2020-10-09 18:35:44 +02:00
|
|
|
// Copyright (c) 2020, Andreas Schneider
|
|
|
|
|
// All rights reserved.
|
|
|
|
|
//
|
|
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
|
// modification, are permitted provided that the following conditions are met:
|
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
|
// * Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
// notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
// documentation and/or other materials provided with the distribution.
|
|
|
|
|
// * Neither the name of the <organization> nor the
|
|
|
|
|
// names of its contributors may be used to endorse or promote products
|
|
|
|
|
// derived from this software without specific prior written permission.
|
|
|
|
|
//
|
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
|
|
|
|
// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
|
|
|
// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
|
// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
|
|
|
|
|
// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
|
// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
|
// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
|
|
// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
|
// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2020-10-09 18:35:44 +02:00
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
uuid "github.com/satori/go.uuid"
|
2019-08-04 20:25:58 +02:00
|
|
|
"github.com/tidwall/buntdb"
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UserStore interface {
|
2020-10-09 18:35:44 +02:00
|
|
|
AddUser(user User) (err error)
|
2019-08-04 20:25:58 +02:00
|
|
|
GetUser(username string) (user User, err error)
|
2020-10-09 18:35:44 +02:00
|
|
|
GetUsers() ([]User, error)
|
|
|
|
|
Update(user User) error
|
2019-08-04 20:25:58 +02:00
|
|
|
RemoveUser(username string) (err error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type ShareStore interface {
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
var _ UserStore = &DBStore{}
|
|
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
type GlobalRole string
|
2020-10-09 18:35:44 +02:00
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
const (
|
2020-10-09 18:35:44 +02:00
|
|
|
GlobalRoleUser GlobalRole = "user"
|
2019-08-04 20:25:58 +02:00
|
|
|
GlobalRoleAdmin GlobalRole = "admin"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type ShareRole string
|
2020-10-09 18:35:44 +02:00
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
const (
|
|
|
|
|
ShareRoleReader ShareRole = "reader"
|
|
|
|
|
ShareRoleWriter ShareRole = "writer"
|
2020-10-09 18:35:44 +02:00
|
|
|
ShareRoleAdmin ShareRole = "admin"
|
2019-08-04 20:25:58 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type User struct {
|
|
|
|
|
Username string
|
2020-10-09 18:35:44 +02:00
|
|
|
Password string
|
|
|
|
|
Role GlobalRole
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Share struct {
|
2020-10-09 18:35:44 +02:00
|
|
|
UUID uuid.UUID
|
2019-08-04 20:25:58 +02:00
|
|
|
Directory string
|
2020-10-09 18:35:44 +02:00
|
|
|
Users []ShareUser
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type ShareUser struct {
|
|
|
|
|
Username string
|
2020-10-09 18:35:44 +02:00
|
|
|
Role ShareRole
|
|
|
|
|
Logins []Login
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Login struct {
|
|
|
|
|
Loginname string
|
|
|
|
|
Password string
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
const usersPrefix = "users:"
|
|
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
type DBStore struct {
|
|
|
|
|
db *buntdb.DB
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
func (u User) key() string {
|
|
|
|
|
return usersPrefix + u.Username
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u User) prefix() string {
|
|
|
|
|
return fmt.Sprintf("user:%s", u.Username)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u User) roleKey() string {
|
|
|
|
|
return u.prefix() + ":role"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u User) passwordKey() string {
|
|
|
|
|
return u.prefix() + ":password"
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-04 20:25:58 +02:00
|
|
|
func NewDBStore(filename string) (*DBStore, error) {
|
|
|
|
|
db, err := buntdb.Open(filename)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &DBStore{db}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
func (store *DBStore) Close() error {
|
2020-10-10 16:29:26 +02:00
|
|
|
if err := store.db.Shrink(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2020-10-09 18:35:44 +02:00
|
|
|
return store.db.Close()
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-10 16:30:35 +02:00
|
|
|
var ErrUserExists = errors.New("user already exists")
|
2019-08-04 20:25:58 +02:00
|
|
|
var ErrUserNotFound = errors.New("user not found")
|
|
|
|
|
var ErrInvalidUsername = errors.New("invalid username")
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
func (store *DBStore) setUserValues(tx *buntdb.Tx, user User) (exists bool, err error) {
|
|
|
|
|
pwString, err := buildPassword(user.Username, user.Password)
|
2019-08-04 20:25:58 +02:00
|
|
|
if err != nil {
|
2020-10-09 18:35:44 +02:00
|
|
|
return false, fmt.Errorf("cannot hash password: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, replaced, err := tx.Set(user.roleKey(), string(user.Role), nil); err != nil {
|
|
|
|
|
return false, err
|
|
|
|
|
} else if replaced {
|
|
|
|
|
exists = true
|
|
|
|
|
}
|
|
|
|
|
if _, replaced, err := tx.Set(user.passwordKey(), pwString, nil); err != nil {
|
|
|
|
|
return false, err
|
|
|
|
|
} else if replaced {
|
|
|
|
|
exists = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return exists, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (store *DBStore) AddUser(user User) (err error) {
|
|
|
|
|
if strings.Contains(user.Username, ":") {
|
|
|
|
|
return ErrInvalidUsername
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
if err = store.db.Update(func(tx *buntdb.Tx) error {
|
2020-10-09 18:35:44 +02:00
|
|
|
if _, exists, err := tx.Set(user.key(), "", nil); err != nil {
|
2019-08-04 20:25:58 +02:00
|
|
|
return err
|
2020-10-09 18:35:44 +02:00
|
|
|
} else if exists {
|
2020-10-10 16:30:35 +02:00
|
|
|
return ErrUserExists
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
2020-10-09 18:35:44 +02:00
|
|
|
|
|
|
|
|
if exists, err := store.setUserValues(tx, user); err != nil {
|
2019-08-04 20:25:58 +02:00
|
|
|
return err
|
2020-10-09 18:35:44 +02:00
|
|
|
} else if exists {
|
2020-10-10 16:30:35 +02:00
|
|
|
return ErrUserExists
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (store *DBStore) GetUser(username string) (user User, err error) {
|
|
|
|
|
if strings.Contains(username, ":") {
|
|
|
|
|
return user, ErrInvalidUsername
|
|
|
|
|
}
|
|
|
|
|
user.Username = username
|
|
|
|
|
if err := store.db.View(func(tx *buntdb.Tx) error {
|
2020-10-09 18:35:44 +02:00
|
|
|
if val, err := tx.Get(user.roleKey()); err != nil && err != buntdb.ErrNotFound {
|
2019-08-04 20:25:58 +02:00
|
|
|
return err
|
2020-10-09 18:35:44 +02:00
|
|
|
} else if err == buntdb.ErrNotFound {
|
|
|
|
|
return ErrUserNotFound
|
2019-08-04 20:25:58 +02:00
|
|
|
} else {
|
|
|
|
|
user.Role = GlobalRole(val)
|
|
|
|
|
}
|
2020-10-09 18:35:44 +02:00
|
|
|
if val, err := tx.Get(user.passwordKey()); err != nil && err != buntdb.ErrNotFound {
|
2019-08-04 20:25:58 +02:00
|
|
|
return err
|
2020-10-09 18:35:44 +02:00
|
|
|
} else if err == buntdb.ErrNotFound {
|
|
|
|
|
return ErrUserNotFound
|
|
|
|
|
} else {
|
|
|
|
|
user.Password = val
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}); err != nil {
|
|
|
|
|
return user, err
|
|
|
|
|
}
|
|
|
|
|
return user, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
func (store *DBStore) GetUsers() (users []User, err error) {
|
|
|
|
|
err = store.db.View(func(tx *buntdb.Tx) error {
|
|
|
|
|
if err := tx.AscendKeys(usersPrefix+"*", func(key, value string) bool {
|
|
|
|
|
var user User
|
|
|
|
|
user.Username = strings.TrimPrefix(key, usersPrefix)
|
|
|
|
|
users = append(users, user)
|
|
|
|
|
return true
|
|
|
|
|
}); err != nil {
|
|
|
|
|
return err
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
for i := range users {
|
|
|
|
|
if roleString, err := tx.Get(users[i].roleKey()); err != nil {
|
2019-08-04 20:25:58 +02:00
|
|
|
return err
|
2020-10-09 18:35:44 +02:00
|
|
|
} else {
|
|
|
|
|
users[i].Role = GlobalRole(roleString)
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
})
|
2020-10-09 18:35:44 +02:00
|
|
|
|
|
|
|
|
return users, err
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-09 18:35:44 +02:00
|
|
|
func (store *DBStore) Update(user User) error {
|
|
|
|
|
if strings.Contains(user.Username, ":") {
|
|
|
|
|
return ErrInvalidUsername
|
|
|
|
|
}
|
|
|
|
|
return store.db.Update(func(tx *buntdb.Tx) error {
|
|
|
|
|
_, err := store.setUserValues(tx, user)
|
|
|
|
|
return err
|
|
|
|
|
})
|
2019-08-04 20:25:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (store *DBStore) RemoveUser(username string) (err error) {
|
|
|
|
|
if strings.Contains(username, ":") {
|
|
|
|
|
return ErrInvalidUsername
|
|
|
|
|
}
|
|
|
|
|
return store.db.Update(func(tx *buntdb.Tx) error {
|
2020-10-09 18:35:44 +02:00
|
|
|
user := User{Username: username}
|
|
|
|
|
|
|
|
|
|
// Delete the main key first. This is a good indicator if the user generally exists.
|
|
|
|
|
if _, err := tx.Delete(user.key()); err == buntdb.ErrNotFound {
|
|
|
|
|
return ErrUserNotFound
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Now get all attributes and delete them as well. One by one.
|
|
|
|
|
var keys []string
|
|
|
|
|
if err := tx.AscendKeys(user.prefix()+":*", func(key, value string) bool {
|
|
|
|
|
keys = append(keys, key)
|
|
|
|
|
return true
|
|
|
|
|
}); err != nil {
|
|
|
|
|
return fmt.Errorf("cannot iterate keys: %w", err)
|
|
|
|
|
}
|
|
|
|
|
for _, key := range keys {
|
|
|
|
|
if _, err := tx.Delete(key); err != nil {
|
|
|
|
|
return fmt.Errorf("cannot remove key: %w", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
2019-08-04 20:25:58 +02:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func buildPassword(username string, password string) (string, error) {
|
|
|
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(password), 0)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
return fmt.Sprintf("%s:%s", username, hash), nil
|
2020-10-09 18:35:44 +02:00
|
|
|
}
|
