Accueil Explorer Aide
Connexion
jds
/
gogs
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: a328e7ccc4
Branches Tags
gogs
/
internal
/
db
/
access_tokens.go

access_tokens.go 4.8 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package db
    6. 

  6. 

  7. import (
    8. 

  8. 	"fmt"
    9. 

  9. 	"time"
    10. 

  10. 

  11. 	gouuid "github.com/satori/go.uuid"
    12. 

  12. 	"gorm.io/gorm"
    13. 

  13. 

  14. 	"gogs.io/gogs/internal/cryptoutil"
    15. 

  15. 	"gogs.io/gogs/internal/errutil"
    16. 

  16. )
    17. 

  17. 

  18. // AccessTokensStore is the persistent interface for access tokens.
    19. 

  19. //
    20. 

  20. // NOTE: All methods are sorted in alphabetical order.
    21. 

  21. type AccessTokensStore interface {
    22. 

  22. 	// Create creates a new access token and persist to database.
    23. 

  23. 	// It returns ErrAccessTokenAlreadyExist when an access token
    24. 

  24. 	// with same name already exists for the user.
    25. 

  25. 	Create(userID int64, name string) (*AccessToken, error)
    26. 

  26. 	// DeleteByID deletes the access token by given ID.
    27. 

  27. 	// 🚨 SECURITY: The "userID" is required to prevent attacker
    28. 

  28. 	// deletes arbitrary access token that belongs to another user.
    29. 

  29. 	DeleteByID(userID, id int64) error
    30. 

  30. 	// GetBySHA1 returns the access token with given SHA1.
    31. 

  31. 	// It returns ErrAccessTokenNotExist when not found.
    32. 

  32. 	GetBySHA1(sha1 string) (*AccessToken, error)
    33. 

  33. 	// List returns all access tokens belongs to given user.
    34. 

  34. 	List(userID int64) ([]*AccessToken, error)
    35. 

  35. 	// Save persists all values of given access token.
    36. 

  36. 	// The Updated field is set to current time automatically.
    37. 

  37. 	Save(t *AccessToken) error
    38. 

  38. }
    39. 

  39. 

  40. var AccessTokens AccessTokensStore
    41. 

  41. 

  42. // AccessToken is a personal access token.
    43. 

  43. type AccessToken struct {
    44. 

  44. 	ID     int64
    45. 

  45. 	UserID int64 `xorm:"uid INDEX" gorm:"COLUMN:uid;INDEX"`
    46. 

  46. 	Name   string
    47. 

  47. 	Sha1   string `xorm:"UNIQUE VARCHAR(40)" gorm:"TYPE:VARCHAR(40);UNIQUE"`
    48. 

  48. 	SHA256 string `gorm:"type:VARCHAR(64);unique;not null"`
    49. 

  49. 

  50. 	Created           time.Time `xorm:"-" gorm:"-" json:"-"`
    51. 

  51. 	CreatedUnix       int64
    52. 

  52. 	Updated           time.Time `xorm:"-" gorm:"-" json:"-"`
    53. 

  53. 	UpdatedUnix       int64
    54. 

  54. 	HasRecentActivity bool `xorm:"-" gorm:"-" json:"-"`
    55. 

  55. 	HasUsed           bool `xorm:"-" gorm:"-" json:"-"`
    56. 

  56. }
    57. 

  57. 

  58. // BeforeCreate implements the GORM create hook.
    59. 

  59. func (t *AccessToken) BeforeCreate(tx *gorm.DB) error {
    60. 

  60. 	if t.CreatedUnix == 0 {
    61. 

  61. 		t.CreatedUnix = tx.NowFunc().Unix()
    62. 

  62. 	}
    63. 

  63. 	return nil
    64. 

  64. }
    65. 

  65. 

  66. // BeforeUpdate implements the GORM update hook.
    67. 

  67. func (t *AccessToken) BeforeUpdate(tx *gorm.DB) error {
    68. 

  68. 	t.UpdatedUnix = tx.NowFunc().Unix()
    69. 

  69. 	return nil
    70. 

  70. }
    71. 

  71. 

  72. // AfterFind implements the GORM query hook.
    73. 

  73. func (t *AccessToken) AfterFind(tx *gorm.DB) error {
    74. 

  74. 	t.Created = time.Unix(t.CreatedUnix, 0).Local()
    75. 

  75. 	t.Updated = time.Unix(t.UpdatedUnix, 0).Local()
    76. 

  76. 	t.HasUsed = t.Updated.After(t.Created)
    77. 

  77. 	t.HasRecentActivity = t.Updated.Add(7 * 24 * time.Hour).After(tx.NowFunc())
    78. 

  78. 	return nil
    79. 

  79. }
    80. 

  80. 

  81. var _ AccessTokensStore = (*accessTokens)(nil)
    82. 

  82. 

  83. type accessTokens struct {
    84. 

  84. 	*gorm.DB
    85. 

  85. }
    86. 

  86. 

  87. type ErrAccessTokenAlreadyExist struct {
    88. 

  88. 	args errutil.Args
    89. 

  89. }
    90. 

  90. 

  91. func IsErrAccessTokenAlreadyExist(err error) bool {
    92. 

  92. 	_, ok := err.(ErrAccessTokenAlreadyExist)
    93. 

  93. 	return ok
    94. 

  94. }
    95. 

  95. 

  96. func (err ErrAccessTokenAlreadyExist) Error() string {
    97. 

  97. 	return fmt.Sprintf("access token already exists: %v", err.args)
    98. 

  98. }
    99. 

  99. 

  100. func (db *accessTokens) Create(userID int64, name string) (*AccessToken, error) {
    101. 

  101. 	err := db.Where("uid = ? AND name = ?", userID, name).First(new(AccessToken)).Error
    102. 

  102. 	if err == nil {
    103. 

  103. 		return nil, ErrAccessTokenAlreadyExist{args: errutil.Args{"userID": userID, "name": name}}
    104. 

  104. 	} else if err != gorm.ErrRecordNotFound {
    105. 

  105. 		return nil, err
    106. 

  106. 	}
    107. 

  107. 

  108. 	token := cryptoutil.SHA1(gouuid.NewV4().String())
    109. 

  109. 	sha256 := cryptoutil.SHA256(token)
    110. 

  110. 

  111. 	accessToken := &AccessToken{
    112. 

  112. 		UserID: userID,
    113. 

  113. 		Name:   name,
    114. 

  114. 		Sha1:   sha256[:40], // To pass the column unique constraint, keep the length of SHA1.
    115. 

  115. 		SHA256: sha256,
    116. 

  116. 	}
    117. 

  117. 	if err = db.DB.Create(accessToken).Error; err != nil {
    118. 

  118. 		return nil, err
    119. 

  119. 	}
    120. 

  120. 

  121. 	// Set back the raw access token value, for the sake of the caller.
    122. 

  122. 	accessToken.Sha1 = token
    123. 

  123. 	return accessToken, nil
    124. 

  124. }
    125. 

  125. 

  126. func (db *accessTokens) DeleteByID(userID, id int64) error {
    127. 

  127. 	return db.Where("id = ? AND uid = ?", id, userID).Delete(new(AccessToken)).Error
    128. 

  128. }
    129. 

  129. 

  130. var _ errutil.NotFound = (*ErrAccessTokenNotExist)(nil)
    131. 

  131. 

  132. type ErrAccessTokenNotExist struct {
    133. 

  133. 	args errutil.Args
    134. 

  134. }
    135. 

  135. 

  136. func IsErrAccessTokenNotExist(err error) bool {
    137. 

  137. 	_, ok := err.(ErrAccessTokenNotExist)
    138. 

  138. 	return ok
    139. 

  139. }
    140. 

  140. 

  141. func (err ErrAccessTokenNotExist) Error() string {
    142. 

  142. 	return fmt.Sprintf("access token does not exist: %v", err.args)
    143. 

  143. }
    144. 

  144. 

  145. func (ErrAccessTokenNotExist) NotFound() bool {
    146. 

  146. 	return true
    147. 

  147. }
    148. 

  148. 

  149. func (db *accessTokens) GetBySHA1(sha1 string) (*AccessToken, error) {
    150. 

  150. 	sha256 := cryptoutil.SHA256(sha1)
    151. 

  151. 	token := new(AccessToken)
    152. 

  152. 	err := db.Where("sha256 = ?", sha256).First(token).Error
    153. 

  153. 	if err != nil {
    154. 

  154. 		if err == gorm.ErrRecordNotFound {
    155. 

  155. 			return nil, ErrAccessTokenNotExist{args: errutil.Args{"sha": sha1}}
    156. 

  156. 		}
    157. 

  157. 		return nil, err
    158. 

  158. 	}
    159. 

  159. 	return token, nil
    160. 

  160. }
    161. 

  161. 

  162. func (db *accessTokens) List(userID int64) ([]*AccessToken, error) {
    163. 

  163. 	var tokens []*AccessToken
    164. 

  164. 	return tokens, db.Where("uid = ?", userID).Order("id ASC").Find(&tokens).Error
    165. 

  165. }
    166. 

  166. 

  167. func (db *accessTokens) Save(t *AccessToken) error {
    168. 

  168. 	return db.DB.Save(t).Error
    169. 

  169. }
    170.