user.go 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405
  1. // Copyright 2017 Frédéric Guillot. All rights reserved.
  2. // Use of this source code is governed by the Apache 2.0
  3. // license that can be found in the LICENSE file.
  4. package storage // import "miniflux.app/storage"
  5. import (
  6. "database/sql"
  7. "errors"
  8. "fmt"
  9. "strings"
  10. "miniflux.app/model"
  11. "github.com/lib/pq/hstore"
  12. "golang.org/x/crypto/bcrypt"
  13. )
  14. // SetLastLogin updates the last login date of a user.
  15. func (s *Storage) SetLastLogin(userID int64) error {
  16. query := `UPDATE users SET last_login_at=now() WHERE id=$1`
  17. _, err := s.db.Exec(query, userID)
  18. if err != nil {
  19. return fmt.Errorf(`store: unable to update last login date: %v`, err)
  20. }
  21. return nil
  22. }
  23. // UserExists checks if a user exists by using the given username.
  24. func (s *Storage) UserExists(username string) bool {
  25. var result bool
  26. s.db.QueryRow(`SELECT true FROM users WHERE username=LOWER($1)`, username).Scan(&result)
  27. return result
  28. }
  29. // AnotherUserExists checks if another user exists with the given username.
  30. func (s *Storage) AnotherUserExists(userID int64, username string) bool {
  31. var result bool
  32. s.db.QueryRow(`SELECT true FROM users WHERE id != $1 AND username=LOWER($2)`, userID, username).Scan(&result)
  33. return result
  34. }
  35. // CreateUser creates a new user.
  36. func (s *Storage) CreateUser(user *model.User) (err error) {
  37. password := ""
  38. extra := hstore.Hstore{Map: make(map[string]sql.NullString)}
  39. if user.Password != "" {
  40. password, err = hashPassword(user.Password)
  41. if err != nil {
  42. return err
  43. }
  44. }
  45. if len(user.Extra) > 0 {
  46. for key, value := range user.Extra {
  47. extra.Map[key] = sql.NullString{String: value, Valid: true}
  48. }
  49. }
  50. query := `
  51. INSERT INTO users
  52. (username, password, is_admin, extra)
  53. VALUES
  54. (LOWER($1), $2, $3, $4)
  55. RETURNING
  56. id, username, is_admin, language, theme, timezone, entry_direction, keyboard_shortcuts
  57. `
  58. err = s.db.QueryRow(query, user.Username, password, user.IsAdmin, extra).Scan(
  59. &user.ID,
  60. &user.Username,
  61. &user.IsAdmin,
  62. &user.Language,
  63. &user.Theme,
  64. &user.Timezone,
  65. &user.EntryDirection,
  66. &user.KeyboardShortcuts,
  67. )
  68. if err != nil {
  69. return fmt.Errorf(`store: unable to create user: %v`, err)
  70. }
  71. s.CreateCategory(&model.Category{Title: "All", UserID: user.ID})
  72. s.CreateIntegration(user.ID)
  73. return nil
  74. }
  75. // UpdateExtraField updates an extra field of the given user.
  76. func (s *Storage) UpdateExtraField(userID int64, field, value string) error {
  77. query := fmt.Sprintf(`UPDATE users SET extra = hstore('%s', $1) WHERE id=$2`, field)
  78. _, err := s.db.Exec(query, value, userID)
  79. if err != nil {
  80. return fmt.Errorf(`store: unable to update user extra field: %v`, err)
  81. }
  82. return nil
  83. }
  84. // RemoveExtraField deletes an extra field for the given user.
  85. func (s *Storage) RemoveExtraField(userID int64, field string) error {
  86. query := `UPDATE users SET extra = delete(extra, $1) WHERE id=$2`
  87. _, err := s.db.Exec(query, field, userID)
  88. if err != nil {
  89. return fmt.Errorf(`store: unable to remove user extra field: %v`, err)
  90. }
  91. return nil
  92. }
  93. // UpdateUser updates a user.
  94. func (s *Storage) UpdateUser(user *model.User) error {
  95. if user.Password != "" {
  96. hashedPassword, err := hashPassword(user.Password)
  97. if err != nil {
  98. return err
  99. }
  100. query := `
  101. UPDATE users SET
  102. username=LOWER($1),
  103. password=$2,
  104. is_admin=$3,
  105. theme=$4,
  106. language=$5,
  107. timezone=$6,
  108. entry_direction=$7,
  109. keyboard_shortcuts=$8
  110. WHERE
  111. id=$9
  112. `
  113. _, err = s.db.Exec(
  114. query,
  115. user.Username,
  116. hashedPassword,
  117. user.IsAdmin,
  118. user.Theme,
  119. user.Language,
  120. user.Timezone,
  121. user.EntryDirection,
  122. user.KeyboardShortcuts,
  123. user.ID,
  124. )
  125. if err != nil {
  126. return fmt.Errorf(`store: unable to update user: %v`, err)
  127. }
  128. } else {
  129. query := `
  130. UPDATE users SET
  131. username=LOWER($1),
  132. is_admin=$2,
  133. theme=$3,
  134. language=$4,
  135. timezone=$5,
  136. entry_direction=$6,
  137. keyboard_shortcuts=$7
  138. WHERE
  139. id=$8
  140. `
  141. _, err := s.db.Exec(
  142. query,
  143. user.Username,
  144. user.IsAdmin,
  145. user.Theme,
  146. user.Language,
  147. user.Timezone,
  148. user.EntryDirection,
  149. user.KeyboardShortcuts,
  150. user.ID,
  151. )
  152. if err != nil {
  153. return fmt.Errorf(`store: unable to update user: %v`, err)
  154. }
  155. }
  156. return nil
  157. }
  158. // UserLanguage returns the language of the given user.
  159. func (s *Storage) UserLanguage(userID int64) (language string) {
  160. err := s.db.QueryRow(`SELECT language FROM users WHERE id = $1`, userID).Scan(&language)
  161. if err != nil {
  162. return "en_US"
  163. }
  164. return language
  165. }
  166. // UserByID finds a user by the ID.
  167. func (s *Storage) UserByID(userID int64) (*model.User, error) {
  168. query := `
  169. SELECT
  170. id,
  171. username,
  172. is_admin,
  173. theme,
  174. language,
  175. timezone,
  176. entry_direction,
  177. keyboard_shortcuts,
  178. last_login_at,
  179. extra
  180. FROM
  181. users
  182. WHERE
  183. id = $1
  184. `
  185. return s.fetchUser(query, userID)
  186. }
  187. // UserByUsername finds a user by the username.
  188. func (s *Storage) UserByUsername(username string) (*model.User, error) {
  189. query := `
  190. SELECT
  191. id,
  192. username,
  193. is_admin,
  194. theme,
  195. language,
  196. timezone,
  197. entry_direction,
  198. keyboard_shortcuts,
  199. last_login_at,
  200. extra
  201. FROM
  202. users
  203. WHERE
  204. username=LOWER($1)
  205. `
  206. return s.fetchUser(query, username)
  207. }
  208. // UserByExtraField finds a user by an extra field value.
  209. func (s *Storage) UserByExtraField(field, value string) (*model.User, error) {
  210. query := `
  211. SELECT
  212. id,
  213. username,
  214. is_admin,
  215. theme,
  216. language,
  217. timezone,
  218. entry_direction,
  219. keyboard_shortcuts,
  220. last_login_at,
  221. extra
  222. FROM
  223. users
  224. WHERE
  225. extra->$1=$2
  226. `
  227. return s.fetchUser(query, field, value)
  228. }
  229. func (s *Storage) fetchUser(query string, args ...interface{}) (*model.User, error) {
  230. var extra hstore.Hstore
  231. user := model.NewUser()
  232. err := s.db.QueryRow(query, args...).Scan(
  233. &user.ID,
  234. &user.Username,
  235. &user.IsAdmin,
  236. &user.Theme,
  237. &user.Language,
  238. &user.Timezone,
  239. &user.EntryDirection,
  240. &user.KeyboardShortcuts,
  241. &user.LastLoginAt,
  242. &extra,
  243. )
  244. if err == sql.ErrNoRows {
  245. return nil, nil
  246. } else if err != nil {
  247. return nil, fmt.Errorf(`store: unable to fetch user: %v`, err)
  248. }
  249. for key, value := range extra.Map {
  250. if value.Valid {
  251. user.Extra[key] = value.String
  252. }
  253. }
  254. return user, nil
  255. }
  256. // RemoveUser deletes a user.
  257. func (s *Storage) RemoveUser(userID int64) error {
  258. result, err := s.db.Exec("DELETE FROM users WHERE id = $1", userID)
  259. if err != nil {
  260. return fmt.Errorf(`store: unable to remove this user: %v`, err)
  261. }
  262. count, err := result.RowsAffected()
  263. if err != nil {
  264. return fmt.Errorf(`store: unable to remove this user: %v`, err)
  265. }
  266. if count == 0 {
  267. return errors.New(`store: nothing has been removed`)
  268. }
  269. return nil
  270. }
  271. // Users returns all users.
  272. func (s *Storage) Users() (model.Users, error) {
  273. query := `
  274. SELECT
  275. id,
  276. username,
  277. is_admin,
  278. theme,
  279. language,
  280. timezone,
  281. entry_direction,
  282. keyboard_shortcuts,
  283. last_login_at,
  284. extra
  285. FROM
  286. users
  287. ORDER BY username ASC
  288. `
  289. rows, err := s.db.Query(query)
  290. if err != nil {
  291. return nil, fmt.Errorf(`store: unable to fetch users: %v`, err)
  292. }
  293. defer rows.Close()
  294. var users model.Users
  295. for rows.Next() {
  296. var extra hstore.Hstore
  297. user := model.NewUser()
  298. err := rows.Scan(
  299. &user.ID,
  300. &user.Username,
  301. &user.IsAdmin,
  302. &user.Theme,
  303. &user.Language,
  304. &user.Timezone,
  305. &user.EntryDirection,
  306. &user.KeyboardShortcuts,
  307. &user.LastLoginAt,
  308. &extra,
  309. )
  310. if err != nil {
  311. return nil, fmt.Errorf(`store: unable to fetch users row: %v`, err)
  312. }
  313. for key, value := range extra.Map {
  314. if value.Valid {
  315. user.Extra[key] = value.String
  316. }
  317. }
  318. users = append(users, user)
  319. }
  320. return users, nil
  321. }
  322. // CheckPassword validate the hashed password.
  323. func (s *Storage) CheckPassword(username, password string) error {
  324. var hash string
  325. username = strings.ToLower(username)
  326. err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)
  327. if err == sql.ErrNoRows {
  328. return fmt.Errorf(`store: unable to find this user: %s`, username)
  329. } else if err != nil {
  330. return fmt.Errorf(`store: unable to fetch user: %v`, err)
  331. }
  332. if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {
  333. return fmt.Errorf(`store: invalid password for "%s" (%v)`, username, err)
  334. }
  335. return nil
  336. }
  337. // HasPassword returns true if the given user has a password defined.
  338. func (s *Storage) HasPassword(userID int64) (bool, error) {
  339. var result bool
  340. query := `SELECT true FROM users WHERE id=$1 AND password <> ''`
  341. err := s.db.QueryRow(query, userID).Scan(&result)
  342. if err == sql.ErrNoRows {
  343. return false, nil
  344. } else if err != nil {
  345. return false, fmt.Errorf(`store: unable to execute query: %v`, err)
  346. }
  347. if result {
  348. return true, nil
  349. }
  350. return false, nil
  351. }
  352. func hashPassword(password string) (string, error) {
  353. bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
  354. return string(bytes), err
  355. }