user.go 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. // Copyright 2017 Frédéric Guillot. All rights reserved.
  2. // Use of this source code is governed by the Apache 2.0
  3. // license that can be found in the LICENSE file.
  4. package storage
  5. import (
  6. "database/sql"
  7. "errors"
  8. "fmt"
  9. "github.com/miniflux/miniflux2/helper"
  10. "github.com/miniflux/miniflux2/model"
  11. "strings"
  12. "time"
  13. "golang.org/x/crypto/bcrypt"
  14. )
  15. func (s *Storage) SetLastLogin(userID int64) error {
  16. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:SetLastLogin] userID=%d", userID))
  17. query := "UPDATE users SET last_login_at=now() WHERE id=$1"
  18. _, err := s.db.Exec(query, userID)
  19. if err != nil {
  20. return fmt.Errorf("unable to update last login date: %v", err)
  21. }
  22. return nil
  23. }
  24. func (s *Storage) UserExists(username string) bool {
  25. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserExists] username=%s", username))
  26. var result int
  27. s.db.QueryRow(`SELECT count(*) as c FROM users WHERE username=$1`, username).Scan(&result)
  28. return result >= 1
  29. }
  30. func (s *Storage) AnotherUserExists(userID int64, username string) bool {
  31. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:AnotherUserExists] userID=%d, username=%s", userID, username))
  32. var result int
  33. s.db.QueryRow(`SELECT count(*) as c FROM users WHERE id != $1 AND username=$2`, userID, username).Scan(&result)
  34. return result >= 1
  35. }
  36. func (s *Storage) CreateUser(user *model.User) error {
  37. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:CreateUser] username=%s", user.Username))
  38. password, err := hashPassword(user.Password)
  39. if err != nil {
  40. return err
  41. }
  42. query := "INSERT INTO users (username, password, is_admin) VALUES ($1, $2, $3) RETURNING id"
  43. err = s.db.QueryRow(query, strings.ToLower(user.Username), password, user.IsAdmin).Scan(&user.ID)
  44. if err != nil {
  45. return fmt.Errorf("unable to create user: %v", err)
  46. }
  47. s.CreateCategory(&model.Category{Title: "All", UserID: user.ID})
  48. return nil
  49. }
  50. func (s *Storage) UpdateUser(user *model.User) error {
  51. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UpdateUser] username=%s", user.Username))
  52. user.Username = strings.ToLower(user.Username)
  53. if user.Password != "" {
  54. hashedPassword, err := hashPassword(user.Password)
  55. if err != nil {
  56. return err
  57. }
  58. query := "UPDATE users SET username=$1, password=$2, is_admin=$3, theme=$4, language=$5, timezone=$6 WHERE id=$7"
  59. _, err = s.db.Exec(query, user.Username, hashedPassword, user.IsAdmin, user.Theme, user.Language, user.Timezone, user.ID)
  60. if err != nil {
  61. return fmt.Errorf("unable to update user: %v", err)
  62. }
  63. } else {
  64. query := "UPDATE users SET username=$1, is_admin=$2, theme=$3, language=$4, timezone=$5 WHERE id=$6"
  65. _, err := s.db.Exec(query, user.Username, user.IsAdmin, user.Theme, user.Language, user.Timezone, user.ID)
  66. if err != nil {
  67. return fmt.Errorf("unable to update user: %v", err)
  68. }
  69. }
  70. return nil
  71. }
  72. func (s *Storage) GetUserById(userID int64) (*model.User, error) {
  73. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:GetUserById] userID=%d", userID))
  74. var user model.User
  75. row := s.db.QueryRow("SELECT id, username, is_admin, theme, language, timezone FROM users WHERE id = $1", userID)
  76. err := row.Scan(&user.ID, &user.Username, &user.IsAdmin, &user.Theme, &user.Language, &user.Timezone)
  77. if err == sql.ErrNoRows {
  78. return nil, nil
  79. } else if err != nil {
  80. return nil, fmt.Errorf("unable to fetch user: %v", err)
  81. }
  82. return &user, nil
  83. }
  84. func (s *Storage) GetUserByUsername(username string) (*model.User, error) {
  85. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:GetUserByUsername] username=%s", username))
  86. var user model.User
  87. row := s.db.QueryRow("SELECT id, username, is_admin, theme, language, timezone FROM users WHERE username=$1", username)
  88. err := row.Scan(&user.ID, &user.Username, &user.IsAdmin, &user.Theme, &user.Language, &user.Timezone)
  89. if err == sql.ErrNoRows {
  90. return nil, nil
  91. } else if err != nil {
  92. return nil, fmt.Errorf("unable to fetch user: %v", err)
  93. }
  94. return &user, nil
  95. }
  96. func (s *Storage) RemoveUser(userID int64) error {
  97. defer helper.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:RemoveUser] userID=%d", userID))
  98. result, err := s.db.Exec("DELETE FROM users WHERE id = $1", userID)
  99. if err != nil {
  100. return fmt.Errorf("unable to remove this user: %v", err)
  101. }
  102. count, err := result.RowsAffected()
  103. if err != nil {
  104. return fmt.Errorf("unable to remove this user: %v", err)
  105. }
  106. if count == 0 {
  107. return errors.New("nothing has been removed.")
  108. }
  109. return nil
  110. }
  111. func (s *Storage) GetUsers() (model.Users, error) {
  112. defer helper.ExecutionTime(time.Now(), "[Storage:GetUsers]")
  113. var users model.Users
  114. rows, err := s.db.Query("SELECT id, username, is_admin, theme, language, timezone, last_login_at FROM users ORDER BY username ASC")
  115. if err != nil {
  116. return nil, fmt.Errorf("unable to fetch users: %v", err)
  117. }
  118. defer rows.Close()
  119. for rows.Next() {
  120. var user model.User
  121. err := rows.Scan(
  122. &user.ID,
  123. &user.Username,
  124. &user.IsAdmin,
  125. &user.Theme,
  126. &user.Language,
  127. &user.Timezone,
  128. &user.LastLoginAt,
  129. )
  130. if err != nil {
  131. return nil, fmt.Errorf("unable to fetch users row: %v", err)
  132. }
  133. users = append(users, &user)
  134. }
  135. return users, nil
  136. }
  137. func (s *Storage) CheckPassword(username, password string) error {
  138. defer helper.ExecutionTime(time.Now(), "[Storage:CheckPassword]")
  139. var hash string
  140. username = strings.ToLower(username)
  141. err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)
  142. if err == sql.ErrNoRows {
  143. return fmt.Errorf("Unable to find this user: %s\n", username)
  144. } else if err != nil {
  145. return fmt.Errorf("Unable to fetch user: %v\n", err)
  146. }
  147. if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {
  148. return fmt.Errorf("Invalid password for %s\n", username)
  149. }
  150. return nil
  151. }
  152. func hashPassword(password string) (string, error) {
  153. bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
  154. return string(bytes), err
  155. }