user.go 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
  2. // SPDX-License-Identifier: Apache-2.0
  3. package storage // import "miniflux.app/storage"
  4. import (
  5. "database/sql"
  6. "fmt"
  7. "runtime"
  8. "strings"
  9. "miniflux.app/logger"
  10. "miniflux.app/model"
  11. "github.com/lib/pq"
  12. "golang.org/x/crypto/bcrypt"
  13. )
  14. // CountUsers returns the total number of users.
  15. func (s *Storage) CountUsers() int {
  16. var result int
  17. err := s.db.QueryRow(`SELECT count(*) FROM users`).Scan(&result)
  18. if err != nil {
  19. return 0
  20. }
  21. return result
  22. }
  23. // SetLastLogin updates the last login date of a user.
  24. func (s *Storage) SetLastLogin(userID int64) error {
  25. query := `UPDATE users SET last_login_at=now() WHERE id=$1`
  26. _, err := s.db.Exec(query, userID)
  27. if err != nil {
  28. return fmt.Errorf(`store: unable to update last login date: %v`, err)
  29. }
  30. return nil
  31. }
  32. // UserExists checks if a user exists by using the given username.
  33. func (s *Storage) UserExists(username string) bool {
  34. var result bool
  35. s.db.QueryRow(`SELECT true FROM users WHERE username=LOWER($1)`, username).Scan(&result)
  36. return result
  37. }
  38. // AnotherUserExists checks if another user exists with the given username.
  39. func (s *Storage) AnotherUserExists(userID int64, username string) bool {
  40. var result bool
  41. s.db.QueryRow(`SELECT true FROM users WHERE id != $1 AND username=LOWER($2)`, userID, username).Scan(&result)
  42. return result
  43. }
  44. // CreateUser creates a new user.
  45. func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*model.User, error) {
  46. var hashedPassword string
  47. if userCreationRequest.Password != "" {
  48. var err error
  49. hashedPassword, err = hashPassword(userCreationRequest.Password)
  50. if err != nil {
  51. return nil, err
  52. }
  53. }
  54. query := `
  55. INSERT INTO users
  56. (username, password, is_admin, google_id, openid_connect_id)
  57. VALUES
  58. (LOWER($1), $2, $3, $4, $5)
  59. RETURNING
  60. id,
  61. username,
  62. is_admin,
  63. language,
  64. theme,
  65. timezone,
  66. entry_direction,
  67. entries_per_page,
  68. keyboard_shortcuts,
  69. show_reading_time,
  70. entry_swipe,
  71. gesture_nav,
  72. stylesheet,
  73. google_id,
  74. openid_connect_id,
  75. display_mode,
  76. entry_order,
  77. default_reading_speed,
  78. cjk_reading_speed,
  79. default_home_page,
  80. categories_sorting_order,
  81. mark_read_on_view
  82. `
  83. tx, err := s.db.Begin()
  84. if err != nil {
  85. return nil, fmt.Errorf(`store: unable to start transaction: %v`, err)
  86. }
  87. var user model.User
  88. err = tx.QueryRow(
  89. query,
  90. userCreationRequest.Username,
  91. hashedPassword,
  92. userCreationRequest.IsAdmin,
  93. userCreationRequest.GoogleID,
  94. userCreationRequest.OpenIDConnectID,
  95. ).Scan(
  96. &user.ID,
  97. &user.Username,
  98. &user.IsAdmin,
  99. &user.Language,
  100. &user.Theme,
  101. &user.Timezone,
  102. &user.EntryDirection,
  103. &user.EntriesPerPage,
  104. &user.KeyboardShortcuts,
  105. &user.ShowReadingTime,
  106. &user.EntrySwipe,
  107. &user.GestureNav,
  108. &user.Stylesheet,
  109. &user.GoogleID,
  110. &user.OpenIDConnectID,
  111. &user.DisplayMode,
  112. &user.EntryOrder,
  113. &user.DefaultReadingSpeed,
  114. &user.CJKReadingSpeed,
  115. &user.DefaultHomePage,
  116. &user.CategoriesSortingOrder,
  117. &user.MarkReadOnView,
  118. )
  119. if err != nil {
  120. tx.Rollback()
  121. return nil, fmt.Errorf(`store: unable to create user: %v`, err)
  122. }
  123. _, err = tx.Exec(`INSERT INTO categories (user_id, title) VALUES ($1, $2)`, user.ID, "All")
  124. if err != nil {
  125. tx.Rollback()
  126. return nil, fmt.Errorf(`store: unable to create user default category: %v`, err)
  127. }
  128. _, err = tx.Exec(`INSERT INTO integrations (user_id) VALUES ($1)`, user.ID)
  129. if err != nil {
  130. tx.Rollback()
  131. return nil, fmt.Errorf(`store: unable to create integration row: %v`, err)
  132. }
  133. if err := tx.Commit(); err != nil {
  134. return nil, fmt.Errorf(`store: unable to commit transaction: %v`, err)
  135. }
  136. return &user, nil
  137. }
  138. // UpdateUser updates a user.
  139. func (s *Storage) UpdateUser(user *model.User) error {
  140. if user.Password != "" {
  141. hashedPassword, err := hashPassword(user.Password)
  142. if err != nil {
  143. return err
  144. }
  145. query := `
  146. UPDATE users SET
  147. username=LOWER($1),
  148. password=$2,
  149. is_admin=$3,
  150. theme=$4,
  151. language=$5,
  152. timezone=$6,
  153. entry_direction=$7,
  154. entries_per_page=$8,
  155. keyboard_shortcuts=$9,
  156. show_reading_time=$10,
  157. entry_swipe=$11,
  158. gesture_nav=$12,
  159. stylesheet=$13,
  160. google_id=$14,
  161. openid_connect_id=$15,
  162. display_mode=$16,
  163. entry_order=$17,
  164. default_reading_speed=$18,
  165. cjk_reading_speed=$19,
  166. default_home_page=$20,
  167. categories_sorting_order=$21,
  168. mark_read_on_view=$22
  169. WHERE
  170. id=$23
  171. `
  172. _, err = s.db.Exec(
  173. query,
  174. user.Username,
  175. hashedPassword,
  176. user.IsAdmin,
  177. user.Theme,
  178. user.Language,
  179. user.Timezone,
  180. user.EntryDirection,
  181. user.EntriesPerPage,
  182. user.KeyboardShortcuts,
  183. user.ShowReadingTime,
  184. user.EntrySwipe,
  185. user.GestureNav,
  186. user.Stylesheet,
  187. user.GoogleID,
  188. user.OpenIDConnectID,
  189. user.DisplayMode,
  190. user.EntryOrder,
  191. user.DefaultReadingSpeed,
  192. user.CJKReadingSpeed,
  193. user.DefaultHomePage,
  194. user.CategoriesSortingOrder,
  195. user.MarkReadOnView,
  196. user.ID,
  197. )
  198. if err != nil {
  199. return fmt.Errorf(`store: unable to update user: %v`, err)
  200. }
  201. } else {
  202. query := `
  203. UPDATE users SET
  204. username=LOWER($1),
  205. is_admin=$2,
  206. theme=$3,
  207. language=$4,
  208. timezone=$5,
  209. entry_direction=$6,
  210. entries_per_page=$7,
  211. keyboard_shortcuts=$8,
  212. show_reading_time=$9,
  213. entry_swipe=$10,
  214. gesture_nav=$11,
  215. stylesheet=$12,
  216. google_id=$13,
  217. openid_connect_id=$14,
  218. display_mode=$15,
  219. entry_order=$16,
  220. default_reading_speed=$17,
  221. cjk_reading_speed=$18,
  222. default_home_page=$19,
  223. categories_sorting_order=$20,
  224. mark_read_on_view=$21
  225. WHERE
  226. id=$22
  227. `
  228. _, err := s.db.Exec(
  229. query,
  230. user.Username,
  231. user.IsAdmin,
  232. user.Theme,
  233. user.Language,
  234. user.Timezone,
  235. user.EntryDirection,
  236. user.EntriesPerPage,
  237. user.KeyboardShortcuts,
  238. user.ShowReadingTime,
  239. user.EntrySwipe,
  240. user.GestureNav,
  241. user.Stylesheet,
  242. user.GoogleID,
  243. user.OpenIDConnectID,
  244. user.DisplayMode,
  245. user.EntryOrder,
  246. user.DefaultReadingSpeed,
  247. user.CJKReadingSpeed,
  248. user.DefaultHomePage,
  249. user.CategoriesSortingOrder,
  250. user.MarkReadOnView,
  251. user.ID,
  252. )
  253. if err != nil {
  254. return fmt.Errorf(`store: unable to update user: %v`, err)
  255. }
  256. }
  257. return nil
  258. }
  259. // UserLanguage returns the language of the given user.
  260. func (s *Storage) UserLanguage(userID int64) (language string) {
  261. err := s.db.QueryRow(`SELECT language FROM users WHERE id = $1`, userID).Scan(&language)
  262. if err != nil {
  263. return "en_US"
  264. }
  265. return language
  266. }
  267. // UserByID finds a user by the ID.
  268. func (s *Storage) UserByID(userID int64) (*model.User, error) {
  269. query := `
  270. SELECT
  271. id,
  272. username,
  273. is_admin,
  274. theme,
  275. language,
  276. timezone,
  277. entry_direction,
  278. entries_per_page,
  279. keyboard_shortcuts,
  280. show_reading_time,
  281. entry_swipe,
  282. gesture_nav,
  283. last_login_at,
  284. stylesheet,
  285. google_id,
  286. openid_connect_id,
  287. display_mode,
  288. entry_order,
  289. default_reading_speed,
  290. cjk_reading_speed,
  291. default_home_page,
  292. categories_sorting_order,
  293. mark_read_on_view
  294. FROM
  295. users
  296. WHERE
  297. id = $1
  298. `
  299. return s.fetchUser(query, userID)
  300. }
  301. // UserByUsername finds a user by the username.
  302. func (s *Storage) UserByUsername(username string) (*model.User, error) {
  303. query := `
  304. SELECT
  305. id,
  306. username,
  307. is_admin,
  308. theme,
  309. language,
  310. timezone,
  311. entry_direction,
  312. entries_per_page,
  313. keyboard_shortcuts,
  314. show_reading_time,
  315. entry_swipe,
  316. gesture_nav,
  317. last_login_at,
  318. stylesheet,
  319. google_id,
  320. openid_connect_id,
  321. display_mode,
  322. entry_order,
  323. default_reading_speed,
  324. cjk_reading_speed,
  325. default_home_page,
  326. categories_sorting_order,
  327. mark_read_on_view
  328. FROM
  329. users
  330. WHERE
  331. username=LOWER($1)
  332. `
  333. return s.fetchUser(query, username)
  334. }
  335. // UserByField finds a user by a field value.
  336. func (s *Storage) UserByField(field, value string) (*model.User, error) {
  337. query := `
  338. SELECT
  339. id,
  340. username,
  341. is_admin,
  342. theme,
  343. language,
  344. timezone,
  345. entry_direction,
  346. entries_per_page,
  347. keyboard_shortcuts,
  348. show_reading_time,
  349. entry_swipe,
  350. gesture_nav,
  351. last_login_at,
  352. stylesheet,
  353. google_id,
  354. openid_connect_id,
  355. display_mode,
  356. entry_order,
  357. default_reading_speed,
  358. cjk_reading_speed,
  359. default_home_page,
  360. categories_sorting_order,
  361. mark_read_on_view
  362. FROM
  363. users
  364. WHERE
  365. %s=$1
  366. `
  367. return s.fetchUser(fmt.Sprintf(query, pq.QuoteIdentifier(field)), value)
  368. }
  369. // AnotherUserWithFieldExists returns true if a user has the value set for the given field.
  370. func (s *Storage) AnotherUserWithFieldExists(userID int64, field, value string) bool {
  371. var result bool
  372. s.db.QueryRow(fmt.Sprintf(`SELECT true FROM users WHERE id <> $1 AND %s=$2`, pq.QuoteIdentifier(field)), userID, value).Scan(&result)
  373. return result
  374. }
  375. // UserByAPIKey returns a User from an API Key.
  376. func (s *Storage) UserByAPIKey(token string) (*model.User, error) {
  377. query := `
  378. SELECT
  379. u.id,
  380. u.username,
  381. u.is_admin,
  382. u.theme,
  383. u.language,
  384. u.timezone,
  385. u.entry_direction,
  386. u.entries_per_page,
  387. u.keyboard_shortcuts,
  388. u.show_reading_time,
  389. u.entry_swipe,
  390. u.gesture_nav,
  391. u.last_login_at,
  392. u.stylesheet,
  393. u.google_id,
  394. u.openid_connect_id,
  395. u.display_mode,
  396. u.entry_order,
  397. u.default_reading_speed,
  398. u.cjk_reading_speed,
  399. u.default_home_page,
  400. u.categories_sorting_order,
  401. u.mark_read_on_view
  402. FROM
  403. users u
  404. LEFT JOIN
  405. api_keys ON api_keys.user_id=u.id
  406. WHERE
  407. api_keys.token = $1
  408. `
  409. return s.fetchUser(query, token)
  410. }
  411. func (s *Storage) fetchUser(query string, args ...interface{}) (*model.User, error) {
  412. var user model.User
  413. err := s.db.QueryRow(query, args...).Scan(
  414. &user.ID,
  415. &user.Username,
  416. &user.IsAdmin,
  417. &user.Theme,
  418. &user.Language,
  419. &user.Timezone,
  420. &user.EntryDirection,
  421. &user.EntriesPerPage,
  422. &user.KeyboardShortcuts,
  423. &user.ShowReadingTime,
  424. &user.EntrySwipe,
  425. &user.GestureNav,
  426. &user.LastLoginAt,
  427. &user.Stylesheet,
  428. &user.GoogleID,
  429. &user.OpenIDConnectID,
  430. &user.DisplayMode,
  431. &user.EntryOrder,
  432. &user.DefaultReadingSpeed,
  433. &user.CJKReadingSpeed,
  434. &user.DefaultHomePage,
  435. &user.CategoriesSortingOrder,
  436. &user.MarkReadOnView,
  437. )
  438. if err == sql.ErrNoRows {
  439. return nil, nil
  440. } else if err != nil {
  441. return nil, fmt.Errorf(`store: unable to fetch user: %v`, err)
  442. }
  443. return &user, nil
  444. }
  445. // RemoveUser deletes a user.
  446. func (s *Storage) RemoveUser(userID int64) error {
  447. tx, err := s.db.Begin()
  448. if err != nil {
  449. return fmt.Errorf(`store: unable to start transaction: %v`, err)
  450. }
  451. if _, err := tx.Exec(`DELETE FROM users WHERE id=$1`, userID); err != nil {
  452. tx.Rollback()
  453. return fmt.Errorf(`store: unable to remove user #%d: %v`, userID, err)
  454. }
  455. if _, err := tx.Exec(`DELETE FROM integrations WHERE user_id=$1`, userID); err != nil {
  456. tx.Rollback()
  457. return fmt.Errorf(`store: unable to remove integration settings for user #%d: %v`, userID, err)
  458. }
  459. if err := tx.Commit(); err != nil {
  460. return fmt.Errorf(`store: unable to commit transaction: %v`, err)
  461. }
  462. return nil
  463. }
  464. // RemoveUserAsync deletes user data without locking the database.
  465. func (s *Storage) RemoveUserAsync(userID int64) {
  466. go func() {
  467. if err := s.deleteUserFeeds(userID); err != nil {
  468. logger.Error(`%v`, err)
  469. return
  470. }
  471. s.db.Exec(`DELETE FROM users WHERE id=$1`, userID)
  472. s.db.Exec(`DELETE FROM integrations WHERE user_id=$1`, userID)
  473. logger.Debug(`[MASS DELETE] User #%d has been deleted (%d GoRoutines)`, userID, runtime.NumGoroutine())
  474. }()
  475. }
  476. func (s *Storage) deleteUserFeeds(userID int64) error {
  477. rows, err := s.db.Query(`SELECT id FROM feeds WHERE user_id=$1`, userID)
  478. if err != nil {
  479. return fmt.Errorf(`store: unable to get user feeds: %v`, err)
  480. }
  481. defer rows.Close()
  482. for rows.Next() {
  483. var feedID int64
  484. rows.Scan(&feedID)
  485. logger.Debug(`[USER DELETION] Deleting feed #%d for user #%d (%d GoRoutines)`, feedID, userID, runtime.NumGoroutine())
  486. if err := s.RemoveFeed(userID, feedID); err != nil {
  487. return err
  488. }
  489. }
  490. return nil
  491. }
  492. // Users returns all users.
  493. func (s *Storage) Users() (model.Users, error) {
  494. query := `
  495. SELECT
  496. id,
  497. username,
  498. is_admin,
  499. theme,
  500. language,
  501. timezone,
  502. entry_direction,
  503. entries_per_page,
  504. keyboard_shortcuts,
  505. show_reading_time,
  506. entry_swipe,
  507. gesture_nav,
  508. last_login_at,
  509. stylesheet,
  510. google_id,
  511. openid_connect_id,
  512. display_mode,
  513. entry_order,
  514. default_reading_speed,
  515. cjk_reading_speed,
  516. default_home_page,
  517. categories_sorting_order,
  518. mark_read_on_view
  519. FROM
  520. users
  521. ORDER BY username ASC
  522. `
  523. rows, err := s.db.Query(query)
  524. if err != nil {
  525. return nil, fmt.Errorf(`store: unable to fetch users: %v`, err)
  526. }
  527. defer rows.Close()
  528. var users model.Users
  529. for rows.Next() {
  530. var user model.User
  531. err := rows.Scan(
  532. &user.ID,
  533. &user.Username,
  534. &user.IsAdmin,
  535. &user.Theme,
  536. &user.Language,
  537. &user.Timezone,
  538. &user.EntryDirection,
  539. &user.EntriesPerPage,
  540. &user.KeyboardShortcuts,
  541. &user.ShowReadingTime,
  542. &user.EntrySwipe,
  543. &user.GestureNav,
  544. &user.LastLoginAt,
  545. &user.Stylesheet,
  546. &user.GoogleID,
  547. &user.OpenIDConnectID,
  548. &user.DisplayMode,
  549. &user.EntryOrder,
  550. &user.DefaultReadingSpeed,
  551. &user.CJKReadingSpeed,
  552. &user.DefaultHomePage,
  553. &user.CategoriesSortingOrder,
  554. &user.MarkReadOnView,
  555. )
  556. if err != nil {
  557. return nil, fmt.Errorf(`store: unable to fetch users row: %v`, err)
  558. }
  559. users = append(users, &user)
  560. }
  561. return users, nil
  562. }
  563. // CheckPassword validate the hashed password.
  564. func (s *Storage) CheckPassword(username, password string) error {
  565. var hash string
  566. username = strings.ToLower(username)
  567. err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)
  568. if err == sql.ErrNoRows {
  569. return fmt.Errorf(`store: unable to find this user: %s`, username)
  570. } else if err != nil {
  571. return fmt.Errorf(`store: unable to fetch user: %v`, err)
  572. }
  573. if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {
  574. return fmt.Errorf(`store: invalid password for "%s" (%v)`, username, err)
  575. }
  576. return nil
  577. }
  578. // HasPassword returns true if the given user has a password defined.
  579. func (s *Storage) HasPassword(userID int64) (bool, error) {
  580. var result bool
  581. query := `SELECT true FROM users WHERE id=$1 AND password <> ''`
  582. err := s.db.QueryRow(query, userID).Scan(&result)
  583. if err == sql.ErrNoRows {
  584. return false, nil
  585. } else if err != nil {
  586. return false, fmt.Errorf(`store: unable to execute query: %v`, err)
  587. }
  588. if result {
  589. return true, nil
  590. }
  591. return false, nil
  592. }
  593. func hashPassword(password string) (string, error) {
  594. bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
  595. return string(bytes), err
  596. }