2017-12-16 21:15:33 +01:00
|
|
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
|
|
|
|
// Use of this source code is governed by the Apache 2.0
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2018-08-25 06:51:50 +02:00
|
|
|
package storage // import "miniflux.app/storage"
|
2017-12-16 21:15:33 +01:00
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
|
|
|
"fmt"
|
|
|
|
|
2018-08-25 06:51:50 +02:00
|
|
|
"miniflux.app/crypto"
|
|
|
|
"miniflux.app/model"
|
2017-12-16 21:15:33 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// UserSessions returns the list of sessions for the given user.
|
|
|
|
func (s *Storage) UserSessions(userID int64) (model.UserSessions, error) {
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `
|
|
|
|
SELECT
|
|
|
|
id,
|
|
|
|
user_id,
|
|
|
|
token,
|
|
|
|
created_at,
|
|
|
|
user_agent,
|
|
|
|
ip
|
|
|
|
FROM
|
|
|
|
user_sessions
|
|
|
|
WHERE
|
|
|
|
user_id=$1 ORDER BY id DESC
|
|
|
|
`
|
2017-12-16 21:15:33 +01:00
|
|
|
rows, err := s.db.Query(query, userID)
|
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return nil, fmt.Errorf(`store: unable to fetch user sessions: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
|
|
|
|
var sessions model.UserSessions
|
|
|
|
for rows.Next() {
|
|
|
|
var session model.UserSession
|
|
|
|
err := rows.Scan(
|
|
|
|
&session.ID,
|
|
|
|
&session.UserID,
|
|
|
|
&session.Token,
|
|
|
|
&session.CreatedAt,
|
|
|
|
&session.UserAgent,
|
|
|
|
&session.IP,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return nil, fmt.Errorf(`store: unable to fetch user session row: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
sessions = append(sessions, &session)
|
|
|
|
}
|
|
|
|
|
|
|
|
return sessions, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateUserSession creates a new sessions.
|
2018-04-30 01:35:04 +02:00
|
|
|
func (s *Storage) CreateUserSession(username, userAgent, ip string) (sessionID string, userID int64, err error) {
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `SELECT id FROM users WHERE username = LOWER($1)`
|
|
|
|
err = s.db.QueryRow(query, username).Scan(&userID)
|
2017-12-16 21:15:33 +01:00
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return "", 0, fmt.Errorf(`store: unable to fetch user ID: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
2018-01-03 04:15:08 +01:00
|
|
|
token := crypto.GenerateRandomString(64)
|
2019-10-30 06:48:07 +01:00
|
|
|
query = `INSERT INTO user_sessions (token, user_id, user_agent, ip) VALUES ($1, $2, $3, $4)`
|
2017-12-16 21:15:33 +01:00
|
|
|
_, err = s.db.Exec(query, token, userID, userAgent, ip)
|
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return "", 0, fmt.Errorf(`store: unable to create user session: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
2018-04-30 01:35:04 +02:00
|
|
|
return token, userID, nil
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// UserSessionByToken finds a session by the token.
|
|
|
|
func (s *Storage) UserSessionByToken(token string) (*model.UserSession, error) {
|
|
|
|
var session model.UserSession
|
|
|
|
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `
|
|
|
|
SELECT
|
|
|
|
id,
|
|
|
|
user_id,
|
|
|
|
token,
|
|
|
|
created_at,
|
|
|
|
user_agent,
|
|
|
|
ip
|
|
|
|
FROM
|
|
|
|
user_sessions
|
|
|
|
WHERE
|
|
|
|
token = $1
|
|
|
|
`
|
2017-12-16 21:15:33 +01:00
|
|
|
err := s.db.QueryRow(query, token).Scan(
|
|
|
|
&session.ID,
|
|
|
|
&session.UserID,
|
|
|
|
&session.Token,
|
|
|
|
&session.CreatedAt,
|
|
|
|
&session.UserAgent,
|
|
|
|
&session.IP,
|
|
|
|
)
|
|
|
|
|
2019-10-30 06:48:07 +01:00
|
|
|
switch {
|
|
|
|
case err == sql.ErrNoRows:
|
2018-04-10 06:52:24 +02:00
|
|
|
return nil, nil
|
2019-10-30 06:48:07 +01:00
|
|
|
case err != nil:
|
|
|
|
return nil, fmt.Errorf(`store: unable to fetch user session: %v`, err)
|
|
|
|
default:
|
|
|
|
return &session, nil
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveUserSessionByToken remove a session by using the token.
|
|
|
|
func (s *Storage) RemoveUserSessionByToken(userID int64, token string) error {
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `DELETE FROM user_sessions WHERE user_id=$1 AND token=$2`
|
|
|
|
result, err := s.db.Exec(query, userID, token)
|
2017-12-16 21:15:33 +01:00
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
count, err := result.RowsAffected()
|
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if count != 1 {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: nothing has been removed`)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveUserSessionByID remove a session by using the ID.
|
|
|
|
func (s *Storage) RemoveUserSessionByID(userID, sessionID int64) error {
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `DELETE FROM user_sessions WHERE user_id=$1 AND id=$2`
|
|
|
|
result, err := s.db.Exec(query, userID, sessionID)
|
2017-12-16 21:15:33 +01:00
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
count, err := result.RowsAffected()
|
|
|
|
if err != nil {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: unable to remove this user session: %v`, err)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if count != 1 {
|
2019-10-30 06:48:07 +01:00
|
|
|
return fmt.Errorf(`store: nothing has been removed`)
|
2017-12-16 21:15:33 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2017-12-17 03:48:17 +01:00
|
|
|
|
2019-09-12 05:10:34 +02:00
|
|
|
// CleanOldUserSessions removes user sessions older than specified days.
|
|
|
|
func (s *Storage) CleanOldUserSessions(days int) int64 {
|
2019-10-30 06:48:07 +01:00
|
|
|
query := `
|
|
|
|
DELETE FROM
|
|
|
|
user_sessions
|
|
|
|
WHERE
|
|
|
|
id IN (SELECT id FROM user_sessions WHERE created_at < now() - interval '%d days')
|
|
|
|
`
|
|
|
|
result, err := s.db.Exec(fmt.Sprintf(query, days))
|
2017-12-17 03:48:17 +01:00
|
|
|
if err != nil {
|
|
|
|
return 0
|
|
|
|
}
|
|
|
|
|
|
|
|
n, _ := result.RowsAffected()
|
|
|
|
return n
|
|
|
|
}
|