980 lines
32 KiB
Go
980 lines
32 KiB
Go
/*
|
|
* Amsterdam Web Communities System
|
|
* Copyright (c) 2025-2026 Erbosoft Metaverse Design Solutions, All Rights Reserved
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*/
|
|
// The database package contains database management and storage logic.
|
|
package database
|
|
|
|
import (
|
|
"context"
|
|
"crypto/sha1"
|
|
"database/sql"
|
|
"encoding/hex"
|
|
"errors"
|
|
"fmt"
|
|
"hash/crc32"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"git.erbosoft.com/amy/amsterdam/config"
|
|
"git.erbosoft.com/amy/amsterdam/util"
|
|
lru "github.com/hashicorp/golang-lru"
|
|
"github.com/jmoiron/sqlx"
|
|
"github.com/klauspost/lctime"
|
|
log "github.com/sirupsen/logrus"
|
|
"golang.org/x/text/language"
|
|
"golang.org/x/text/message"
|
|
)
|
|
|
|
// ErrNoUser is an error returned if the user is not found in the database.
|
|
var ErrNoUser error = errors.New("no such user")
|
|
|
|
// ErrUserExists is an error returned if the user name already exists when trying to create a user.
|
|
var ErrUserExists error = errors.New("that user name already exists. Please try again")
|
|
|
|
// UserPrefs represents the user's preferences in a table (one row per user).
|
|
type UserPrefs struct {
|
|
Uid int32 `db:"uid"` // user ID
|
|
TimeZoneID string `db:"tzid"` // ID of default timezone
|
|
LocaleID string `db:"localeid"` // ID of default locale
|
|
}
|
|
|
|
// ReadLocale reads the locale out of the prefs, adjusting for Go use.
|
|
func (p *UserPrefs) ReadLocale() string {
|
|
return strings.ReplaceAll(p.LocaleID, "_", "-")
|
|
}
|
|
|
|
// WriteLocale writes the locale into the prefs, adjusting for backward compatibility.
|
|
func (p *UserPrefs) WriteLocale(loc string) {
|
|
p.LocaleID = strings.ReplaceAll(loc, "-", "_")
|
|
}
|
|
|
|
// Clone duplicates the user preferences.
|
|
func (p *UserPrefs) Clone() *UserPrefs {
|
|
rc := *p
|
|
return &rc
|
|
}
|
|
|
|
// Save saves off the user preferences, replacing the prefs on the user if necessary.
|
|
func (p *UserPrefs) Save(ctx context.Context, u, setter *User, ipaddr string) error {
|
|
if u != nil && u.Uid != p.Uid {
|
|
return errors.New("internal mismatch of IDs")
|
|
}
|
|
var old *UserPrefs = nil
|
|
if setter.Uid != u.Uid {
|
|
var pref UserPrefs
|
|
err := amdb.GetContext(ctx, &pref, "SELECT * FROM userprefs WHERE uid = ?", u.Uid)
|
|
if err == nil {
|
|
old = &pref
|
|
} else if err != sql.ErrNoRows {
|
|
return err
|
|
}
|
|
}
|
|
_, err := amdb.NamedExecContext(ctx, "UPDATE userprefs SET localeid = :localeid, tzid = :tzid WHERE uid = :uid", p)
|
|
if err == nil && u != nil {
|
|
u.prefs = p
|
|
if old != nil {
|
|
if old.LocaleID != p.LocaleID {
|
|
AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=localeid"))
|
|
}
|
|
if old.TimeZoneID != p.TimeZoneID {
|
|
AmStoreAudit(AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", p.Uid), "field=tzid"))
|
|
}
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
// Localizer returns a localizer for this locale.
|
|
func (p *UserPrefs) Localizer() lctime.Localizer {
|
|
lc, err := lctime.NewLocalizer(p.LocaleID)
|
|
if err != nil {
|
|
log.Fatalf("BOGUS LANGUAGE TAG %s in user prefs for uid %d", p.LocaleID, p.Uid)
|
|
}
|
|
return lc
|
|
}
|
|
|
|
// LanguageTag returns the user's language tag.
|
|
func (p *UserPrefs) LanguageTag() *language.Tag {
|
|
lt, err := language.Parse(p.ReadLocale())
|
|
if err != nil {
|
|
log.Errorf("BOGUS LANGUAGE TAG %s in user prefs for uid %d", p.LocaleID, p.Uid)
|
|
return nil
|
|
}
|
|
return <
|
|
}
|
|
|
|
// MessagePrinter returns a message printer for the user's selected locale.
|
|
func (p *UserPrefs) MessagePrinter() *message.Printer {
|
|
return message.NewPrinter(*p.LanguageTag())
|
|
}
|
|
|
|
// Location returns the time.Location for these user prefs.
|
|
func (p *UserPrefs) Location() *time.Location {
|
|
rc, err := time.LoadLocation(p.TimeZoneID)
|
|
if err != nil {
|
|
log.Errorf("BOGUS TIMEZONE TAG %s in user prefs for uid %d", p.TimeZoneID, p.Uid)
|
|
return time.Local
|
|
}
|
|
return rc
|
|
}
|
|
|
|
// LocationISO8601Offset returns an offset value for the user's time location.
|
|
func (p *UserPrefs) LocationISO8601Offset() string {
|
|
loc := p.Location()
|
|
_, secondsOut := time.Now().In(loc).Zone()
|
|
if secondsOut == 0 {
|
|
return "Z"
|
|
}
|
|
minutesOut := secondsOut / 60
|
|
if minutesOut < 0 {
|
|
minutesOut = -minutesOut
|
|
return fmt.Sprintf("-%02d:%02d", minutesOut/60, minutesOut%60)
|
|
} else {
|
|
return fmt.Sprintf("+%02d:%02d", minutesOut/60, minutesOut%60)
|
|
}
|
|
}
|
|
|
|
// User represents a user in the Amsterdam database.
|
|
type User struct {
|
|
Mutex sync.RWMutex
|
|
Uid int32 `db:"uid"` // unique ID of user
|
|
Username string `db:"username"` // user name
|
|
Passhash string `db:"passhash"` // password hash
|
|
Tokenauth *string `db:"tokenauth"` // token authorization information
|
|
ContactID int32 `db:"contactid"` // contact information ID
|
|
IsAnon bool `db:"is_anon"` // is this the anonymous user?
|
|
VerifyEMail bool `db:"verify_email"` // is E-mail address verified?
|
|
Lockout bool `db:"lockout"` // is this user locked out?
|
|
AccessTries int16 `db:"access_tries"` // how many timews has the user tried to access?
|
|
EmailConfNum int32 `db:"email_confnum"` // E-mail confirmation number
|
|
BaseLevel uint16 `db:"base_lvl"` // base access level of the user
|
|
Created time.Time `db:"created"` // account creation time
|
|
LastAccess *time.Time `db:"lastaccess"` // last access (login) time
|
|
PassReminder string `db:"passreminder"` // last update time
|
|
Description *string `db:"description"` // description
|
|
DOB *time.Time `db:"dob"` // date of birth
|
|
flags *util.OptionSet
|
|
prefs *UserPrefs
|
|
}
|
|
|
|
// UserProperties represents a property entry for a user.
|
|
type UserProperties struct {
|
|
Uid int32 `db:"uid"` // UID of user
|
|
Index int32 `db:"ndx"` // index of property
|
|
Data *string `db:"data"` // property data
|
|
}
|
|
|
|
// User property indexes defined.
|
|
const (
|
|
UserPropFlags = int32(0) // "flags" user property
|
|
)
|
|
|
|
// Flag values for user property index UserPropFlags defined.
|
|
const (
|
|
UserFlagPicturesInPosts = uint(0)
|
|
UserFlagDisallowSetPhoto = uint(1)
|
|
UserFlagMassMailOptOut = uint(2)
|
|
)
|
|
|
|
// Selectors for field and operator in user search.
|
|
const (
|
|
SearchUserFieldName = 0
|
|
SearchUserFieldDescription = 1
|
|
SearchUserFieldFirstName = 2
|
|
SearchUserFieldLastName = 3
|
|
|
|
SearchUserOperPrefix = 0
|
|
SearchUserOperSubstring = 1
|
|
SearchUserOperRegex = 2
|
|
)
|
|
|
|
// userCache is the cache for User objects.
|
|
var userCache *lru.TwoQueueCache = nil
|
|
|
|
// getUserMutex is a mutex on AmGetUser.
|
|
var getUserMutex sync.Mutex
|
|
|
|
// userPropCache is the cache for UserProperties objects.
|
|
var userPropCache *lru.Cache = nil
|
|
|
|
// getUserPropMutex is a mutex on AmGetUserProperty.
|
|
var getUserPropMutex sync.Mutex
|
|
|
|
// anonUid is the UID of the "anonymous" user.
|
|
var anonUid int32 = -1
|
|
|
|
// setupUserCache initializes the caches.
|
|
func setupUserCache() {
|
|
var err error
|
|
userCache, err = lru.New2Q(config.GlobalConfig.Tuning.Caches.Users)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
userPropCache, err = lru.New(config.GlobalConfig.Tuning.Caches.UserProps)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|
|
|
|
// ContactInfo returns the contact info structure for the user.
|
|
func (u *User) ContactInfo(ctx context.Context) (*ContactInfo, error) {
|
|
if u.ContactID < 0 {
|
|
return nil, nil
|
|
}
|
|
return AmGetContactInfo(ctx, u.ContactID)
|
|
}
|
|
|
|
// SetContactID sets the contact ID of a user.
|
|
func (u *User) SetContactID(ctx context.Context, cid int32) error {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
if _, err := amdb.ExecContext(ctx, "UPDATE users SET contactid = ? WHERE uid = ?", cid, u.Uid); err != nil {
|
|
return err
|
|
}
|
|
u.ContactID = cid
|
|
return nil
|
|
}
|
|
|
|
/* NewAuthToken generates and returns a new authentication token for the user.
|
|
* Returns:
|
|
* Authentication token value
|
|
* Standard Go error status.
|
|
*/
|
|
func (u *User) NewAuthToken(ctx context.Context) (string, error) {
|
|
if u.IsAnon {
|
|
return "", errors.New("cannot generate token for anonymous user")
|
|
}
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
newToken := util.GenerateRandomAuthString()
|
|
if _, err := amdb.ExecContext(ctx, "UPDATE users SET tokenauth = ? WHERE uid = ?", newToken, u.Uid); err != nil {
|
|
return "", err
|
|
}
|
|
u.Tokenauth = &newToken
|
|
checkValue := uint32(u.Uid) ^ crc32.ChecksumIEEE([]byte(newToken))
|
|
return fmt.Sprintf("AQAT:%d|%s|%d|", u.Uid, newToken, checkValue), nil
|
|
}
|
|
|
|
/* ConfirmEMailAddress checks the E-mail confirmation number and sets "verified" status if it's OK.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* confnum - The entered confirmation number.
|
|
* remoteIP - The remote IP address for audit messages.
|
|
* Returns:
|
|
* Standard Go error status.
|
|
*/
|
|
func (u *User) ConfirmEMailAddress(ctx context.Context, confnum int32, remoteIP string) error {
|
|
log.Debugf("ConfirmEMailAddress for UID %d", u.Uid)
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
if u.VerifyEMail || AmTestPermission("Global.NoEmailVerify", u.BaseLevel) {
|
|
log.Debug("...user has either already confirmed or is exempt")
|
|
return nil
|
|
}
|
|
if confnum != u.EmailConfNum {
|
|
log.Warn("...confirmation number incorrect")
|
|
AmStoreAudit(AmNewAudit(AuditVerifyEmailFail, u.Uid, remoteIP, "Invalid confirmation number"))
|
|
return errors.New("confirmation number is incorrect. Please try again")
|
|
}
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET verify_email = 1, base_lvl = ? WHERE uid = ?",
|
|
AmDefaultRole("Global.AfterVerify").Level(), u.Uid)
|
|
if err == nil {
|
|
u.VerifyEMail = true
|
|
u.BaseLevel = AmDefaultRole("Global.AfterVerify").Level()
|
|
if err = AmAutoJoinCommunities(ctx, u); err == nil {
|
|
AmStoreAudit(AmNewAudit(AuditVerifyEmailOK, u.Uid, remoteIP))
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
// NewEmailConfirmationNumber creates a new confirmation number for a user and saves it off.
|
|
func (u *User) NewEmailConfirmationNumber(ctx context.Context) error {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
newnum := util.GenerateRandomConfirmationNumber()
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET email_confnum = ? WHERE uid = ?", newnum, u.Uid)
|
|
if err != nil {
|
|
u.EmailConfNum = newnum
|
|
}
|
|
return err
|
|
}
|
|
|
|
// ChangePassword resets a user's password.
|
|
func (u *User) ChangePassword(ctx context.Context, password string, changer *User, remoteIP string) error {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
pval := hashPassword(password)
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET passhash = ? WHERE uid = ?", pval, u.Uid)
|
|
if err == nil {
|
|
u.Passhash = pval
|
|
var arec *AuditRecord = nil
|
|
if changer.Uid == u.Uid {
|
|
arec = AmNewAudit(AuditChangePassword, u.Uid, remoteIP, "via password change request")
|
|
} else {
|
|
arec = AmNewAudit(AuditAdminChangeUserPassword, changer.Uid, remoteIP, fmt.Sprintf("uid=%d", u.Uid))
|
|
}
|
|
AmStoreAudit(arec)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// GetFlags retrieves the flags from the properties.
|
|
func (u *User) Flags(ctx context.Context) (*util.OptionSet, error) {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
if u.flags == nil {
|
|
s, err := AmGetUserProperty(ctx, u.Uid, UserPropFlags)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if s == nil {
|
|
return nil, fmt.Errorf("missing flags for user %d", u.Uid)
|
|
}
|
|
u.flags = util.OptionSetFromString(*s)
|
|
}
|
|
return u.flags, nil
|
|
}
|
|
|
|
// SaveFlags writes the flags to the database and stores them.
|
|
func (u *User) SaveFlags(ctx context.Context, f *util.OptionSet) error {
|
|
s := f.AsString()
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
err := AmSetUserProperty(ctx, u.Uid, UserPropFlags, &s)
|
|
if err == nil {
|
|
u.flags = f
|
|
}
|
|
return err
|
|
}
|
|
|
|
// FlagValue returns the boolean value of one of the user flags.
|
|
func (u *User) FlagValue(ctx context.Context, ndx uint) bool {
|
|
f, err := u.Flags(ctx)
|
|
if err != nil {
|
|
log.Errorf("flag retrieval error for user %d: %v", u.Uid, err)
|
|
return false
|
|
}
|
|
return f.Get(ndx)
|
|
}
|
|
|
|
// Prefs returns the user's preferences record.
|
|
func (u *User) Prefs(ctx context.Context) (*UserPrefs, error) {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
if u.prefs == nil {
|
|
var pref UserPrefs
|
|
if err := amdb.GetContext(ctx, &pref, "SELECT * FROM userprefs WHERE uid = ?", u.Uid); err != nil {
|
|
return nil, err
|
|
}
|
|
u.prefs = &pref
|
|
}
|
|
return u.prefs, nil
|
|
}
|
|
|
|
func (u *User) SetUsername(ctx context.Context, username string, setter *User, ipaddr string) error {
|
|
u.Mutex.Lock()
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET username = ? WHERE uid = ?", username, u.Uid)
|
|
u.Mutex.Unlock()
|
|
if err == nil {
|
|
u.Username = username
|
|
AmStoreAudit(AmNewAudit(AuditAdminSetUserName, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid),
|
|
fmt.Sprintf("newname=%s", username)))
|
|
}
|
|
return err
|
|
}
|
|
|
|
/* SetProfileData sets the "profile" variables for this user.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* reminder - Password reminder string.
|
|
* dob - Date of birth field.
|
|
* descr - Description string.
|
|
* Returns:
|
|
* Standard Go error status.
|
|
*/
|
|
func (u *User) SetProfileData(ctx context.Context, reminder string, dob *time.Time, descr *string, setter *User, ipaddr string) error {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET passreminder = ?, dob = ?, description = ? WHERE uid = ?", reminder, dob, descr, u.Uid)
|
|
if err == nil {
|
|
ara := make([]*AuditRecord, 0, 3)
|
|
if setter.Uid != u.Uid {
|
|
if u.Description != descr {
|
|
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=description"))
|
|
}
|
|
if !util.SameDate(u.DOB, dob) {
|
|
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=dob"))
|
|
}
|
|
}
|
|
u.PassReminder = reminder
|
|
u.DOB = dob
|
|
u.Description = descr
|
|
for _, a := range ara {
|
|
AmStoreAudit(a)
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
// SetSecurityData sets the "security" variables for this user.
|
|
func (u *User) SetSecurityData(ctx context.Context, baseLevel uint16, lockout, verifyEmail bool, setter *User, ipaddr string) error {
|
|
bofhLevel := AmRole("Global.BOFH").Level()
|
|
if (u.BaseLevel == bofhLevel || baseLevel == bofhLevel) && u.BaseLevel != baseLevel {
|
|
return errors.New("cannot change levels to or from global system administrator")
|
|
}
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET base_lvl = ?, lockout = ?, verify_email = ? WHERE uid = ?", baseLevel, lockout, verifyEmail, u.Uid)
|
|
if err == nil {
|
|
ara := make([]*AuditRecord, 0, 3)
|
|
if u.BaseLevel != baseLevel {
|
|
ara = append(ara, AmNewAudit(AuditAdminSetAccountSecurity, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), fmt.Sprintf("level=%d", baseLevel)))
|
|
}
|
|
if u.Lockout != lockout {
|
|
m := ""
|
|
if lockout {
|
|
m = "locked"
|
|
} else {
|
|
m = "unlocked"
|
|
}
|
|
ara = append(ara, AmNewAudit(AuditAdminLockUnlockAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), m))
|
|
}
|
|
if u.VerifyEMail != verifyEmail {
|
|
ara = append(ara, AmNewAudit(AuditAdminChangeUserAccount, setter.Uid, ipaddr, fmt.Sprintf("uid=%d", u.Uid), "field=verify_email"))
|
|
}
|
|
u.BaseLevel = baseLevel
|
|
u.Lockout = lockout
|
|
u.VerifyEMail = verifyEmail
|
|
for _, a := range ara {
|
|
AmStoreAudit(a)
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
// SetHashedPassword sets the hashed password for the user. Should only be used by import.
|
|
func (u *User) SetHashedPassword(ctx context.Context, hashValue string) error {
|
|
u.Mutex.Lock()
|
|
defer u.Mutex.Unlock()
|
|
_, err := amdb.ExecContext(ctx, "UPDATE users SET passhash = ? WHERE uid = ?", hashValue, u.Uid)
|
|
if err != nil {
|
|
u.Passhash = hashValue
|
|
}
|
|
return err
|
|
}
|
|
|
|
/* AmGetUser returns a reference to the specified user.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* uid - The UID of the user.
|
|
* Returns:
|
|
* Pointer to User containing user data, or nil
|
|
* Standard Go error status
|
|
*/
|
|
func AmGetUser(ctx context.Context, uid int32) (*User, error) {
|
|
getUserMutex.Lock()
|
|
defer getUserMutex.Unlock()
|
|
if rc, ok := userCache.Get(uid); ok {
|
|
return rc.(*User), nil
|
|
}
|
|
user := new(User)
|
|
err := amdb.GetContext(ctx, user, "SELECT * from users WHERE uid = ?", uid)
|
|
switch err {
|
|
case nil:
|
|
userCache.Add(uid, user)
|
|
return user, nil
|
|
case sql.ErrNoRows:
|
|
return nil, ErrNoUser
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
/* AmGetUserTx returns a reference to the specified user inside a transaction.
|
|
* Parameters:
|
|
* ctxt - Standard Go context value.
|
|
* tx - The transaction we're in.
|
|
* uid - The UID of the user.
|
|
* Returns:
|
|
* Pointer to User containing user data, or nil
|
|
* Standard Go error status
|
|
*/
|
|
func AmGetUserTx(ctx context.Context, tx *sqlx.Tx, uid int32) (*User, error) {
|
|
getUserMutex.Lock()
|
|
defer getUserMutex.Unlock()
|
|
if rc, ok := userCache.Get(uid); ok {
|
|
return rc.(*User), nil
|
|
}
|
|
user := new(User)
|
|
err := tx.GetContext(ctx, user, "SELECT * from users WHERE uid = ?", uid)
|
|
switch err {
|
|
case nil:
|
|
userCache.Add(uid, user)
|
|
return user, nil
|
|
case sql.ErrNoRows:
|
|
return nil, ErrNoUser
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
/* AmGetUserByName returns a reference to the specified user.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* name - The username of the user.
|
|
* tx - If this is not nil, use this transaction.
|
|
* Returns:
|
|
* Pointer to User containing user data, or nil
|
|
* Standard Go error status
|
|
*/
|
|
func AmGetUserByName(ctx context.Context, name string, tx *sqlx.Tx) (*User, error) {
|
|
var err error
|
|
user := new(User)
|
|
if tx != nil {
|
|
err = tx.GetContext(ctx, user, "SELECT * FROM users WHERE username = ?", name)
|
|
} else {
|
|
err = amdb.GetContext(ctx, user, "SELECT * FROM users WHERE username = ?", name)
|
|
}
|
|
switch err {
|
|
case nil:
|
|
getUserMutex.Lock()
|
|
defer getUserMutex.Unlock()
|
|
if rc, ok := userCache.Get(user.Uid); ok {
|
|
return rc.(*User), nil
|
|
} else {
|
|
userCache.Add(user.Uid, user)
|
|
}
|
|
return user, nil
|
|
case sql.ErrNoRows:
|
|
return nil, ErrNoUser
|
|
}
|
|
return nil, err
|
|
}
|
|
|
|
// getAnonUserID retrieves the UID of the "anonymous" user from the database.
|
|
func getAnonUserID(ctx context.Context) (int32, error) {
|
|
if anonUid < 0 {
|
|
if err := amdb.GetContext(ctx, &anonUid, "SELECT uid FROM users WHERE is_anon = 1"); err != nil {
|
|
return -1, err
|
|
}
|
|
}
|
|
return anonUid, nil
|
|
}
|
|
|
|
/* AmIsUserAnon returns true if the specified user ID is the anonymous one.
|
|
* Parameters:
|
|
* ctx = Standard Go context value.
|
|
* uid = The user ID to test.
|
|
* Returns:
|
|
* true if the user is anonymous, false if not
|
|
* Standard Go error status
|
|
*/
|
|
func AmIsUserAnon(ctx context.Context, uid int32) (bool, error) {
|
|
auid, err := getAnonUserID(ctx)
|
|
return (uid == auid), err
|
|
}
|
|
|
|
/* AmGetAnonUser returns a reference to the anonymous user.
|
|
* Parameters:
|
|
* ctx = Standard Go context value.
|
|
* Returns:
|
|
* Pointer to User containing anonymous user data, or nil
|
|
* Standard Go error status
|
|
*/
|
|
func AmGetAnonUser(ctx context.Context) (*User, error) {
|
|
var rc *User = nil
|
|
auid, err := getAnonUserID(ctx)
|
|
if err == nil {
|
|
rc, err = AmGetUser(ctx, auid)
|
|
}
|
|
return rc, err
|
|
}
|
|
|
|
// hashPassword hashes the password value.
|
|
func hashPassword(password string) string {
|
|
if len(password) == 0 {
|
|
return ""
|
|
}
|
|
hasher := sha1.New()
|
|
hasher.Write([]byte(password))
|
|
hashBytes := hasher.Sum(nil)
|
|
return hex.EncodeToString(hashBytes)
|
|
}
|
|
|
|
// touchUser updates the last access time for the user.
|
|
func touchUser(ctx context.Context, tx *sqlx.Tx, user *User) {
|
|
user.Mutex.Lock()
|
|
defer user.Mutex.Unlock()
|
|
moment := time.Now().UTC()
|
|
tx.ExecContext(ctx, "UPDATE user SET lastaccess = ? WHERE uid = ?", moment, user.Uid)
|
|
user.LastAccess = &moment
|
|
}
|
|
|
|
/* AmAuthenticateUser authenticates a user by name and password.
|
|
* Parameters:
|
|
* ctx - Standard Go context parameter.
|
|
* name - The user name to try.
|
|
* password - The password to try.
|
|
* remote_ip - The remote IP address, for audit records.
|
|
* Returns:
|
|
* The User pointer if authenticated, or nil if not.
|
|
* Standard Go error status.
|
|
*/
|
|
func AmAuthenticateUser(ctx context.Context, name string, password string, remoteIP string) (*User, error) {
|
|
log.Debugf("AmAuthenticateUser() authenticating user %s...", name)
|
|
tx, commit, rollback := transaction(ctx)
|
|
defer rollback()
|
|
|
|
user, err := AmGetUserByName(ctx, name, tx)
|
|
if err != nil {
|
|
log.Error("...user not found")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, 0, remoteIP, fmt.Sprintf("Bad username: %s", name)))
|
|
return nil, errors.New("the user account you have specified does not exist; please try again")
|
|
}
|
|
if user.IsAnon {
|
|
log.Error("...user is the Anonymous Honyak, can't explicitly log in")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Anonymous user"))
|
|
return nil, errors.New("this account cannot be explicitly logged into; please try again")
|
|
}
|
|
if user.Lockout {
|
|
log.Error("...user is locked out by the admin")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Account locked out"))
|
|
return nil, errors.New("this account has been administratively locked; please contact the system administrator for assistance")
|
|
}
|
|
passok := false
|
|
if user.Passhash == "" {
|
|
passok = (password == "")
|
|
} else {
|
|
h := hashPassword(password)
|
|
passok = strings.EqualFold(h, user.Passhash)
|
|
}
|
|
if !passok {
|
|
log.Warn("...invalid password")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Bad password"))
|
|
return nil, errors.New("the password you have specified is incorrect; please try again")
|
|
}
|
|
log.Debug("...authenticated")
|
|
touchUser(ctx, tx, user)
|
|
if err = commit(); err != nil {
|
|
return nil, err
|
|
}
|
|
AmStoreAudit(AmNewAudit(AuditLoginOK, user.Uid, remoteIP))
|
|
return user, nil
|
|
}
|
|
|
|
// crackAuthString validates an auth string and returns its UID and auth token.
|
|
func crackAuthString(authString string) (int32, string, error) {
|
|
log.Debug("Decoding authString " + authString)
|
|
if !strings.HasPrefix(authString, "AQAT:") {
|
|
return 0, "", errors.New("prefix not valid")
|
|
}
|
|
parms := strings.Split(authString[5:], "|")
|
|
n1, err := strconv.ParseInt(parms[0], 10, 32)
|
|
if err != nil {
|
|
return 0, "", fmt.Errorf("invalid UID field: %v", err)
|
|
}
|
|
uid := int32(n1)
|
|
n2, err2 := strconv.ParseUint(parms[2], 10, 32)
|
|
if err2 != nil {
|
|
return 0, "", fmt.Errorf("invalid checkvalue field: %v", err2)
|
|
}
|
|
cv1 := uint32(n2)
|
|
cv2 := uint32(uid) ^ crc32.ChecksumIEEE([]byte(parms[1]))
|
|
if cv1 != cv2 {
|
|
return 0, "", errors.New("checkvalues do not match")
|
|
}
|
|
return uid, parms[1], nil
|
|
}
|
|
|
|
/* AmAuthenticateUserByToken authenticates a user via the stored cookie authentication string.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* authString - The stored cookie authentication string.
|
|
* remoteIP - The remote IP address where the user is logging in from.
|
|
* Returns:
|
|
* Pointer to the authenticated User, or nil.
|
|
* Standard Go error status.
|
|
*/
|
|
func AmAuthenticateUserByToken(ctx context.Context, authString string, remoteIP string) (*User, error) {
|
|
tx, commit, rollback := transaction(ctx)
|
|
defer rollback()
|
|
|
|
uid, token, err := crackAuthString(authString)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("authString not valid, ignored: %v", err)
|
|
}
|
|
var user *User
|
|
user, err = AmGetUserTx(ctx, tx, uid)
|
|
if err != nil {
|
|
log.Error("...user not found")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, 0, remoteIP, fmt.Sprintf("Bad uid: %d", uid)))
|
|
return nil, fmt.Errorf("uid %d not found, ignore: %v", uid, err)
|
|
}
|
|
log.Debugf("AmAuthenicateUserByToken() authenticating user %d...", uid)
|
|
if user.IsAnon {
|
|
log.Error("...user is the Anonymous Honyak, can't explicitly log in")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Anonymous user"))
|
|
return nil, errors.New("this account cannot be explicitly logged into; please try again")
|
|
}
|
|
if user.Lockout {
|
|
log.Error("...user is locked out by the admin")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Account locked out"))
|
|
return nil, errors.New("this account has been administratively locked; please contact the system administrator for assistance")
|
|
}
|
|
if user.Tokenauth == nil || *(user.Tokenauth) != token {
|
|
log.Error("...token mismatch")
|
|
AmStoreAudit(AmNewAudit(AuditLoginFail, user.Uid, remoteIP, "Token mismatch"))
|
|
return nil, errors.New("token mismatch")
|
|
}
|
|
log.Debug("...authenticated")
|
|
touchUser(ctx, tx, user)
|
|
if err = commit(); err != nil {
|
|
return nil, err
|
|
}
|
|
AmStoreAudit(AmNewAudit(AuditLoginOK, user.Uid, remoteIP))
|
|
return user, nil
|
|
}
|
|
|
|
/* AmCreateNewUser creates a new user record in the database.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* username - New user name.
|
|
* password - New password.
|
|
* reminder - Password reminder string.
|
|
* dob - User date of birth.
|
|
* remoteIP - Remote IP address for audit record.
|
|
* Returns:
|
|
* Pointer to new user record.
|
|
* Standard Go error status.
|
|
*/
|
|
func AmCreateNewUser(ctx context.Context, username string, password string, reminder string, dob *time.Time, remoteIP string) (*User, error) {
|
|
anon, _ := AmGetAnonUser(ctx)
|
|
tx, commit, rollback := transaction(ctx)
|
|
defer rollback()
|
|
|
|
// Test if the user name is already taken.
|
|
var tmpuid int32
|
|
err := tx.GetContext(ctx, &tmpuid, "SELECT uid FROM users WHERE username = ?", username)
|
|
if err == nil {
|
|
log.Warnf("username \"%s\" already exists", username)
|
|
return nil, ErrUserExists
|
|
} else if err != sql.ErrNoRows {
|
|
return nil, err
|
|
}
|
|
|
|
// Insert the user record.
|
|
ecn := util.GenerateRandomConfirmationNumber()
|
|
log.Debugf("generated E-mail confirmation number %d", ecn)
|
|
_, err = tx.ExecContext(ctx, `INSERT INTO users (username, passhash, verify_email, lockout, email_confnum,
|
|
base_lvl, created, lastaccess, passreminder, description, dob) VALUES (?, ?, 0, 0, ?, ?, NOW(), NOW(), ?, '', ?)`,
|
|
username, hashPassword(password), ecn, AmDefaultRole("Global.NewUser").Level(),
|
|
reminder, dob)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Read back the user, which also puts it in the cache.
|
|
user, err := AmGetUserByName(ctx, username, tx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
log.Debugf("...created new user \"%s\" with UID %d", username, user.Uid)
|
|
|
|
// add user preferences
|
|
if _, err = tx.ExecContext(ctx, "INSERT INTO userprefs (uid) VALUES (?)", user.Uid); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// add user properties
|
|
props := make([]UserProperties, 0)
|
|
if err = tx.SelectContext(ctx, &props, "SELECT * FROM propuser WHERE uid = ?", anon.Uid); err != nil {
|
|
return nil, err
|
|
}
|
|
for _, p := range props {
|
|
if _, err = tx.ExecContext(ctx, "INSERT INTO propuser (uid, ndx, data) VALUES (?, ?, ?)", user.Uid, p.Index, p.Data); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
// add user sideboxes
|
|
if err = copySideboxes(ctx, tx, user.Uid, anon.Uid); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err = commit(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// auto-join communities
|
|
if err = AmAutoJoinCommunities(ctx, user); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// copy conference hotlists
|
|
if err = AmCopyConferenceHotlist(ctx, anon, user); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// operation was a success - add an audit record
|
|
AmStoreAudit(AmNewAudit(AuditAccountCreated, user.Uid, remoteIP))
|
|
return user, nil
|
|
}
|
|
|
|
// internalGetProp is a helper used by the property functions.
|
|
func internalGetProp(ctx context.Context, uid int32, ndx int32) (*UserProperties, error) {
|
|
key := fmt.Sprintf("%d:%d", uid, ndx)
|
|
getUserPropMutex.Lock()
|
|
defer getUserPropMutex.Unlock()
|
|
if rc, ok := userPropCache.Get(key); ok {
|
|
return rc.(*UserProperties), nil
|
|
}
|
|
prop := new(UserProperties)
|
|
if err := amdb.GetContext(ctx, prop, "SELECT * from propuser WHERE uid = ? AND ndx = ?", uid, ndx); err != nil {
|
|
return nil, err
|
|
}
|
|
userPropCache.Add(key, prop)
|
|
return prop, nil
|
|
}
|
|
|
|
/* AmGetUserProperty retrieves the value of a user property.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* uid - The UID of the user to get the property for.
|
|
* ndx - The index of the property to retrieve.
|
|
* Returns:
|
|
* Value of the property string.
|
|
* Standard Go error status.
|
|
*/
|
|
func AmGetUserProperty(ctx context.Context, uid int32, ndx int32) (*string, error) {
|
|
p, err := internalGetProp(ctx, uid, ndx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return p.Data, nil
|
|
}
|
|
|
|
/* AmSetUserProperty sets the value of a user property.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* uid - The UID of the user to set the property for.
|
|
* ndx - The index of the property to set.
|
|
* val - The new value of the property.
|
|
* Returns:
|
|
* Standard Go error status.
|
|
*/
|
|
func AmSetUserProperty(ctx context.Context, uid int32, ndx int32, val *string) error {
|
|
p, err := internalGetProp(ctx, uid, ndx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
getUserPropMutex.Lock()
|
|
defer getUserPropMutex.Unlock()
|
|
if p != nil {
|
|
_, err = amdb.ExecContext(ctx, "UPDATE propuser SET data = ? WHERE uid = ? AND ndx = ?", val, uid, ndx)
|
|
if err == nil {
|
|
p.Data = val
|
|
}
|
|
} else {
|
|
prop := UserProperties{Uid: uid, Index: ndx, Data: val}
|
|
_, err := amdb.NamedExecContext(ctx, "INSERT INTO propuser (uid, ndx, data) VALUES(:uid, :ndx, :data)", prop)
|
|
if err == nil {
|
|
userPropCache.Add(fmt.Sprintf("%d:%d", uid, ndx), prop)
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
/* AmSearchUsers searches for users matching certain criteria.
|
|
* Parameters:
|
|
* ctx - Standard Go context value.
|
|
* field - A value indicating which field to search:
|
|
* SearchUserFieldName - The user name.
|
|
* SearchUserFieldDescription - The user description.
|
|
* SearchUserFieldFirstName - The user's first name.
|
|
* SearchUserFieldLastName - The user's last name.
|
|
* oper - The operation to perform on the search field:
|
|
* SearchUserOperPrefix - The specified field has the string "term" as a prefix.
|
|
* SearchUserOperSubstring - The specified field contains the string "term".
|
|
* SearchUserOperRegex - The specified field matches the regular expression in "term".
|
|
* term - The search term, as specified above.
|
|
* offset - Number of users to skip at beginning of list.
|
|
* maxCount - Maximum number of users to return.
|
|
* Returns:
|
|
* Array of User pointers representing the return elements.
|
|
* The total number of users matching this query (could be greater than max)
|
|
* Standard Go error status.
|
|
*/
|
|
func AmSearchUsers(ctx context.Context, field, oper int, term string, offset, maxCount int) ([]*User, int, error) {
|
|
var queryPortion strings.Builder
|
|
switch field {
|
|
case SearchUserFieldName:
|
|
queryPortion.WriteString("u.username ")
|
|
case SearchUserFieldDescription:
|
|
queryPortion.WriteString("u.description ")
|
|
case SearchUserFieldFirstName:
|
|
queryPortion.WriteString("c.given_name ")
|
|
case SearchUserFieldLastName:
|
|
queryPortion.WriteString("c.family_name ")
|
|
default:
|
|
return nil, -1, errors.New("invalid field selector")
|
|
}
|
|
switch oper {
|
|
case SearchUserOperPrefix:
|
|
queryPortion.WriteString("LIKE '")
|
|
queryPortion.WriteString(util.SqlEscape(term, true))
|
|
queryPortion.WriteString("%'")
|
|
case SearchUserOperSubstring:
|
|
queryPortion.WriteString("LIKE '%")
|
|
queryPortion.WriteString(util.SqlEscape(term, true))
|
|
queryPortion.WriteString("%'")
|
|
case SearchUserOperRegex:
|
|
queryPortion.WriteString("REGEXP '")
|
|
queryPortion.WriteString(util.SqlEscape(term, false))
|
|
queryPortion.WriteString("'")
|
|
default:
|
|
return nil, -1, errors.New("invalid operator selector")
|
|
}
|
|
q := queryPortion.String()
|
|
var total int
|
|
err := amdb.GetContext(ctx, &total, "SELECT COUNT(*) FROM users u, contacts c WHERE u.contactid = c.contactid AND u.is_anon = 0 AND "+q)
|
|
if err != nil {
|
|
return nil, -1, err
|
|
}
|
|
if total == 0 {
|
|
return make([]*User, 0), 0, nil
|
|
}
|
|
var rs *sql.Rows
|
|
if offset > 0 {
|
|
rs, err = amdb.QueryContext(ctx, "SELECT u.uid FROM users u, contacts c WHERE u.contactid = c.contactid AND u.is_anon = 0 AND "+q+
|
|
" ORDER BY u.username LIMIT ? OFFSET ?", maxCount, offset)
|
|
} else {
|
|
rs, err = amdb.QueryContext(ctx, "SELECT u.uid FROM users u, contacts c WHERE u.contactid = c.contactid AND u.is_anon = 0 AND "+q+
|
|
" ORDER BY u.username LIMIT ?", maxCount)
|
|
}
|
|
if err != nil {
|
|
return nil, total, err
|
|
}
|
|
rc := make([]*User, 0, min(maxCount, 10000))
|
|
for rs.Next() {
|
|
var uid int32
|
|
if err = rs.Scan(&uid); err == nil {
|
|
var u *User
|
|
u, err = AmGetUser(ctx, uid)
|
|
if err == nil {
|
|
rc = append(rc, u)
|
|
}
|
|
}
|
|
if err != nil {
|
|
log.Errorf("AmSearchUsers scan error: %v", err)
|
|
}
|
|
}
|
|
return rc, total, nil
|
|
}
|