2017-11-20 06:10:04 +01:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package storage
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
|
|
|
"fmt"
|
2017-11-28 06:30:04 +01:00
|
|
|
|
2017-11-20 06:10:04 +01:00
|
|
|
"github.com/miniflux/miniflux2/helper"
|
|
|
|
"github.com/miniflux/miniflux2/model"
|
|
|
|
)
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// Sessions returns the list of sessions for the given user.
|
|
|
|
func (s *Storage) Sessions(userID int64) (model.Sessions, error) {
|
2017-11-20 06:10:04 +01:00
|
|
|
query := `SELECT id, user_id, token, created_at, user_agent, ip FROM sessions WHERE user_id=$1 ORDER BY id DESC`
|
|
|
|
rows, err := s.db.Query(query, userID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to fetch sessions: %v", err)
|
|
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
var sessions model.Sessions
|
|
|
|
for rows.Next() {
|
|
|
|
var session model.Session
|
|
|
|
err := rows.Scan(
|
|
|
|
&session.ID,
|
|
|
|
&session.UserID,
|
|
|
|
&session.Token,
|
|
|
|
&session.CreatedAt,
|
|
|
|
&session.UserAgent,
|
|
|
|
&session.IP,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to fetch session row: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
sessions = append(sessions, &session)
|
|
|
|
}
|
|
|
|
|
|
|
|
return sessions, nil
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// CreateSession creates a new sessions.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (s *Storage) CreateSession(username, userAgent, ip string) (sessionID string, err error) {
|
|
|
|
var userID int64
|
|
|
|
|
|
|
|
err = s.db.QueryRow("SELECT id FROM users WHERE username = $1", username).Scan(&userID)
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("unable to fetch UserID: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
token := helper.GenerateRandomString(64)
|
|
|
|
query := "INSERT INTO sessions (token, user_id, user_agent, ip) VALUES ($1, $2, $3, $4)"
|
|
|
|
_, err = s.db.Exec(query, token, userID, userAgent, ip)
|
|
|
|
if err != nil {
|
|
|
|
return "", fmt.Errorf("unable to create session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
s.SetLastLogin(userID)
|
|
|
|
|
|
|
|
return token, nil
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// SessionByToken finds a session by the token.
|
|
|
|
func (s *Storage) SessionByToken(token string) (*model.Session, error) {
|
2017-11-20 06:10:04 +01:00
|
|
|
var session model.Session
|
|
|
|
|
|
|
|
query := "SELECT id, user_id, token, created_at, user_agent, ip FROM sessions WHERE token = $1"
|
|
|
|
err := s.db.QueryRow(query, token).Scan(
|
|
|
|
&session.ID,
|
|
|
|
&session.UserID,
|
|
|
|
&session.Token,
|
|
|
|
&session.CreatedAt,
|
|
|
|
&session.UserAgent,
|
|
|
|
&session.IP,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err == sql.ErrNoRows {
|
|
|
|
return nil, fmt.Errorf("session not found: %s", token)
|
|
|
|
} else if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to fetch session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &session, nil
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// RemoveSessionByToken remove a session by using the token.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (s *Storage) RemoveSessionByToken(userID int64, token string) error {
|
|
|
|
result, err := s.db.Exec(`DELETE FROM sessions WHERE user_id=$1 AND token=$2`, userID, token)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to remove this session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
count, err := result.RowsAffected()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to remove this session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if count != 1 {
|
|
|
|
return fmt.Errorf("nothing has been removed")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// RemoveSessionByID remove a session by using the ID.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (s *Storage) RemoveSessionByID(userID, sessionID int64) error {
|
|
|
|
result, err := s.db.Exec(`DELETE FROM sessions WHERE user_id=$1 AND id=$2`, userID, sessionID)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to remove this session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
count, err := result.RowsAffected()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("unable to remove this session: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if count != 1 {
|
|
|
|
return fmt.Errorf("nothing has been removed")
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2017-11-28 06:30:04 +01:00
|
|
|
// FlushAllSessions removes all sessions from the database.
|
2017-11-20 06:10:04 +01:00
|
|
|
func (s *Storage) FlushAllSessions() (err error) {
|
2017-11-28 06:30:04 +01:00
|
|
|
_, err = s.db.Exec(`DELETE FROM sessions`)
|
2017-11-20 06:10:04 +01:00
|
|
|
return
|
|
|
|
}
|