 

  48. 			user TEXT NOT NULL,
    49. 

  49. 			pass TEXT NOT NULL,
    50. 

  50. 			role TEXT NOT NULL,
    51. 

  51. 			messages INT NOT NULL DEFAULT (0),
    52. 

  52. 			emails INT NOT NULL DEFAULT (0),			
    53. 

  53. 			settings JSON,
    54. 

  54. 		    FOREIGN KEY (plan_id) REFERENCES plan (id)
    55. 

  55. 		);
    56. 

  56. 		CREATE UNIQUE INDEX idx_user ON user (user);
    57. 

  57. 		CREATE TABLE IF NOT EXISTS user_access (
    58. 

  58. 			user_id INT NOT NULL,
    59. 

  59. 			topic TEXT NOT NULL,
    60. 

  60. 			read INT NOT NULL,
    61. 

  61. 			write INT NOT NULL,
    62. 

  62. 			owner_user_id INT,			
    63. 

  63. 			PRIMARY KEY (user_id, topic),
    64. 

  64. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE,
    65. 

  65. 		    FOREIGN KEY (owner_user_id) REFERENCES user (id) ON DELETE CASCADE
    66. 

  66. 		);
    67. 

  67. 		CREATE TABLE IF NOT EXISTS user_token (
    68. 

  68. 			user_id INT NOT NULL,
    69. 

  69. 			token TEXT NOT NULL,
    70. 

  70. 			expires INT NOT NULL,
    71. 

  71. 			PRIMARY KEY (user_id, token),
    72. 

  72. 			FOREIGN KEY (user_id) REFERENCES user (id) ON DELETE CASCADE
    73. 

  73. 		);
    74. 

  74. 		CREATE TABLE IF NOT EXISTS schemaVersion (
    75. 

  75. 			id INT PRIMARY KEY,
    76. 

  76. 			version INT NOT NULL
    77. 

  77. 		);
    78. 

  78. 		INSERT INTO user (id, user, pass, role) VALUES (1, '*', '', 'anonymous') ON CONFLICT (id) DO NOTHING;
    79. 

  79. 	`
    80. 

  80. 	createTablesQueries   = `BEGIN; ` + createTablesQueriesNoTx + ` COMMIT;`
    81. 

  81. 	builtinStartupQueries = `
    82. 

  82. 		PRAGMA foreign_keys = ON;
    83. 

  83. 	`
    84. 

  84. 

  85. 	selectUserByNameQuery = `
    86. 

  86. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    87. 

  87. 		FROM user u
    88. 

  88. 		LEFT JOIN plan p on p.id = u.plan_id
    89. 

  89. 		WHERE user = ?		
    90. 

  90. 	`
    91. 

  91. 	selectUserByTokenQuery = `
    92. 

  92. 		SELECT u.user, u.pass, u.role, u.messages, u.emails, u.settings, p.code, p.messages_limit, p.emails_limit, p.topics_limit, p.attachment_file_size_limit, p.attachment_total_size_limit
    93. 

  93. 		FROM user u
    94. 

  94. 		JOIN user_token t on u.id = t.user_id
    95. 

  95. 		LEFT JOIN plan p on p.id = u.plan_id
    96. 

  96. 		WHERE t.token = ? AND t.expires >= ?
    97. 

  97. 	`
    98. 

  98. 	selectTopicPermsQuery = `
    99. 

  99. 		SELECT read, write
    100. 

  100. 		FROM user_access a
    101. 

  101. 		JOIN user u ON u.id = a.user_id
    102. 

  102. 		WHERE (u.user = ? OR u.user = ?) AND ? LIKE a.topic
    103. 

  103. 		ORDER BY u.user DESC
    104. 

  104. 	`
    105. 

  105. 

  106. 	insertUserQuery      = `INSERT INTO user (user, pass, role) VALUES (?, ?, ?)`
    107. 

  107. 	selectUsernamesQuery = `
    108. 

  108. 		SELECT user 
    109. 

  109. 		FROM user 
    110. 

  110. 		ORDER BY
    111. 

  111. 			CASE role
    112. 

  112. 				WHEN 'admin' THEN 1
    113. 

  113. 				WHEN 'anonymous' THEN 3
    114. 

  114. 				ELSE 2
    115. 

  115. 			END, user
    116. 

  116. 	`
    117. 

  117. 	updateUserPassQuery     = `UPDATE user SET pass = ? WHERE user = ?`
    118. 

  118. 	updateUserRoleQuery     = `UPDATE user SET role = ? WHERE user = ?`
    119. 

  119. 	updateUserSettingsQuery = `UPDATE user SET settings = ? WHERE user = ?`
    120. 

  120. 	updateUserStatsQuery    = `UPDATE user SET messages = ?, emails = ? WHERE user = ?`
    121. 

  121. 	deleteUserQuery         = `DELETE FROM user WHERE user = ?`
    122. 

  122. 

  123. 	upsertUserAccessQuery = `
    124. 

  124. 		INSERT INTO user_access (user_id, topic, read, write, owner_user_id) 
    125. 

  125. 		VALUES ((SELECT id FROM user WHERE user = ?), ?, ?, ?, (SELECT IIF(?='',NULL,(SELECT id FROM user WHERE user=?))))
    126. 

  126. 		ON CONFLICT (user_id, topic) 
    127. 

  127. 		DO UPDATE SET read=excluded.read, write=excluded.write, owner_user_id=excluded.owner_user_id
    128. 

  128. 	`
    129. 

  129. 	selectUserAccessQuery = `
    130. 

  130. 		SELECT topic, read, write
    131. 

  131. 		FROM user_access 
    132. 

  132. 		WHERE user_id = (SELECT id FROM user WHERE user = ?) 
    133. 

  133. 		ORDER BY write DESC, read DESC, topic
    134. 

  134. 	`
    135. 

  135. 	selectUserReservationsQuery = `
    136. 

  136. 		SELECT a_user.topic, a_user.read, a_user.write, a_everyone.read AS everyone_read, a_everyone.write AS everyone_write
    137. 

  137. 		FROM user_access a_user
    138. 

  138. 		LEFT JOIN  user_access a_everyone ON a_user.topic = a_everyone.topic AND a_everyone.user_id = (SELECT id FROM user WHERE user = ?)
    139. 

  139. 		WHERE a_user.user_id = a_user.owner_user_id
    140. 

  140. 		  AND a_user.owner_user_id = (SELECT id FROM user WHERE user = ?)
    141. 

  141. 		ORDER BY a_user.topic
    142. 

  142. 	`
    143. 

  143. 	selectUserReservationsCountQuery = `
    144. 

  144. 		SELECT COUNT(*)
    145. 

  145. 		FROM user_access
    146. 

  146. 		WHERE user_id = owner_user_id AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    147. 

  147. 	`
    148. 

  148. 	selectUserHasReservationQuery = `
    149. 

  149. 		SELECT COUNT(*)
    150. 

  150. 		FROM user_access
    151. 

  151. 		WHERE user_id = owner_user_id 
    152. 

  152. 		  AND owner_user_id = (SELECT id FROM user WHERE user = ?)
    153. 

  153. 		  AND topic = ?	
    154. 

  154. 	`
    155. 

  155. 	selectOtherAccessCountQuery = `
    156. 

  156. 		SELECT COUNT(*)
    157. 

  157. 		FROM user_access
    158. 

  158. 		WHERE (topic = ? OR ? LIKE topic)
    159. 

  159. 		  AND (owner_user_id IS NULL OR owner_user_id != (SELECT id FROM user WHERE user = ?))
    160. 

  160. 	`
    161. 

  161. 	deleteAllAccessQuery   = `DELETE FROM user_access`
    162. 

  162. 	deleteUserAccessQuery  = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?)`
    163. 

  163. 	deleteTopicAccessQuery = `DELETE FROM user_access WHERE user_id = (SELECT id FROM user WHERE user = ?) AND topic = ?`
    164. 

  164. 

  165. 	selectTokenCountQuery    = `SELECT COUNT(*) FROM user_token WHERE (SELECT id FROM user WHERE user = ?)`
    166. 

  166. 	insertTokenQuery         = `INSERT INTO user_token (user_id, token, expires) VALUES ((SELECT id FROM user WHERE user = ?), ?, ?)`
    167. 

  167. 	updateTokenExpiryQuery   = `UPDATE user_token SET expires = ? WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    168. 

  168. 	deleteTokenQuery         = `DELETE FROM user_token WHERE user_id = (SELECT id FROM user WHERE user = ?) AND token = ?`
    169. 

  169. 	deleteExpiredTokensQuery = `DELETE FROM user_token WHERE expires < ?`
    170. 

  170. 	deleteExcessTokensQuery  = `
    171. 

  171. 		DELETE FROM user_token
    172. 

  172. 		WHERE (user_id, token) NOT IN (
    173. 

  173. 			SELECT user_id, token
    174. 

  174. 			FROM user_token
    175. 

  175. 			WHERE user_id = (SELECT id FROM user WHERE user = ?)
    176. 

  176. 			ORDER BY expires DESC 
    177. 

  177. 			LIMIT ?
    178. 

  178. 		)
    179. 

  179. ;
    180. 

  180. 	`
    181. 

  181. )
    182. 

  182. 

  183. // Schema management queries
    184. 

  184. const (
    185. 

  185. 	currentSchemaVersion     = 2
    186. 

  186. 	insertSchemaVersion      = `INSERT INTO schemaVersion VALUES (1, ?)`
    187. 

  187. 	updateSchemaVersion      = `UPDATE schemaVersion SET version = ? WHERE id = 1`
    188. 

  188. 	selectSchemaVersionQuery = `SELECT version FROM schemaVersion WHERE id = 1`
    189. 

  189. 

  190. 	// 1 -> 2 (complex migration!)
    191. 

  191. 	migrate1To2RenameUserTableQueryNoTx = `
    192. 

  192. 		ALTER TABLE user RENAME TO user_old;
    193. 

  193. 	`
    194. 

  194. 	migrate1To2InsertFromOldTablesAndDropNoTx = `
    195. 

  195. 		INSERT INTO user (user, pass, role) 
    196. 

  196. 		SELECT user, pass, role FROM user_old;
    197. 

  197. 

  198. 		INSERT INTO user_access (user_id, topic, read, write)
    199. 

  199. 		SELECT u.id, a.topic, a.read, a.write
    200. 

  200. 		FROM user u
    201. 

  201. 	 	JOIN access a ON u.user = a.user;
    202. 

  202. 

  203. 		DROP TABLE access;
    204. 

  204. 		DROP TABLE user_old;
    205. 

  205. 	`
    206. 

  206. )
    207. 

  207. 

  208. // Manager is an implementation of Manager. It stores users and access control list
    209. 

  209. // in a SQLite database.
    210. 

  210. type Manager struct {
    211. 

  211. 	db            *sql.DB
    212. 

  212. 	defaultAccess Permission       // Default permission if no ACL matches
    213. 

  213. 	statsQueue    map[string]*User // Username -> User, for "unimportant" user updates
    214. 

  214. 	mu            sync.Mutex
    215. 

  215. }
    216. 

  216. 

  217. var _ Auther = (*Manager)(nil)
    218. 

  218. 

  219. // NewManager creates a new Manager instance
    220. 

  220. func NewManager(filename, startupQueries string, defaultAccess Permission) (*Manager, error) {
    221. 

  221. 	return newManager(filename, startupQueries, defaultAccess, userStatsQueueWriterInterval)
    222. 

  222. }
    223. 

  223. 

  224. // NewManager creates a new Manager instance
    225. 

  225. func newManager(filename, startupQueries string, defaultAccess Permission, statsWriterInterval time.Duration) (*Manager, error) {
    226. 

  226. 	db, err := sql.Open("sqlite3", filename)
    227. 

  227. 	if err != nil {
    228. 

  228. 		return nil, err
    229. 

  229. 	}
    230. 

  230. 	if err := setupDB(db); err != nil {
    231. 

  231. 		return nil, err
    232. 

  232. 	}
    233. 

  233. 	if err := runStartupQueries(db, startupQueries); err != nil {
    234. 

  234. 		return nil, err
    235. 

  235. 	}
    236. 

  236. 	manager := &Manager{
    237. 

  237. 		db:            db,
    238. 

  238. 		defaultAccess: defaultAccess,
    239. 

  239. 		statsQueue:    make(map[string]*User),
    240. 

  240. 	}
    241. 

  241. 	go manager.userStatsQueueWriter(statsWriterInterval)
    242. 

  242. 	return manager, nil
    243. 

  243. }
    244. 

  244. 

  245. // Authenticate checks username and password and returns a User if correct. The method
    246. 

  246. // returns in constant-ish time, regardless of whether the user exists or the password is
    247. 

  247. // correct or incorrect.
    248. 

  248. func (a *Manager) Authenticate(username, password string) (*User, error) {
    249. 

  249. 	if username == Everyone {
    250. 

  250. 		return nil, ErrUnauthenticated
    251. 

  251. 	}
    252. 

  252. 	user, err := a.User(username)
    253. 

  253. 	if err != nil {
    254. 

  254. 		log.Trace("authentication of user %s failed (1): %s", username, err.Error())
    255. 

  255. 		bcrypt.CompareHashAndPassword([]byte(intentionalSlowDownHash), []byte("intentional slow-down to avoid timing attacks"))
    256. 

  256. 		return nil, ErrUnauthenticated
    257. 

  257. 	}
    258. 

  258. 	if err := bcrypt.CompareHashAndPassword([]byte(user.Hash), []byte(password)); err != nil {
    259. 

  259. 		log.Trace("authentication of user %s failed (2): %s", username, err.Error())
    260. 

  260. 		return nil, ErrUnauthenticated
    261. 

  261. 	}
    262. 

  262. 	return user, nil
    263. 

  263. }
    264. 

  264. 

  265. // AuthenticateToken checks if the token exists and returns the associated User if it does.
    266. 

  266. // The method sets the User.Token value to the token that was used for authentication.
    267. 

  267. func (a *Manager) AuthenticateToken(token string) (*User, error) {
    268. 

  268. 	if len(token) != tokenLength {
    269. 

  269. 		return nil, ErrUnauthenticated
    270. 

  270. 	}
    271. 

  271. 	user, err := a.userByToken(token)
    272. 

  272. 	if err != nil {
    273. 

  273. 		return nil, ErrUnauthenticated
    274. 

  274. 	}
    275. 

  275. 	user.Token = token
    276. 

  276. 	return user, nil
    277. 

  277. }
    278. 

  278. 

  279. // CreateToken generates a random token for the given user and returns it. The token expires
    280. 

  280. // after a fixed duration unless ExtendToken is called. This function also prunes tokens for the
    281. 

  281. // given user, if there are too many of them.
    282. 

  282. func (a *Manager) CreateToken(user *User) (*Token, error) {
    283. 

  283. 	token, expires := util.RandomString(tokenLength), time.Now().Add(tokenExpiryDuration)
    284. 

  284. 	tx, err := a.db.Begin()
    285. 

  285. 	if err != nil {
    286. 

  286. 		return nil, err
    287. 

  287. 	}
    288. 

  288. 	defer tx.Rollback()
    289. 

  289. 	if _, err := tx.Exec(insertTokenQuery, user.Name, token, expires.Unix()); err != nil {
    290. 

  290. 		return nil, err
    291. 

  291. 	}
    292. 

  292. 	rows, err := tx.Query(selectTokenCountQuery, user.Name)
    293. 

  293. 	if err != nil {
    294. 

  294. 		return nil, err
    295. 

  295. 	}
    296. 

  296. 	defer rows.Close()
    297. 

  297. 	if !rows.Next() {
    298. 

  298. 		return nil, errNoRows
    299. 

  299. 	}
    300. 

  300. 	var tokenCount int
    301. 

  301. 	if err := rows.Scan(&tokenCount); err != nil {
    302. 

  302. 		return nil, err
    303. 

  303. 	}
    304. 

  304. 	if tokenCount >= tokenMaxCount {
    305. 

  305. 		// This pruning logic is done in two queries for efficiency. The SELECT above is a lookup
    306. 

  306. 		// on two indices, whereas the query below is a full table scan.
    307. 

  307. 		if _, err := tx.Exec(deleteExcessTokensQuery, user.Name, tokenMaxCount); err != nil {
    308. 

  308. 			return nil, err
    309. 

  309. 		}
    310. 

  310. 	}
    311. 

  311. 	if err := tx.Commit(); err != nil {
    312. 

  312. 		return nil, err
    313. 

  313. 	}
    314. 

  314. 	return &Token{
    315. 

  315. 		Value:   token,
    316. 

  316. 		Expires: expires,
    317. 

  317. 	}, nil
    318. 

  318. }
    319. 

  319. 

  320. // ExtendToken sets the new expiry date for a token, thereby extending its use further into the future.
    321. 

  321. func (a *Manager) ExtendToken(user *User) (*Token, error) {
    322. 

  322. 	if user.Token == "" {
    323. 

  323. 		return nil, errNoTokenProvided
    324. 

  324. 	}
    325. 

  325. 	newExpires := time.Now().Add(tokenExpiryDuration)
    326. 

  326. 	if _, err := a.db.Exec(updateTokenExpiryQuery, newExpires.Unix(), user.Name, user.Token); err != nil {
    327. 

  327. 		return nil, err
    328. 

  328. 	}
    329. 

  329. 	return &Token{
    330. 

  330. 		Value:   user.Token,
    331. 

  331. 		Expires: newExpires,
    332. 

  332. 	}, nil
    333. 

  333. }
    334. 

  334. 

  335. // RemoveToken deletes the token defined in User.Token
    336. 

  336. func (a *Manager) RemoveToken(user *User) error {
    337. 

  337. 	if user.Token == "" {
    338. 

  338. 		return ErrUnauthorized
    339. 

  339. 	}
    340. 

  340. 	if _, err := a.db.Exec(deleteTokenQuery, user.Name, user.Token); err != nil {
    341. 

  341. 		return err
    342. 

  342. 	}
    343. 

  343. 	return nil
    344. 

  344. }
    345. 

  345. 

  346. // RemoveExpiredTokens deletes all expired tokens from the database
    347. 

  347. func (a *Manager) RemoveExpiredTokens() error {
    348. 

  348. 	if _, err := a.db.Exec(deleteExpiredTokensQuery, time.Now().Unix()); err != nil {
    349. 

  349. 		return err
    350. 

  350. 	}
    351. 

  351. 	return nil
    352. 

  352. }
    353. 

  353. 

  354. // ChangeSettings persists the user settings
    355. 

  355. func (a *Manager) ChangeSettings(user *User) error {
    356. 

  356. 	settings, err := json.Marshal(user.Prefs)
    357. 

  357. 	if err != nil {
    358. 

  358. 		return err
    359. 

  359. 	}
    360. 

  360. 	if _, err := a.db.Exec(updateUserSettingsQuery, string(settings), user.Name); err != nil {
    361. 

  361. 		return err
    362. 

  362. 	}
    363. 

  363. 	return nil
    364. 

  364. }
    365. 

  365. 

  366. // EnqueueStats adds the user to a queue which writes out user stats (messages, emails, ..) in
    367. 

  367. // batches at a regular interval
    368. 

  368. func (a *Manager) EnqueueStats(user *User) {
    369. 

  369. 	a.mu.Lock()
    370. 

  370. 	defer a.mu.Unlock()
    371. 

  371. 	a.statsQueue[user.Name] = user
    372. 

  372. }
    373. 

  373. 

  374. func (a *Manager) userStatsQueueWriter(interval time.Duration) {
    375. 

  375. 	ticker := time.NewTicker(interval)
    376. 

  376. 	for range ticker.C {
    377. 

  377. 		if err := a.writeUserStatsQueue(); err != nil {
    378. 

  378. 			log.Warn("UserManager: Writing user stats queue failed: %s", err.Error())
    379. 

  379. 		}
    380. 

  380. 	}
    381. 

  381. }
    382. 

  382. 

  383. func (a *Manager) writeUserStatsQueue() error {
    384. 

  384. 	a.mu.Lock()
    385. 

  385. 	if len(a.statsQueue) == 0 {
    386. 

  386. 		a.mu.Unlock()
    387. 

  387. 		log.Trace("UserManager: No user stats updates to commit")
    388. 

  388. 		return nil
    389. 

  389. 	}
    390. 

  390. 	statsQueue := a.statsQueue
    391. 

  391. 	a.statsQueue = make(map[string]*User)
    392. 

  392. 	a.mu.Unlock()
    393. 

  393. 	tx, err := a.db.Begin()
    394. 

  394. 	if err != nil {
    395. 

  395. 		return err
    396. 

  396. 	}
    397. 

  397. 	defer tx.Rollback()
    398. 

  398. 	log.Debug("UserManager: Writing user stats queue for %d user(s)", len(statsQueue))
    399. 

  399. 	for username, u := range statsQueue {
    400. 

  400. 		log.Trace("UserManager: Updating stats for user %s: messages=%d, emails=%d", username, u.Stats.Messages, u.Stats.Emails)
    401. 

  401. 		if _, err := tx.Exec(updateUserStatsQuery, u.Stats.Messages, u.Stats.Emails, username); err != nil {
    402. 

  402. 			return err
    403. 

  403. 		}
    404. 

  404. 	}
    405. 

  405. 	return tx.Commit()
    406. 

  406. }
    407. 

  407. 

  408. // Authorize returns nil if the given user has access to the given topic using the desired
    409. 

  409. // permission. The user param may be nil to signal an anonymous user.
    410. 

  410. func (a *Manager) Authorize(user *User, topic string, perm Permission) error {
    411. 

  411. 	if user != nil && user.Role == RoleAdmin {
    412. 

  412. 		return nil // Admin can do everything
    413. 

  413. 	}
    414. 

  414. 	username := Everyone
    415. 

  415. 	if user != nil {
    416. 

  416. 		username = user.Name
    417. 

  417. 	}
    418. 

  418. 	// Select the read/write permissions for this user/topic combo. The query may return two
    419. 

  419. 	// rows (one for everyone, and one for the user), but prioritizes the user.
    420. 

  420. 	rows, err := a.db.Query(selectTopicPermsQuery, Everyone, username, topic)
    421. 

  421. 	if err != nil {
    422. 

  422. 		return err
    423. 

  423. 	}
    424. 

  424. 	defer rows.Close()
    425. 

  425. 	if !rows.Next() {
    426. 

  426. 		return a.resolvePerms(a.defaultAccess, perm)
    427. 

  427. 	}
    428. 

  428. 	var read, write bool
    429. 

  429. 	if err := rows.Scan(&read, &write); err != nil {
    430. 

  430. 		return err
    431. 

  431. 	} else if err := rows.Err(); err != nil {
    432. 

  432. 		return err
    433. 

  433. 	}
    434. 

  434. 	return a.resolvePerms(NewPermission(read, write), perm)
    435. 

  435. }
    436. 

  436. 

  437. func (a *Manager) resolvePerms(base, perm Permission) error {
    438. 

  438. 	if perm == PermissionRead && base.IsRead() {
    439. 

  439. 		return nil
    440. 

  440. 	} else if perm == PermissionWrite && base.IsWrite() {
    441. 

  441. 		return nil
    442. 

  442. 	}
    443. 

  443. 	return ErrUnauthorized
    444. 

  444. }
    445. 

  445. 

  446. // AddUser adds a user with the given username, password and role
    447. 

  447. func (a *Manager) AddUser(username, password string, role Role) error {
    448. 

  448. 	if !AllowedUsername(username) || !AllowedRole(role) {
    449. 

  449. 		return ErrInvalidArgument
    450. 

  450. 	}
    451. 

  451. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    452. 

  452. 	if err != nil {
    453. 

  453. 		return err
    454. 

  454. 	}
    455. 

  455. 	if _, err = a.db.Exec(insertUserQuery, username, hash, role); err != nil {
    456. 

  456. 		return err
    457. 

  457. 	}
    458. 

  458. 	return nil
    459. 

  459. }
    460. 

  460. 

  461. // RemoveUser deletes the user with the given username. The function returns nil on success, even
    462. 

  462. // if the user did not exist in the first place.
    463. 

  463. func (a *Manager) RemoveUser(username string) error {
    464. 

  464. 	if !AllowedUsername(username) {
    465. 

  465. 		return ErrInvalidArgument
    466. 

  466. 	}
    467. 

  467. 	// Rows in user_access, user_token, etc. are deleted via foreign keys
    468. 

  468. 	if _, err := a.db.Exec(deleteUserQuery, username); err != nil {
    469. 

  469. 		return err
    470. 

  470. 	}
    471. 

  471. 	return nil
    472. 

  472. }
    473. 

  473. 

  474. // Users returns a list of users. It always also returns the Everyone user ("*").
    475. 

  475. func (a *Manager) Users() ([]*User, error) {
    476. 

  476. 	rows, err := a.db.Query(selectUsernamesQuery)
    477. 

  477. 	if err != nil {
    478. 

  478. 		return nil, err
    479. 

  479. 	}
    480. 

  480. 	defer rows.Close()
    481. 

  481. 	usernames := make([]string, 0)
    482. 

  482. 	for rows.Next() {
    483. 

  483. 		var username string
    484. 

  484. 		if err := rows.Scan(&username); err != nil {
    485. 

  485. 			return nil, err
    486. 

  486. 		} else if err := rows.Err(); err != nil {
    487. 

  487. 			return nil, err
    488. 

  488. 		}
    489. 

  489. 		usernames = append(usernames, username)
    490. 

  490. 	}
    491. 

  491. 	rows.Close()
    492. 

  492. 	users := make([]*User, 0)
    493. 

  493. 	for _, username := range usernames {
    494. 

  494. 		user, err := a.User(username)
    495. 

  495. 		if err != nil {
    496. 

  496. 			return nil, err
    497. 

  497. 		}
    498. 

  498. 		users = append(users, user)
    499. 

  499. 	}
    500. 

  500. 	return users, nil
    501. 

  501. }
    502. 

  502. 

  503. // User returns the user with the given username if it exists, or ErrNotFound otherwise.
    504. 

  504. // You may also pass Everyone to retrieve the anonymous user and its Grant list.
    505. 

  505. func (a *Manager) User(username string) (*User, error) {
    506. 

  506. 	rows, err := a.db.Query(selectUserByNameQuery, username)
    507. 

  507. 	if err != nil {
    508. 

  508. 		return nil, err
    509. 

  509. 	}
    510. 

  510. 	return a.readUser(rows)
    511. 

  511. }
    512. 

  512. 

  513. func (a *Manager) userByToken(token string) (*User, error) {
    514. 

  514. 	rows, err := a.db.Query(selectUserByTokenQuery, token, time.Now().Unix())
    515. 

  515. 	if err != nil {
    516. 

  516. 		return nil, err
    517. 

  517. 	}
    518. 

  518. 	return a.readUser(rows)
    519. 

  519. }
    520. 

  520. 

  521. func (a *Manager) readUser(rows *sql.Rows) (*User, error) {
    522. 

  522. 	defer rows.Close()
    523. 

  523. 	var username, hash, role string
    524. 

  524. 	var settings, planCode sql.NullString
    525. 

  525. 	var messages, emails int64
    526. 

  526. 	var messagesLimit, emailsLimit, topicsLimit, attachmentFileSizeLimit, attachmentTotalSizeLimit sql.NullInt64
    527. 

  527. 	if !rows.Next() {
    528. 

  528. 		return nil, ErrNotFound
    529. 

  529. 	}
    530. 

  530. 	if err := rows.Scan(&username, &hash, &role, &messages, &emails, &settings, &planCode, &messagesLimit, &emailsLimit, &topicsLimit, &attachmentFileSizeLimit, &attachmentTotalSizeLimit); err != nil {
    531. 

  531. 		return nil, err
    532. 

  532. 	} else if err := rows.Err(); err != nil {
    533. 

  533. 		return nil, err
    534. 

  534. 	}
    535. 

  535. 	user := &User{
    536. 

  536. 		Name: username,
    537. 

  537. 		Hash: hash,
    538. 

  538. 		Role: Role(role),
    539. 

  539. 		Stats: &Stats{
    540. 

  540. 			Messages: messages,
    541. 

  541. 			Emails:   emails,
    542. 

  542. 		},
    543. 

  543. 	}
    544. 

  544. 	if settings.Valid {
    545. 

  545. 		user.Prefs = &Prefs{}
    546. 

  546. 		if err := json.Unmarshal([]byte(settings.String), user.Prefs); err != nil {
    547. 

  547. 			return nil, err
    548. 

  548. 		}
    549. 

  549. 	}
    550. 

  550. 	if planCode.Valid {
    551. 

  551. 		user.Plan = &Plan{
    552. 

  552. 			Code:                     planCode.String,
    553. 

  553. 			Upgradeable:              false,
    554. 

  554. 			MessagesLimit:            messagesLimit.Int64,
    555. 

  555. 			EmailsLimit:              emailsLimit.Int64,
    556. 

  556. 			TopicsLimit:              topicsLimit.Int64,
    557. 

  557. 			AttachmentFileSizeLimit:  attachmentFileSizeLimit.Int64,
    558. 

  558. 			AttachmentTotalSizeLimit: attachmentTotalSizeLimit.Int64,
    559. 

  559. 		}
    560. 

  560. 	}
    561. 

  561. 	return user, nil
    562. 

  562. }
    563. 

  563. 

  564. // Grants returns all user-specific access control entries
    565. 

  565. func (a *Manager) Grants(username string) ([]Grant, error) {
    566. 

  566. 	rows, err := a.db.Query(selectUserAccessQuery, username)
    567. 

  567. 	if err != nil {
    568. 

  568. 		return nil, err
    569. 

  569. 	}
    570. 

  570. 	defer rows.Close()
    571. 

  571. 	grants := make([]Grant, 0)
    572. 

  572. 	for rows.Next() {
    573. 

  573. 		var topic string
    574. 

  574. 		var read, write bool
    575. 

  575. 		if err := rows.Scan(&topic, &read, &write); err != nil {
    576. 

  576. 			return nil, err
    577. 

  577. 		} else if err := rows.Err(); err != nil {
    578. 

  578. 			return nil, err
    579. 

  579. 		}
    580. 

  580. 		grants = append(grants, Grant{
    581. 

  581. 			TopicPattern: fromSQLWildcard(topic),
    582. 

  582. 			Allow:        NewPermission(read, write),
    583. 

  583. 		})
    584. 

  584. 	}
    585. 

  585. 	return grants, nil
    586. 

  586. }
    587. 

  587. 

  588. // Reservations returns all user-owned topics, and the associated everyone-access
    589. 

  589. func (a *Manager) Reservations(username string) ([]Reservation, error) {
    590. 

  590. 	rows, err := a.db.Query(selectUserReservationsQuery, Everyone, username)
    591. 

  591. 	if err != nil {
    592. 

  592. 		return nil, err
    593. 

  593. 	}
    594. 

  594. 	defer rows.Close()
    595. 

  595. 	reservations := make([]Reservation, 0)
    596. 

  596. 	for rows.Next() {
    597. 

  597. 		var topic string
    598. 

  598. 		var ownerRead, ownerWrite bool
    599. 

  599. 		var everyoneRead, everyoneWrite sql.NullBool
    600. 

  600. 		if err := rows.Scan(&topic, &ownerRead, &ownerWrite, &everyoneRead, &everyoneWrite); err != nil {
    601. 

  601. 			return nil, err
    602. 

  602. 		} else if err := rows.Err(); err != nil {
    603. 

  603. 			return nil, err
    604. 

  604. 		}
    605. 

  605. 		reservations = append(reservations, Reservation{
    606. 

  606. 			Topic:    topic,
    607. 

  607. 			Owner:    NewPermission(ownerRead, ownerWrite),
    608. 

  608. 			Everyone: NewPermission(everyoneRead.Bool, everyoneWrite.Bool), // false if null
    609. 

  609. 		})
    610. 

  610. 	}
    611. 

  611. 	return reservations, nil
    612. 

  612. }
    613. 

  613. 

  614. // HasReservation returns true if the given topic access is owned by the user
    615. 

  615. func (a *Manager) HasReservation(username, topic string) (bool, error) {
    616. 

  616. 	rows, err := a.db.Query(selectUserHasReservationQuery, username, topic)
    617. 

  617. 	if err != nil {
    618. 

  618. 		return false, err
    619. 

  619. 	}
    620. 

  620. 	defer rows.Close()
    621. 

  621. 	if !rows.Next() {
    622. 

  622. 		return false, errNoRows
    623. 

  623. 	}
    624. 

  624. 	var count int64
    625. 

  625. 	if err := rows.Scan(&count); err != nil {
    626. 

  626. 		return false, err
    627. 

  627. 	}
    628. 

  628. 	return count > 0, nil
    629. 

  629. }
    630. 

  630. 

  631. // ReservationsCount returns the number of reservations owned by this user
    632. 

  632. func (a *Manager) ReservationsCount(username string) (int64, error) {
    633. 

  633. 	rows, err := a.db.Query(selectUserReservationsCountQuery, username)
    634. 

  634. 	if err != nil {
    635. 

  635. 		return 0, err
    636. 

  636. 	}
    637. 

  637. 	defer rows.Close()
    638. 

  638. 	if !rows.Next() {
    639. 

  639. 		return 0, errNoRows
    640. 

  640. 	}
    641. 

  641. 	var count int64
    642. 

  642. 	if err := rows.Scan(&count); err != nil {
    643. 

  643. 		return 0, err
    644. 

  644. 	}
    645. 

  645. 	return count, nil
    646. 

  646. }
    647. 

  647. 

  648. // ChangePassword changes a user's password
    649. 

  649. func (a *Manager) ChangePassword(username, password string) error {
    650. 

  650. 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
    651. 

  651. 	if err != nil {
    652. 

  652. 		return err
    653. 

  653. 	}
    654. 

  654. 	if _, err := a.db.Exec(updateUserPassQuery, hash, username); err != nil {
    655. 

  655. 		return err
    656. 

  656. 	}
    657. 

  657. 	return nil
    658. 

  658. }
    659. 

  659. 

  660. // ChangeRole changes a user's role. When a role is changed from RoleUser to RoleAdmin,
    661. 

  661. // all existing access control entries (Grant) are removed, since they are no longer needed.
    662. 

  662. func (a *Manager) ChangeRole(username string, role Role) error {
    663. 

  663. 	if !AllowedUsername(username) || !AllowedRole(role) {
    664. 

  664. 		return ErrInvalidArgument
    665. 

  665. 	}
    666. 

  666. 	if _, err := a.db.Exec(updateUserRoleQuery, string(role), username); err != nil {
    667. 

  667. 		return err
    668. 

  668. 	}
    669. 

  669. 	if role == RoleAdmin {
    670. 

  670. 		if _, err := a.db.Exec(deleteUserAccessQuery, username); err != nil {
    671. 

  671. 			return err
    672. 

  672. 		}
    673. 

  673. 	}
    674. 

  674. 	return nil
    675. 

  675. }
    676. 

  676. 

  677. // CheckAllowAccess tests if a user may create an access control entry for the given topic.
    678. 

  678. // If there are any ACL entries that are not owned by the user, an error is returned.
    679. 

  679. func (a *Manager) CheckAllowAccess(username string, topic string) error {
    680. 

  680. 	if (!AllowedUsername(username) && username != Everyone) || !AllowedTopic(topic) {
    681. 

  681. 		return ErrInvalidArgument
    682. 

  682. 	}
    683. 

  683. 	rows, err := a.db.Query(selectOtherAccessCountQuery, topic, topic, username)
    684. 

  684. 	if err != nil {
    685. 

  685. 		return err
    686. 

  686. 	}
    687. 

  687. 	defer rows.Close()
    688. 

  688. 	if !rows.Next() {
    689. 

  689. 		return errNoRows
    690. 

  690. 	}
    691. 

  691. 	var otherCount int
    692. 

  692. 	if err := rows.Scan(&otherCount); err != nil {
    693. 

  693. 		return err
    694. 

  694. 	}
    695. 

  695. 	if otherCount > 0 {
    696. 

  696. 		return errTopicOwnedByOthers
    697. 

  697. 	}
    698. 

  698. 	return nil
    699. 

  699. }
    700. 

  700. 

  701. // AllowAccess adds or updates an entry in th access control list for a specific user. It controls
    702. 

  702. // read/write access to a topic. The parameter topicPattern may include wildcards (*). The ACL entry
    703. 

  703. // owner may either be a user (username), or the system (empty).
    704. 

  704. func (a *Manager) AllowAccess(owner, username string, topicPattern string, read bool, write bool) error {
    705. 

  705. 	if !AllowedUsername(username) && username != Everyone {
    706. 

  706. 		return ErrInvalidArgument
    707. 

  707. 	} else if owner != "" && !AllowedUsername(owner) {
    708. 

  708. 		return ErrInvalidArgument
    709. 

  709. 	} else if !AllowedTopicPattern(topicPattern) {
    710. 

  710. 		return ErrInvalidArgument
    711. 

  711. 	}
    712. 

  712. 	if _, err := a.db.Exec(upsertUserAccessQuery, username, toSQLWildcard(topicPattern), read, write, owner, owner); err != nil {
    713. 

  713. 		return err
    714. 

  714. 	}
    715. 

  715. 	return nil
    716. 

  716. }
    717. 

  717. 

  718. // ResetAccess removes an access control list entry for a specific username/topic, or (if topic is
    719. 

  719. // empty) for an entire user. The parameter topicPattern may include wildcards (*).
    720. 

  720. func (a *Manager) ResetAccess(username string, topicPattern string) error {
    721. 

  721. 	if !AllowedUsername(username) && username != Everyone && username != "" {
    722. 

  722. 		return ErrInvalidArgument
    723. 

  723. 	} else if !AllowedTopicPattern(topicPattern) && topicPattern != "" {
    724. 

  724. 		return ErrInvalidArgument
    725. 

  725. 	}
    726. 

  726. 	if username == "" && topicPattern == "" {
    727. 

  727. 		_, err := a.db.Exec(deleteAllAccessQuery, username)
    728. 

  728. 		return err
    729. 

  729. 	} else if topicPattern == "" {
    730. 

  730. 		_, err := a.db.Exec(deleteUserAccessQuery, username)
    731. 

  731. 		return err
    732. 

  732. 	}
    733. 

  733. 	_, err := a.db.Exec(deleteTopicAccessQuery, username, toSQLWildcard(topicPattern))
    734. 

  734. 	return err
    735. 

  735. }
    736. 

  736. 

  737. // DefaultAccess returns the default read/write access if no access control entry matches
    738. 

  738. func (a *Manager) DefaultAccess() Permission {
    739. 

  739. 	return a.defaultAccess
    740. 

  740. }
    741. 

  741. 

  742. func toSQLWildcard(s string) string {
    743. 

  743. 	return strings.ReplaceAll(s, "*", "%")
    744. 

  744. }
    745. 

  745. 

  746. func fromSQLWildcard(s string) string {
    747. 

  747. 	return strings.ReplaceAll(s, "%", "*")
    748. 

  748. }
    749. 

  749. 

  750. func runStartupQueries(db *sql.DB, startupQueries string) error {
    751. 

  751. 	if _, err := db.Exec(startupQueries); err != nil {
    752. 

  752. 		return err
    753. 

  753. 	}
    754. 

  754. 	if _, err := db.Exec(builtinStartupQueries); err != nil {
    755. 

  755. 		return err
    756. 

  756. 	}
    757. 

  757. 	return nil
    758. 

  758. }
    759. 

  759. 

  760. func setupDB(db *sql.DB) error {
    761. 

  761. 	// If 'schemaVersion' table does not exist, this must be a new database
    762. 

  762. 	rowsSV, err := db.Query(selectSchemaVersionQuery)
    763. 

  763. 	if err != nil {
    764. 

  764. 		return setupNewDB(db)
    765. 

  765. 	}
    766. 

  766. 	defer rowsSV.Close()
    767. 

  767. 

  768. 	// If 'schemaVersion' table exists, read version and potentially upgrade
    769. 

  769. 	schemaVersion := 0
    770. 

  770. 	if !rowsSV.Next() {
    771. 

  771. 		return errors.New("cannot determine schema version: database file may be corrupt")
    772. 

  772. 	}
    773. 

  773. 	if err := rowsSV.Scan(&schemaVersion); err != nil {
    774. 

  774. 		return err
    775. 

  775. 	}
    776. 

  776. 	rowsSV.Close()
    777. 

  777. 

  778. 	// Do migrations
    779. 

  779. 	if schemaVersion == currentSchemaVersion {
    780. 

  780. 		return nil
    781. 

  781. 	} else if schemaVersion == 1 {
    782. 

  782. 		return migrateFrom1(db)
    783. 

  783. 	}
    784. 

  784. 	return fmt.Errorf("unexpected schema version found: %d", schemaVersion)
    785. 

  785. }
    786. 

  786. 

  787. func setupNewDB(db *sql.DB) error {
    788. 

  788. 	if _, err := db.Exec(createTablesQueries); err != nil {
    789. 

  789. 		return err
    790. 

  790. 	}
    791. 

  791. 	if _, err := db.Exec(insertSchemaVersion, currentSchemaVersion); err != nil {
    792. 

  792. 		return err
    793. 

  793. 	}
    794. 

  794. 	return nil
    795. 

  795. }
    796. 

  796. 

  797. func migrateFrom1(db *sql.DB) error {
    798. 

  798. 	log.Info("Migrating user database schema: from 1 to 2")
    799. 

  799. 	tx, err := db.Begin()
    800. 

  800. 	if err != nil {
    801. 

  801. 		return err
    802. 

  802. 	}
    803. 

  803. 	defer tx.Rollback()
    804. 

  804. 	if _, err := tx.Exec(migrate1To2RenameUserTableQueryNoTx); err != nil {
    805. 

  805. 		return err
    806. 

  806. 	}
    807. 

  807. 	if _, err := tx.Exec(createTablesQueriesNoTx); err != nil {
    808. 

  808. 		return err
    809. 

  809. 	}
    810. 

  810. 	if _, err := tx.Exec(migrate1To2InsertFromOldTablesAndDropNoTx); err != nil {
    811. 

  811. 		return err
    812. 

  812. 	}
    813. 

  813. 	if _, err := tx.Exec(updateSchemaVersion, 2); err != nil {
    814. 

  814. 		return err
    815. 

  815. 	}
    816. 

  816. 	if err := tx.Commit(); err != nil {
    817. 

  817. 		return err
    818. 

  818. 	}
    819. 

  819. 	return nil // Update this when a new version is added
    820. 

  820. }
    821.