miniflux/storage/user_session.go

183 lines
4.1 KiB
Go
Raw Normal View History

// SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
2017-12-16 21:15:33 +01:00
2018-08-25 06:51:50 +02:00
package storage // import "miniflux.app/storage"
2017-12-16 21:15:33 +01:00
import (
"database/sql"
"fmt"
2018-08-25 06:51:50 +02:00
"miniflux.app/crypto"
"miniflux.app/model"
2017-12-16 21:15:33 +01:00
)
// UserSessions returns the list of sessions for the given user.
func (s *Storage) UserSessions(userID int64) (model.UserSessions, error) {
2019-10-30 06:48:07 +01:00
query := `
SELECT
id,
user_id,
token,
created_at,
user_agent,
ip
FROM
user_sessions
WHERE
user_id=$1 ORDER BY id DESC
`
2017-12-16 21:15:33 +01:00
rows, err := s.db.Query(query, userID)
if err != nil {
2019-10-30 06:48:07 +01:00
return nil, fmt.Errorf(`store: unable to fetch user sessions: %v`, err)
2017-12-16 21:15:33 +01:00
}
defer rows.Close()
var sessions model.UserSessions
for rows.Next() {
var session model.UserSession
err := rows.Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
if err != nil {
2019-10-30 06:48:07 +01:00
return nil, fmt.Errorf(`store: unable to fetch user session row: %v`, err)
2017-12-16 21:15:33 +01:00
}
sessions = append(sessions, &session)
}
return sessions, nil
}
// CreateUserSessionFromUsername creates a new user session.
func (s *Storage) CreateUserSessionFromUsername(username, userAgent, ip string) (sessionID string, userID int64, err error) {
token := crypto.GenerateRandomString(64)
tx, err := s.db.Begin()
if err != nil {
return "", 0, fmt.Errorf(`store: unable to start transaction: %v`, err)
}
err = tx.QueryRow(`SELECT id FROM users WHERE username = LOWER($1)`, username).Scan(&userID)
2017-12-16 21:15:33 +01:00
if err != nil {
tx.Rollback()
2019-10-30 06:48:07 +01:00
return "", 0, fmt.Errorf(`store: unable to fetch user ID: %v`, err)
2017-12-16 21:15:33 +01:00
}
_, err = tx.Exec(
`INSERT INTO user_sessions (token, user_id, user_agent, ip) VALUES ($1, $2, $3, $4)`,
token,
userID,
userAgent,
ip,
)
2017-12-16 21:15:33 +01:00
if err != nil {
tx.Rollback()
2019-10-30 06:48:07 +01:00
return "", 0, fmt.Errorf(`store: unable to create user session: %v`, err)
2017-12-16 21:15:33 +01:00
}
if err := tx.Commit(); err != nil {
return "", 0, fmt.Errorf(`store: unable to commit transaction: %v`, err)
}
return token, userID, nil
2017-12-16 21:15:33 +01:00
}
// UserSessionByToken finds a session by the token.
func (s *Storage) UserSessionByToken(token string) (*model.UserSession, error) {
var session model.UserSession
2019-10-30 06:48:07 +01:00
query := `
SELECT
id,
user_id,
token,
created_at,
user_agent,
ip
FROM
user_sessions
WHERE
token = $1
`
2017-12-16 21:15:33 +01:00
err := s.db.QueryRow(query, token).Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
2019-10-30 06:48:07 +01:00
switch {
case err == sql.ErrNoRows:
return nil, nil
2019-10-30 06:48:07 +01:00
case err != nil:
return nil, fmt.Errorf(`store: unable to fetch user session: %v`, err)
default:
return &session, nil
2017-12-16 21:15:33 +01:00
}
}
// RemoveUserSessionByToken remove a session by using the token.
func (s *Storage) RemoveUserSessionByToken(userID int64, token string) error {
2019-10-30 06:48:07 +01:00
query := `DELETE FROM user_sessions WHERE user_id=$1 AND token=$2`
result, err := s.db.Exec(query, userID, token)
2017-12-16 21:15:33 +01:00
if err != nil {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
2017-12-16 21:15:33 +01:00
}
count, err := result.RowsAffected()
if err != nil {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
2017-12-16 21:15:33 +01:00
}
if count != 1 {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: nothing has been removed`)
2017-12-16 21:15:33 +01:00
}
return nil
}
// RemoveUserSessionByID remove a session by using the ID.
func (s *Storage) RemoveUserSessionByID(userID, sessionID int64) error {
2019-10-30 06:48:07 +01:00
query := `DELETE FROM user_sessions WHERE user_id=$1 AND id=$2`
result, err := s.db.Exec(query, userID, sessionID)
2017-12-16 21:15:33 +01:00
if err != nil {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
2017-12-16 21:15:33 +01:00
}
count, err := result.RowsAffected()
if err != nil {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
2017-12-16 21:15:33 +01:00
}
if count != 1 {
2019-10-30 06:48:07 +01:00
return fmt.Errorf(`store: nothing has been removed`)
2017-12-16 21:15:33 +01:00
}
return nil
}
2017-12-17 03:48:17 +01:00
// CleanOldUserSessions removes user sessions older than specified days.
func (s *Storage) CleanOldUserSessions(days int) int64 {
2019-10-30 06:48:07 +01:00
query := `
DELETE FROM
user_sessions
WHERE
id IN (SELECT id FROM user_sessions WHERE created_at < now() - interval '%d days')
`
result, err := s.db.Exec(fmt.Sprintf(query, days))
2017-12-17 03:48:17 +01:00
if err != nil {
return 0
}
n, _ := result.RowsAffected()
return n
}