user.go 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
  2. // SPDX-License-Identifier: Apache-2.0
  3. package storage // import "miniflux.app/v2/internal/storage"
  4. import (
  5. "database/sql"
  6. "fmt"
  7. "log/slog"
  8. "runtime"
  9. "strings"
  10. "miniflux.app/v2/internal/crypto"
  11. "miniflux.app/v2/internal/model"
  12. "github.com/lib/pq"
  13. "golang.org/x/crypto/bcrypt"
  14. )
  15. // CountUsers returns the total number of users.
  16. func (s *Storage) CountUsers() int {
  17. var result int
  18. err := s.db.QueryRow(`SELECT count(*) FROM users`).Scan(&result)
  19. if err != nil {
  20. return 0
  21. }
  22. return result
  23. }
  24. // SetLastLogin updates the last login date of a user.
  25. func (s *Storage) SetLastLogin(userID int64) error {
  26. query := `UPDATE users SET last_login_at=now() WHERE id=$1`
  27. _, err := s.db.Exec(query, userID)
  28. if err != nil {
  29. return fmt.Errorf(`store: unable to update last login date: %v`, err)
  30. }
  31. return nil
  32. }
  33. // UserExists checks if a user exists by using the given username.
  34. func (s *Storage) UserExists(username string) bool {
  35. var result bool
  36. s.db.QueryRow(`SELECT true FROM users WHERE username=LOWER($1)`, username).Scan(&result)
  37. return result
  38. }
  39. // AnotherUserExists checks if another user exists with the given username.
  40. func (s *Storage) AnotherUserExists(userID int64, username string) bool {
  41. var result bool
  42. s.db.QueryRow(`SELECT true FROM users WHERE id != $1 AND username=LOWER($2)`, userID, username).Scan(&result)
  43. return result
  44. }
  45. // CreateUser creates a new user.
  46. func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*model.User, error) {
  47. var hashedPassword string
  48. if userCreationRequest.Password != "" {
  49. var err error
  50. hashedPassword, err = crypto.HashPassword(userCreationRequest.Password)
  51. if err != nil {
  52. return nil, err
  53. }
  54. }
  55. query := `
  56. INSERT INTO users
  57. (username, password, is_admin, google_id, openid_connect_id)
  58. VALUES
  59. (LOWER($1), $2, $3, $4, $5)
  60. RETURNING
  61. id,
  62. username,
  63. is_admin,
  64. language,
  65. theme,
  66. timezone,
  67. entry_direction,
  68. entries_per_page,
  69. keyboard_shortcuts,
  70. show_reading_time,
  71. entry_swipe,
  72. gesture_nav,
  73. stylesheet,
  74. google_id,
  75. openid_connect_id,
  76. display_mode,
  77. entry_order,
  78. default_reading_speed,
  79. cjk_reading_speed,
  80. default_home_page,
  81. categories_sorting_order,
  82. mark_read_on_view,
  83. media_playback_rate,
  84. block_filter_entry_rules,
  85. keep_filter_entry_rules
  86. `
  87. tx, err := s.db.Begin()
  88. if err != nil {
  89. return nil, fmt.Errorf(`store: unable to start transaction: %v`, err)
  90. }
  91. var user model.User
  92. err = tx.QueryRow(
  93. query,
  94. userCreationRequest.Username,
  95. hashedPassword,
  96. userCreationRequest.IsAdmin,
  97. userCreationRequest.GoogleID,
  98. userCreationRequest.OpenIDConnectID,
  99. ).Scan(
  100. &user.ID,
  101. &user.Username,
  102. &user.IsAdmin,
  103. &user.Language,
  104. &user.Theme,
  105. &user.Timezone,
  106. &user.EntryDirection,
  107. &user.EntriesPerPage,
  108. &user.KeyboardShortcuts,
  109. &user.ShowReadingTime,
  110. &user.EntrySwipe,
  111. &user.GestureNav,
  112. &user.Stylesheet,
  113. &user.GoogleID,
  114. &user.OpenIDConnectID,
  115. &user.DisplayMode,
  116. &user.EntryOrder,
  117. &user.DefaultReadingSpeed,
  118. &user.CJKReadingSpeed,
  119. &user.DefaultHomePage,
  120. &user.CategoriesSortingOrder,
  121. &user.MarkReadOnView,
  122. &user.MediaPlaybackRate,
  123. &user.BlockFilterEntryRules,
  124. &user.KeepFilterEntryRules,
  125. )
  126. if err != nil {
  127. tx.Rollback()
  128. return nil, fmt.Errorf(`store: unable to create user: %v`, err)
  129. }
  130. _, err = tx.Exec(`INSERT INTO categories (user_id, title) VALUES ($1, $2)`, user.ID, "All")
  131. if err != nil {
  132. tx.Rollback()
  133. return nil, fmt.Errorf(`store: unable to create user default category: %v`, err)
  134. }
  135. _, err = tx.Exec(`INSERT INTO integrations (user_id) VALUES ($1)`, user.ID)
  136. if err != nil {
  137. tx.Rollback()
  138. return nil, fmt.Errorf(`store: unable to create integration row: %v`, err)
  139. }
  140. if err := tx.Commit(); err != nil {
  141. return nil, fmt.Errorf(`store: unable to commit transaction: %v`, err)
  142. }
  143. return &user, nil
  144. }
  145. // UpdateUser updates a user.
  146. func (s *Storage) UpdateUser(user *model.User) error {
  147. if user.Password != "" {
  148. hashedPassword, err := crypto.HashPassword(user.Password)
  149. if err != nil {
  150. return err
  151. }
  152. query := `
  153. UPDATE users SET
  154. username=LOWER($1),
  155. password=$2,
  156. is_admin=$3,
  157. theme=$4,
  158. language=$5,
  159. timezone=$6,
  160. entry_direction=$7,
  161. entries_per_page=$8,
  162. keyboard_shortcuts=$9,
  163. show_reading_time=$10,
  164. entry_swipe=$11,
  165. gesture_nav=$12,
  166. stylesheet=$13,
  167. google_id=$14,
  168. openid_connect_id=$15,
  169. display_mode=$16,
  170. entry_order=$17,
  171. default_reading_speed=$18,
  172. cjk_reading_speed=$19,
  173. default_home_page=$20,
  174. categories_sorting_order=$21,
  175. mark_read_on_view=$22,
  176. media_playback_rate=$23,
  177. block_filter_entry_rules=$24,
  178. keep_filter_entry_rules=$25
  179. WHERE
  180. id=$26
  181. `
  182. _, err = s.db.Exec(
  183. query,
  184. user.Username,
  185. hashedPassword,
  186. user.IsAdmin,
  187. user.Theme,
  188. user.Language,
  189. user.Timezone,
  190. user.EntryDirection,
  191. user.EntriesPerPage,
  192. user.KeyboardShortcuts,
  193. user.ShowReadingTime,
  194. user.EntrySwipe,
  195. user.GestureNav,
  196. user.Stylesheet,
  197. user.GoogleID,
  198. user.OpenIDConnectID,
  199. user.DisplayMode,
  200. user.EntryOrder,
  201. user.DefaultReadingSpeed,
  202. user.CJKReadingSpeed,
  203. user.DefaultHomePage,
  204. user.CategoriesSortingOrder,
  205. user.MarkReadOnView,
  206. user.MediaPlaybackRate,
  207. user.BlockFilterEntryRules,
  208. user.KeepFilterEntryRules,
  209. user.ID,
  210. )
  211. if err != nil {
  212. return fmt.Errorf(`store: unable to update user: %v`, err)
  213. }
  214. } else {
  215. query := `
  216. UPDATE users SET
  217. username=LOWER($1),
  218. is_admin=$2,
  219. theme=$3,
  220. language=$4,
  221. timezone=$5,
  222. entry_direction=$6,
  223. entries_per_page=$7,
  224. keyboard_shortcuts=$8,
  225. show_reading_time=$9,
  226. entry_swipe=$10,
  227. gesture_nav=$11,
  228. stylesheet=$12,
  229. google_id=$13,
  230. openid_connect_id=$14,
  231. display_mode=$15,
  232. entry_order=$16,
  233. default_reading_speed=$17,
  234. cjk_reading_speed=$18,
  235. default_home_page=$19,
  236. categories_sorting_order=$20,
  237. mark_read_on_view=$21,
  238. media_playback_rate=$22,
  239. block_filter_entry_rules=$23,
  240. keep_filter_entry_rules=$24
  241. WHERE
  242. id=$25
  243. `
  244. _, err := s.db.Exec(
  245. query,
  246. user.Username,
  247. user.IsAdmin,
  248. user.Theme,
  249. user.Language,
  250. user.Timezone,
  251. user.EntryDirection,
  252. user.EntriesPerPage,
  253. user.KeyboardShortcuts,
  254. user.ShowReadingTime,
  255. user.EntrySwipe,
  256. user.GestureNav,
  257. user.Stylesheet,
  258. user.GoogleID,
  259. user.OpenIDConnectID,
  260. user.DisplayMode,
  261. user.EntryOrder,
  262. user.DefaultReadingSpeed,
  263. user.CJKReadingSpeed,
  264. user.DefaultHomePage,
  265. user.CategoriesSortingOrder,
  266. user.MarkReadOnView,
  267. user.MediaPlaybackRate,
  268. user.BlockFilterEntryRules,
  269. user.KeepFilterEntryRules,
  270. user.ID,
  271. )
  272. if err != nil {
  273. return fmt.Errorf(`store: unable to update user: %v`, err)
  274. }
  275. }
  276. return nil
  277. }
  278. // UserLanguage returns the language of the given user.
  279. func (s *Storage) UserLanguage(userID int64) (language string) {
  280. err := s.db.QueryRow(`SELECT language FROM users WHERE id = $1`, userID).Scan(&language)
  281. if err != nil {
  282. return "en_US"
  283. }
  284. return language
  285. }
  286. // UserByID finds a user by the ID.
  287. func (s *Storage) UserByID(userID int64) (*model.User, error) {
  288. query := `
  289. SELECT
  290. id,
  291. username,
  292. is_admin,
  293. theme,
  294. language,
  295. timezone,
  296. entry_direction,
  297. entries_per_page,
  298. keyboard_shortcuts,
  299. show_reading_time,
  300. entry_swipe,
  301. gesture_nav,
  302. last_login_at,
  303. stylesheet,
  304. google_id,
  305. openid_connect_id,
  306. display_mode,
  307. entry_order,
  308. default_reading_speed,
  309. cjk_reading_speed,
  310. default_home_page,
  311. categories_sorting_order,
  312. mark_read_on_view,
  313. media_playback_rate,
  314. block_filter_entry_rules,
  315. keep_filter_entry_rules
  316. FROM
  317. users
  318. WHERE
  319. id = $1
  320. `
  321. return s.fetchUser(query, userID)
  322. }
  323. // UserByUsername finds a user by the username.
  324. func (s *Storage) UserByUsername(username string) (*model.User, error) {
  325. query := `
  326. SELECT
  327. id,
  328. username,
  329. is_admin,
  330. theme,
  331. language,
  332. timezone,
  333. entry_direction,
  334. entries_per_page,
  335. keyboard_shortcuts,
  336. show_reading_time,
  337. entry_swipe,
  338. gesture_nav,
  339. last_login_at,
  340. stylesheet,
  341. google_id,
  342. openid_connect_id,
  343. display_mode,
  344. entry_order,
  345. default_reading_speed,
  346. cjk_reading_speed,
  347. default_home_page,
  348. categories_sorting_order,
  349. mark_read_on_view,
  350. media_playback_rate,
  351. block_filter_entry_rules,
  352. keep_filter_entry_rules
  353. FROM
  354. users
  355. WHERE
  356. username=LOWER($1)
  357. `
  358. return s.fetchUser(query, username)
  359. }
  360. // UserByField finds a user by a field value.
  361. func (s *Storage) UserByField(field, value string) (*model.User, error) {
  362. query := `
  363. SELECT
  364. id,
  365. username,
  366. is_admin,
  367. theme,
  368. language,
  369. timezone,
  370. entry_direction,
  371. entries_per_page,
  372. keyboard_shortcuts,
  373. show_reading_time,
  374. entry_swipe,
  375. gesture_nav,
  376. last_login_at,
  377. stylesheet,
  378. google_id,
  379. openid_connect_id,
  380. display_mode,
  381. entry_order,
  382. default_reading_speed,
  383. cjk_reading_speed,
  384. default_home_page,
  385. categories_sorting_order,
  386. mark_read_on_view,
  387. media_playback_rate,
  388. block_filter_entry_rules,
  389. keep_filter_entry_rules
  390. FROM
  391. users
  392. WHERE
  393. %s=$1
  394. `
  395. return s.fetchUser(fmt.Sprintf(query, pq.QuoteIdentifier(field)), value)
  396. }
  397. // AnotherUserWithFieldExists returns true if a user has the value set for the given field.
  398. func (s *Storage) AnotherUserWithFieldExists(userID int64, field, value string) bool {
  399. var result bool
  400. s.db.QueryRow(fmt.Sprintf(`SELECT true FROM users WHERE id <> $1 AND %s=$2`, pq.QuoteIdentifier(field)), userID, value).Scan(&result)
  401. return result
  402. }
  403. // UserByAPIKey returns a User from an API Key.
  404. func (s *Storage) UserByAPIKey(token string) (*model.User, error) {
  405. query := `
  406. SELECT
  407. u.id,
  408. u.username,
  409. u.is_admin,
  410. u.theme,
  411. u.language,
  412. u.timezone,
  413. u.entry_direction,
  414. u.entries_per_page,
  415. u.keyboard_shortcuts,
  416. u.show_reading_time,
  417. u.entry_swipe,
  418. u.gesture_nav,
  419. u.last_login_at,
  420. u.stylesheet,
  421. u.google_id,
  422. u.openid_connect_id,
  423. u.display_mode,
  424. u.entry_order,
  425. u.default_reading_speed,
  426. u.cjk_reading_speed,
  427. u.default_home_page,
  428. u.categories_sorting_order,
  429. u.mark_read_on_view,
  430. media_playback_rate,
  431. u.block_filter_entry_rules,
  432. u.keep_filter_entry_rules
  433. FROM
  434. users u
  435. LEFT JOIN
  436. api_keys ON api_keys.user_id=u.id
  437. WHERE
  438. api_keys.token = $1
  439. `
  440. return s.fetchUser(query, token)
  441. }
  442. func (s *Storage) fetchUser(query string, args ...interface{}) (*model.User, error) {
  443. var user model.User
  444. err := s.db.QueryRow(query, args...).Scan(
  445. &user.ID,
  446. &user.Username,
  447. &user.IsAdmin,
  448. &user.Theme,
  449. &user.Language,
  450. &user.Timezone,
  451. &user.EntryDirection,
  452. &user.EntriesPerPage,
  453. &user.KeyboardShortcuts,
  454. &user.ShowReadingTime,
  455. &user.EntrySwipe,
  456. &user.GestureNav,
  457. &user.LastLoginAt,
  458. &user.Stylesheet,
  459. &user.GoogleID,
  460. &user.OpenIDConnectID,
  461. &user.DisplayMode,
  462. &user.EntryOrder,
  463. &user.DefaultReadingSpeed,
  464. &user.CJKReadingSpeed,
  465. &user.DefaultHomePage,
  466. &user.CategoriesSortingOrder,
  467. &user.MarkReadOnView,
  468. &user.MediaPlaybackRate,
  469. &user.BlockFilterEntryRules,
  470. &user.KeepFilterEntryRules,
  471. )
  472. if err == sql.ErrNoRows {
  473. return nil, nil
  474. } else if err != nil {
  475. return nil, fmt.Errorf(`store: unable to fetch user: %v`, err)
  476. }
  477. return &user, nil
  478. }
  479. // RemoveUser deletes a user.
  480. func (s *Storage) RemoveUser(userID int64) error {
  481. tx, err := s.db.Begin()
  482. if err != nil {
  483. return fmt.Errorf(`store: unable to start transaction: %v`, err)
  484. }
  485. if _, err := tx.Exec(`DELETE FROM users WHERE id=$1`, userID); err != nil {
  486. tx.Rollback()
  487. return fmt.Errorf(`store: unable to remove user #%d: %v`, userID, err)
  488. }
  489. if _, err := tx.Exec(`DELETE FROM integrations WHERE user_id=$1`, userID); err != nil {
  490. tx.Rollback()
  491. return fmt.Errorf(`store: unable to remove integration settings for user #%d: %v`, userID, err)
  492. }
  493. if err := tx.Commit(); err != nil {
  494. return fmt.Errorf(`store: unable to commit transaction: %v`, err)
  495. }
  496. return nil
  497. }
  498. // RemoveUserAsync deletes user data without locking the database.
  499. func (s *Storage) RemoveUserAsync(userID int64) {
  500. go func() {
  501. if err := s.deleteUserFeeds(userID); err != nil {
  502. slog.Error("Unable to delete user feeds",
  503. slog.Int64("user_id", userID),
  504. slog.Any("error", err),
  505. )
  506. return
  507. }
  508. s.db.Exec(`DELETE FROM users WHERE id=$1`, userID)
  509. s.db.Exec(`DELETE FROM integrations WHERE user_id=$1`, userID)
  510. slog.Debug("User deleted",
  511. slog.Int64("user_id", userID),
  512. slog.Int("goroutines", runtime.NumGoroutine()),
  513. )
  514. }()
  515. }
  516. func (s *Storage) deleteUserFeeds(userID int64) error {
  517. rows, err := s.db.Query(`SELECT id FROM feeds WHERE user_id=$1`, userID)
  518. if err != nil {
  519. return fmt.Errorf(`store: unable to get user feeds: %v`, err)
  520. }
  521. defer rows.Close()
  522. for rows.Next() {
  523. var feedID int64
  524. rows.Scan(&feedID)
  525. slog.Debug("Deleting feed",
  526. slog.Int64("user_id", userID),
  527. slog.Int64("feed_id", feedID),
  528. slog.Int("goroutines", runtime.NumGoroutine()),
  529. )
  530. if err := s.RemoveFeed(userID, feedID); err != nil {
  531. return err
  532. }
  533. }
  534. return nil
  535. }
  536. // Users returns all users.
  537. func (s *Storage) Users() (model.Users, error) {
  538. query := `
  539. SELECT
  540. id,
  541. username,
  542. is_admin,
  543. theme,
  544. language,
  545. timezone,
  546. entry_direction,
  547. entries_per_page,
  548. keyboard_shortcuts,
  549. show_reading_time,
  550. entry_swipe,
  551. gesture_nav,
  552. last_login_at,
  553. stylesheet,
  554. google_id,
  555. openid_connect_id,
  556. display_mode,
  557. entry_order,
  558. default_reading_speed,
  559. cjk_reading_speed,
  560. default_home_page,
  561. categories_sorting_order,
  562. mark_read_on_view,
  563. media_playback_rate,
  564. block_filter_entry_rules,
  565. keep_filter_entry_rules
  566. FROM
  567. users
  568. ORDER BY username ASC
  569. `
  570. rows, err := s.db.Query(query)
  571. if err != nil {
  572. return nil, fmt.Errorf(`store: unable to fetch users: %v`, err)
  573. }
  574. defer rows.Close()
  575. var users model.Users
  576. for rows.Next() {
  577. var user model.User
  578. err := rows.Scan(
  579. &user.ID,
  580. &user.Username,
  581. &user.IsAdmin,
  582. &user.Theme,
  583. &user.Language,
  584. &user.Timezone,
  585. &user.EntryDirection,
  586. &user.EntriesPerPage,
  587. &user.KeyboardShortcuts,
  588. &user.ShowReadingTime,
  589. &user.EntrySwipe,
  590. &user.GestureNav,
  591. &user.LastLoginAt,
  592. &user.Stylesheet,
  593. &user.GoogleID,
  594. &user.OpenIDConnectID,
  595. &user.DisplayMode,
  596. &user.EntryOrder,
  597. &user.DefaultReadingSpeed,
  598. &user.CJKReadingSpeed,
  599. &user.DefaultHomePage,
  600. &user.CategoriesSortingOrder,
  601. &user.MarkReadOnView,
  602. &user.MediaPlaybackRate,
  603. &user.BlockFilterEntryRules,
  604. &user.KeepFilterEntryRules,
  605. )
  606. if err != nil {
  607. return nil, fmt.Errorf(`store: unable to fetch users row: %v`, err)
  608. }
  609. users = append(users, &user)
  610. }
  611. return users, nil
  612. }
  613. // CheckPassword validate the hashed password.
  614. func (s *Storage) CheckPassword(username, password string) error {
  615. var hash string
  616. username = strings.ToLower(username)
  617. err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)
  618. if err == sql.ErrNoRows {
  619. return fmt.Errorf(`store: unable to find this user: %s`, username)
  620. } else if err != nil {
  621. return fmt.Errorf(`store: unable to fetch user: %v`, err)
  622. }
  623. if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {
  624. return fmt.Errorf(`store: invalid password for "%s" (%v)`, username, err)
  625. }
  626. return nil
  627. }
  628. // HasPassword returns true if the given user has a password defined.
  629. func (s *Storage) HasPassword(userID int64) (bool, error) {
  630. var result bool
  631. query := `SELECT true FROM users WHERE id=$1 AND password <> ''`
  632. err := s.db.QueryRow(query, userID).Scan(&result)
  633. if err == sql.ErrNoRows {
  634. return false, nil
  635. } else if err != nil {
  636. return false, fmt.Errorf(`store: unable to execute query: %v`, err)
  637. }
  638. if result {
  639. return true, nil
  640. }
  641. return false, nil
  642. }