2023-09-06 22:20:09 +01:00
package database
import (
"database/sql"
"fmt"
"github.com/1f349/tulip/password"
"github.com/go-oauth2/oauth2/v4"
"github.com/google/uuid"
"time"
)
2023-09-07 16:34:51 +01:00
func updatedAt ( ) string {
return time . Now ( ) . UTC ( ) . Format ( time . DateTime )
}
2023-09-06 22:20:09 +01:00
type Tx struct { tx * sql . Tx }
func ( t * Tx ) Commit ( ) error {
return t . tx . Commit ( )
}
func ( t * Tx ) Rollback ( ) {
_ = t . tx . Rollback ( )
}
func ( t * Tx ) HasUser ( ) error {
var exists bool
row := t . tx . QueryRow ( ` SELECT EXISTS(SELECT 1 FROM users) ` )
err := row . Scan ( & exists )
if err != nil {
return err
}
if ! exists {
return sql . ErrNoRows
}
return nil
}
2023-10-10 18:06:43 +01:00
func ( t * Tx ) InsertUser ( name , un , pw , email string , verifyEmail bool , role UserRole , active bool ) ( uuid . UUID , error ) {
2023-09-06 22:20:09 +01:00
pwHash , err := password . HashPassword ( pw )
if err != nil {
2023-09-24 18:24:16 +01:00
return uuid . UUID { } , err
2023-09-06 22:20:09 +01:00
}
2023-09-24 18:24:16 +01:00
u := uuid . New ( )
2023-10-10 18:06:43 +01:00
_ , err = t . tx . Exec ( ` INSERT INTO users (subject, name, username, password, email, email_verified, role, updated_at, active) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) ` , u , name , un , pwHash , email , verifyEmail , role , updatedAt ( ) , active )
2023-09-24 18:24:16 +01:00
return u , err
2023-09-06 22:20:09 +01:00
}
2023-09-24 18:24:16 +01:00
func ( t * Tx ) CheckLogin ( un , pw string ) ( * User , bool , bool , error ) {
2023-09-06 22:20:09 +01:00
var u User
2023-09-29 16:37:23 +01:00
var pwHash password . HashString
2023-09-24 18:24:16 +01:00
var hasOtp , hasVerify bool
row := t . tx . QueryRow ( ` SELECT subject, password, EXISTS(SELECT 1 FROM otp WHERE otp.subject = users.subject), email, email_verified FROM users WHERE username = ? ` , un )
2023-09-29 16:37:23 +01:00
err := row . Scan ( & u . Sub , & pwHash , & hasOtp , & u . Email , & hasVerify )
2023-09-06 22:20:09 +01:00
if err != nil {
2023-09-24 18:24:16 +01:00
return nil , false , false , err
2023-09-06 22:20:09 +01:00
}
2023-09-29 16:37:23 +01:00
err = password . CheckPasswordHash ( pwHash , pw )
2023-09-24 18:24:16 +01:00
return & u , hasOtp , hasVerify , err
2023-09-06 22:20:09 +01:00
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetUserDisplayName ( sub string ) ( * User , error ) {
2023-09-06 22:20:09 +01:00
var u User
2024-02-09 15:24:40 +00:00
row := t . tx . QueryRow ( ` SELECT name FROM users WHERE subject = ? LIMIT 1 ` , sub )
2023-09-06 22:20:09 +01:00
err := row . Scan ( & u . Name )
u . Sub = sub
return & u , err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetUserRole ( sub string ) ( UserRole , error ) {
2023-09-15 13:06:31 +01:00
var r UserRole
2024-02-09 15:24:40 +00:00
row := t . tx . QueryRow ( ` SELECT role FROM users WHERE subject = ? LIMIT 1 ` , sub )
2023-09-15 13:06:31 +01:00
err := row . Scan ( & r )
return r , err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetUser ( sub string ) ( * User , error ) {
2023-09-06 22:20:09 +01:00
var u User
2024-02-09 15:24:40 +00:00
row := t . tx . QueryRow ( ` SELECT name, username, picture, website, email, email_verified, pronouns, birthdate, zoneinfo, locale, updated_at, active FROM users WHERE subject = ? ` , sub )
2023-09-29 16:37:23 +01:00
err := row . Scan ( & u . Name , & u . Username , & u . Picture , & u . Website , & u . Email , & u . EmailVerified , & u . Pronouns , & u . Birthdate , & u . ZoneInfo , & u . Locale , & u . UpdatedAt , & u . Active )
2023-09-06 22:20:09 +01:00
u . Sub = sub
return & u , err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetUserEmail ( sub string ) ( string , error ) {
2023-09-09 01:38:10 +01:00
var email string
2024-02-09 15:24:40 +00:00
row := t . tx . QueryRow ( ` SELECT email FROM users WHERE subject = ? ` , sub )
2023-09-09 01:38:10 +01:00
err := row . Scan ( & email )
return email , err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) ChangeUserPassword ( sub , pwOld , pwNew string ) error {
2023-09-06 22:20:09 +01:00
q , err := t . tx . Query ( ` SELECT password FROM users WHERE subject = ? ` , sub )
if err != nil {
return err
}
2023-09-29 16:37:23 +01:00
var pwHash password . HashString
2023-09-06 22:20:09 +01:00
if q . Next ( ) {
err = q . Scan ( & pwHash )
if err != nil {
return err
}
} else {
return fmt . Errorf ( "invalid user" )
}
if err := q . Err ( ) ; err != nil {
return err
}
if err := q . Close ( ) ; err != nil {
return err
}
err = password . CheckPasswordHash ( pwHash , pwOld )
if err != nil {
return err
}
pwNewHash , err := password . HashPassword ( pwNew )
if err != nil {
return err
}
2023-09-07 16:34:51 +01:00
exec , err := t . tx . Exec ( ` UPDATE users SET password = ?, updated_at = ? WHERE subject = ? AND password = ? ` , pwNewHash , updatedAt ( ) , sub , pwHash )
2023-09-06 22:20:09 +01:00
if err != nil {
return err
}
affected , err := exec . RowsAffected ( )
if err != nil {
return err
}
if affected != 1 {
return fmt . Errorf ( "row wasn't updated" )
}
return nil
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) ModifyUser ( sub string , v * UserPatch ) error {
2023-09-06 22:20:09 +01:00
exec , err := t . tx . Exec (
` UPDATE users
2023-09-07 11:45:16 +01:00
SET name = ? ,
picture = ? ,
website = ? ,
pronouns = ? ,
birthdate = ? ,
zoneinfo = ? ,
locale = ? ,
2023-09-06 22:20:09 +01:00
updated_at = ?
WHERE subject = ? ` ,
v . Name ,
2023-09-07 11:45:16 +01:00
v . Picture ,
v . Website ,
2023-09-06 22:20:09 +01:00
v . Pronouns . String ( ) ,
2023-09-07 11:45:16 +01:00
v . Birthdate ,
2023-09-06 22:20:09 +01:00
v . ZoneInfo . String ( ) ,
v . Locale . String ( ) ,
2023-09-07 16:34:51 +01:00
updatedAt ( ) ,
2023-09-06 22:20:09 +01:00
sub ,
)
if err != nil {
return err
}
affected , err := exec . RowsAffected ( )
if err != nil {
return err
}
if affected != 1 {
return fmt . Errorf ( "row wasn't updated" )
}
return nil
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) SetTwoFactor ( sub string , secret string , digits int ) error {
2023-12-17 15:28:00 +00:00
if secret == "" && digits == 0 {
2024-02-09 15:24:40 +00:00
_ , err := t . tx . Exec ( ` DELETE FROM otp WHERE otp.subject = ? ` , sub )
2023-12-17 15:28:00 +00:00
return err
}
2024-02-09 15:24:40 +00:00
_ , err := t . tx . Exec ( ` INSERT INTO otp(subject, secret, digits) VALUES (?, ?, ?) ON CONFLICT(subject) DO UPDATE SET secret = excluded.secret, digits = excluded.digits ` , sub , secret , digits )
2023-09-09 01:38:10 +01:00
return err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetTwoFactor ( sub string ) ( string , int , error ) {
2023-10-16 16:47:18 +01:00
var secret string
var digits int
2024-02-09 15:24:40 +00:00
row := t . tx . QueryRow ( ` SELECT secret, digits FROM otp WHERE subject = ? ` , sub )
2023-10-16 16:47:18 +01:00
err := row . Scan ( & secret , & digits )
2023-09-09 01:38:10 +01:00
if err != nil {
2023-10-16 16:47:18 +01:00
return "" , 0 , err
2023-09-09 01:38:10 +01:00
}
2023-10-16 16:47:18 +01:00
return secret , digits , nil
2023-09-09 01:38:10 +01:00
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) HasTwoFactor ( sub string ) ( bool , error ) {
2023-09-15 13:06:31 +01:00
var hasOtp bool
row := t . tx . QueryRow ( ` SELECT EXISTS(SELECT 1 FROM otp WHERE otp.subject = ?) ` , sub )
err := row . Scan ( & hasOtp )
if err != nil {
return false , err
}
return hasOtp , row . Err ( )
}
2023-09-06 22:20:09 +01:00
func ( t * Tx ) GetClientInfo ( sub string ) ( oauth2 . ClientInfo , error ) {
2023-09-15 13:06:31 +01:00
var u ClientInfoDbOutput
2024-02-08 01:16:46 +00:00
row := t . tx . QueryRow ( ` SELECT secret, name, domain, public, sso, active FROM client_store WHERE subject = ? LIMIT 1 ` , sub )
err := row . Scan ( & u . Secret , & u . Name , & u . Domain , & u . Public , & u . SSO , & u . Active )
2023-09-15 13:06:31 +01:00
u . Owner = sub
if ! u . Active {
2023-09-09 01:38:10 +01:00
return nil , fmt . Errorf ( "client is not active" )
}
2023-09-06 22:20:09 +01:00
return & u , err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) GetAppList ( owner string , admin bool , offset int ) ( [ ] ClientInfoDbOutput , error ) {
2023-09-15 13:06:31 +01:00
var u [ ] ClientInfoDbOutput
2024-02-09 15:24:40 +00:00
row , err := t . tx . Query ( ` SELECT subject, name, domain, owner, public, sso, active FROM client_store WHERE owner = ? OR ? = 1 LIMIT 25 OFFSET ? ` , owner , admin , offset )
2023-09-15 13:06:31 +01:00
if err != nil {
return nil , err
}
defer row . Close ( )
for row . Next ( ) {
var a ClientInfoDbOutput
2024-02-08 01:16:46 +00:00
err := row . Scan ( & a . Sub , & a . Name , & a . Domain , & a . Owner , & a . Public , & a . SSO , & a . Active )
2023-09-15 13:06:31 +01:00
if err != nil {
return nil , err
}
u = append ( u , a )
}
return u , row . Err ( )
2023-09-06 22:20:09 +01:00
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) InsertClientApp ( name , domain string , public , sso , active bool , owner string ) error {
2023-09-15 13:06:31 +01:00
u := uuid . New ( )
secret , err := password . GenerateApiSecret ( 70 )
if err != nil {
return err
}
2024-02-09 15:24:40 +00:00
_ , err = t . tx . Exec ( ` INSERT INTO client_store (subject, name, secret, domain, owner, public, sso, active) VALUES (?, ?, ?, ?, ?, ?, ?, ?) ` , u . String ( ) , name , secret , domain , owner , public , sso , active )
2023-09-15 13:06:31 +01:00
return err
}
2023-09-09 01:38:10 +01:00
2024-02-09 15:24:40 +00:00
func ( t * Tx ) UpdateClientApp ( subject , owner string , name , domain string , public , sso , active bool ) error {
_ , err := t . tx . Exec ( ` UPDATE client_store SET name = ?, domain = ?, public = ?, sso = ?, active = ? WHERE subject = ? AND owner = ? ` , name , domain , public , sso , active , subject , owner )
2023-09-15 13:06:31 +01:00
return err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) ResetClientAppSecret ( subject , owner string ) ( string , error ) {
2023-09-15 13:06:31 +01:00
secret , err := password . GenerateApiSecret ( 70 )
if err != nil {
2023-10-10 18:06:43 +01:00
return "" , err
2023-09-15 13:06:31 +01:00
}
2024-02-09 15:24:40 +00:00
_ , err = t . tx . Exec ( ` UPDATE client_store SET secret = ? WHERE subject = ? AND owner = ? ` , secret , subject , owner )
2023-10-10 18:06:43 +01:00
return secret , err
2023-09-15 13:06:31 +01:00
}
func ( t * Tx ) GetUserList ( offset int ) ( [ ] User , error ) {
var u [ ] User
row , err := t . tx . Query ( ` SELECT subject, name, username, picture, website, email, email_verified, pronouns, birthdate, zoneinfo, locale, role, updated_at, active FROM users LIMIT 25 OFFSET ? ` , offset )
if err != nil {
return nil , err
}
for row . Next ( ) {
var a User
err := row . Scan ( & a . Sub , & a . Name , & a . Username , & a . Picture , & a . Website , & a . Email , & a . EmailVerified , & a . Pronouns , & a . Birthdate , & a . ZoneInfo , & a . Locale , & a . Role , & a . UpdatedAt , & a . Active )
if err != nil {
return nil , err
}
u = append ( u , a )
}
return u , row . Err ( )
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) UpdateUser ( subject string , role UserRole , active bool ) error {
2023-09-15 13:06:31 +01:00
_ , err := t . tx . Exec ( ` UPDATE users SET active = ?, role = ? WHERE subject = ? ` , active , role , subject )
return err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) VerifyUserEmail ( sub string ) error {
_ , err := t . tx . Exec ( ` UPDATE users SET email_verified = 1 WHERE subject = ? ` , sub )
2023-09-24 18:24:16 +01:00
return err
}
2024-02-09 15:24:40 +00:00
func ( t * Tx ) UserResetPassword ( sub string , pw string ) error {
2023-09-29 16:37:23 +01:00
hashPassword , err := password . HashPassword ( pw )
if err != nil {
return err
}
2024-02-09 15:24:40 +00:00
exec , err := t . tx . Exec ( ` UPDATE users SET password = ?, updated_at = ? WHERE subject = ? ` , hashPassword , updatedAt ( ) , sub )
2023-09-29 16:37:23 +01:00
if err != nil {
return err
}
affected , err := exec . RowsAffected ( )
if err != nil {
return err
}
if affected != 1 {
return fmt . Errorf ( "row wasn't updated" )
}
return nil
}
func ( t * Tx ) UserEmailExists ( email string ) ( exists bool , err error ) {
row := t . tx . QueryRow ( ` SELECT EXISTS(SELECT 1 FROM users WHERE email = ? and email_verified = 1) ` , email )
err = row . Scan ( & exists )
return
2023-09-15 13:06:31 +01:00
}