// Copyright (C) 2019-2022 Nicola Murino // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published // by the Free Software Foundation, version 3. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package dataprovider import ( "context" "crypto/x509" "database/sql" "encoding/json" "errors" "fmt" "runtime/debug" "strings" "time" "github.com/cockroachdb/cockroach-go/v2/crdb" "github.com/sftpgo/sdk" "github.com/drakkan/sftpgo/v2/internal/logger" "github.com/drakkan/sftpgo/v2/internal/util" "github.com/drakkan/sftpgo/v2/internal/vfs" ) const ( sqlDatabaseVersion = 20 defaultSQLQueryTimeout = 10 * time.Second longSQLQueryTimeout = 60 * time.Second ) var ( errSQLFoldersAssociation = errors.New("unable to associate virtual folders to user") errSQLGroupsAssociation = errors.New("unable to associate groups to user") errSQLUsersAssociation = errors.New("unable to associate users to group") errSchemaVersionEmpty = errors.New("we can't determine schema version because the schema_migration table is empty. The SFTPGo database might be corrupted. Consider using the \"resetprovider\" sub-command") ) type sqlQuerier interface { QueryRowContext(ctx context.Context, query string, args ...any) *sql.Row QueryContext(ctx context.Context, query string, args ...any) (*sql.Rows, error) ExecContext(ctx context.Context, query string, args ...any) (sql.Result, error) PrepareContext(ctx context.Context, query string) (*sql.Stmt, error) } type sqlScanner interface { Scan(dest ...any) error } func sqlReplaceAll(sql string) string { sql = strings.ReplaceAll(sql, "{{schema_version}}", sqlTableSchemaVersion) sql = strings.ReplaceAll(sql, "{{admins}}", sqlTableAdmins) sql = strings.ReplaceAll(sql, "{{folders}}", sqlTableFolders) sql = strings.ReplaceAll(sql, "{{users}}", sqlTableUsers) sql = strings.ReplaceAll(sql, "{{groups}}", sqlTableGroups) sql = strings.ReplaceAll(sql, "{{users_folders_mapping}}", sqlTableUsersFoldersMapping) sql = strings.ReplaceAll(sql, "{{users_groups_mapping}}", sqlTableUsersGroupsMapping) sql = strings.ReplaceAll(sql, "{{groups_folders_mapping}}", sqlTableGroupsFoldersMapping) sql = strings.ReplaceAll(sql, "{{api_keys}}", sqlTableAPIKeys) sql = strings.ReplaceAll(sql, "{{shares}}", sqlTableShares) sql = strings.ReplaceAll(sql, "{{defender_events}}", sqlTableDefenderEvents) sql = strings.ReplaceAll(sql, "{{defender_hosts}}", sqlTableDefenderHosts) sql = strings.ReplaceAll(sql, "{{active_transfers}}", sqlTableActiveTransfers) sql = strings.ReplaceAll(sql, "{{shared_sessions}}", sqlTableSharedSessions) sql = strings.ReplaceAll(sql, "{{events_actions}}", sqlTableEventsActions) sql = strings.ReplaceAll(sql, "{{events_rules}}", sqlTableEventsRules) sql = strings.ReplaceAll(sql, "{{rules_actions_mapping}}", sqlTableRulesActionsMapping) sql = strings.ReplaceAll(sql, "{{tasks}}", sqlTableTasks) sql = strings.ReplaceAll(sql, "{{prefix}}", config.SQLTablesPrefix) return sql } func sqlCommonGetShareByID(shareID, username string, dbHandle sqlQuerier) (Share, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() filterUser := username != "" q := getShareByIDQuery(filterUser) var row *sql.Row if filterUser { row = dbHandle.QueryRowContext(ctx, q, shareID, username) } else { row = dbHandle.QueryRowContext(ctx, q, shareID) } return getShareFromDbRow(row) } func sqlCommonAddShare(share *Share, dbHandle *sql.DB) error { err := share.validate() if err != nil { return err } user, err := provider.userExists(share.Username) if err != nil { return util.NewValidationError(fmt.Sprintf("unable to validate user %#v", share.Username)) } paths, err := json.Marshal(share.Paths) if err != nil { return err } allowFrom := "" if len(share.AllowFrom) > 0 { res, err := json.Marshal(share.AllowFrom) if err == nil { allowFrom = string(res) } } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddShareQuery() usedTokens := 0 createdAt := util.GetTimeAsMsSinceEpoch(time.Now()) updatedAt := createdAt lastUseAt := int64(0) if share.IsRestore { usedTokens = share.UsedTokens if share.CreatedAt > 0 { createdAt = share.CreatedAt } if share.UpdatedAt > 0 { updatedAt = share.UpdatedAt } lastUseAt = share.LastUseAt } _, err = dbHandle.ExecContext(ctx, q, share.ShareID, share.Name, share.Description, share.Scope, string(paths), createdAt, updatedAt, lastUseAt, share.ExpiresAt, share.Password, share.MaxTokens, usedTokens, allowFrom, user.ID) return err } func sqlCommonUpdateShare(share *Share, dbHandle *sql.DB) error { err := share.validate() if err != nil { return err } paths, err := json.Marshal(share.Paths) if err != nil { return err } allowFrom := "" if len(share.AllowFrom) > 0 { res, err := json.Marshal(share.AllowFrom) if err == nil { allowFrom = string(res) } } user, err := provider.userExists(share.Username) if err != nil { return util.NewValidationError(fmt.Sprintf("unable to validate user %#v", share.Username)) } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() var q string if share.IsRestore { q = getUpdateShareRestoreQuery() } else { q = getUpdateShareQuery() } if share.IsRestore { if share.CreatedAt == 0 { share.CreatedAt = util.GetTimeAsMsSinceEpoch(time.Now()) } if share.UpdatedAt == 0 { share.UpdatedAt = share.CreatedAt } _, err = dbHandle.ExecContext(ctx, q, share.Name, share.Description, share.Scope, string(paths), share.CreatedAt, share.UpdatedAt, share.LastUseAt, share.ExpiresAt, share.Password, share.MaxTokens, share.UsedTokens, allowFrom, user.ID, share.ShareID) } else { _, err = dbHandle.ExecContext(ctx, q, share.Name, share.Description, share.Scope, string(paths), util.GetTimeAsMsSinceEpoch(time.Now()), share.ExpiresAt, share.Password, share.MaxTokens, allowFrom, user.ID, share.ShareID) } return err } func sqlCommonDeleteShare(share Share, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteShareQuery() res, err := dbHandle.ExecContext(ctx, q, share.ShareID) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonGetShares(limit, offset int, order, username string, dbHandle sqlQuerier) ([]Share, error) { shares := make([]Share, 0, limit) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getSharesQuery(order) rows, err := dbHandle.QueryContext(ctx, q, username, limit, offset) if err != nil { return shares, err } defer rows.Close() for rows.Next() { s, err := getShareFromDbRow(rows) if err != nil { return shares, err } s.HideConfidentialData() shares = append(shares, s) } return shares, rows.Err() } func sqlCommonDumpShares(dbHandle sqlQuerier) ([]Share, error) { shares := make([]Share, 0, 30) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDumpSharesQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return shares, err } defer rows.Close() for rows.Next() { s, err := getShareFromDbRow(rows) if err != nil { return shares, err } shares = append(shares, s) } return shares, rows.Err() } func sqlCommonGetAPIKeyByID(keyID string, dbHandle sqlQuerier) (APIKey, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAPIKeyByIDQuery() row := dbHandle.QueryRowContext(ctx, q, keyID) apiKey, err := getAPIKeyFromDbRow(row) if err != nil { return apiKey, err } return getAPIKeyWithRelatedFields(ctx, apiKey, dbHandle) } func sqlCommonAddAPIKey(apiKey *APIKey, dbHandle *sql.DB) error { err := apiKey.validate() if err != nil { return err } userID, adminID, err := sqlCommonGetAPIKeyRelatedIDs(apiKey) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddAPIKeyQuery() _, err = dbHandle.ExecContext(ctx, q, apiKey.KeyID, apiKey.Name, apiKey.Key, apiKey.Scope, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now()), apiKey.LastUseAt, apiKey.ExpiresAt, apiKey.Description, userID, adminID) return err } func sqlCommonUpdateAPIKey(apiKey *APIKey, dbHandle *sql.DB) error { err := apiKey.validate() if err != nil { return err } userID, adminID, err := sqlCommonGetAPIKeyRelatedIDs(apiKey) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateAPIKeyQuery() _, err = dbHandle.ExecContext(ctx, q, apiKey.Name, apiKey.Scope, apiKey.ExpiresAt, userID, adminID, apiKey.Description, util.GetTimeAsMsSinceEpoch(time.Now()), apiKey.KeyID) return err } func sqlCommonDeleteAPIKey(apiKey APIKey, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteAPIKeyQuery() res, err := dbHandle.ExecContext(ctx, q, apiKey.KeyID) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonGetAPIKeys(limit, offset int, order string, dbHandle sqlQuerier) ([]APIKey, error) { apiKeys := make([]APIKey, 0, limit) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAPIKeysQuery(order) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return apiKeys, err } defer rows.Close() for rows.Next() { k, err := getAPIKeyFromDbRow(rows) if err != nil { return apiKeys, err } k.HideConfidentialData() apiKeys = append(apiKeys, k) } err = rows.Err() if err != nil { return apiKeys, err } apiKeys, err = getRelatedValuesForAPIKeys(ctx, apiKeys, dbHandle, APIKeyScopeAdmin) if err != nil { return apiKeys, err } return getRelatedValuesForAPIKeys(ctx, apiKeys, dbHandle, APIKeyScopeUser) } func sqlCommonDumpAPIKeys(dbHandle sqlQuerier) ([]APIKey, error) { apiKeys := make([]APIKey, 0, 30) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDumpAPIKeysQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return apiKeys, err } defer rows.Close() for rows.Next() { k, err := getAPIKeyFromDbRow(rows) if err != nil { return apiKeys, err } apiKeys = append(apiKeys, k) } err = rows.Err() if err != nil { return apiKeys, err } apiKeys, err = getRelatedValuesForAPIKeys(ctx, apiKeys, dbHandle, APIKeyScopeAdmin) if err != nil { return apiKeys, err } return getRelatedValuesForAPIKeys(ctx, apiKeys, dbHandle, APIKeyScopeUser) } func sqlCommonGetAdminByUsername(username string, dbHandle sqlQuerier) (Admin, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAdminByUsernameQuery() row := dbHandle.QueryRowContext(ctx, q, username) return getAdminFromDbRow(row) } func sqlCommonValidateAdminAndPass(username, password, ip string, dbHandle *sql.DB) (Admin, error) { admin, err := sqlCommonGetAdminByUsername(username, dbHandle) if err != nil { providerLog(logger.LevelWarn, "error authenticating admin %#v: %v", username, err) return admin, ErrInvalidCredentials } err = admin.checkUserAndPass(password, ip) return admin, err } func sqlCommonAddAdmin(admin *Admin, dbHandle *sql.DB) error { err := admin.validate() if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddAdminQuery() perms, err := json.Marshal(admin.Permissions) if err != nil { return err } filters, err := json.Marshal(admin.Filters) if err != nil { return err } _, err = dbHandle.ExecContext(ctx, q, admin.Username, admin.Password, admin.Status, admin.Email, string(perms), string(filters), admin.AdditionalInfo, admin.Description, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now())) return err } func sqlCommonUpdateAdmin(admin *Admin, dbHandle *sql.DB) error { err := admin.validate() if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateAdminQuery() perms, err := json.Marshal(admin.Permissions) if err != nil { return err } filters, err := json.Marshal(admin.Filters) if err != nil { return err } _, err = dbHandle.ExecContext(ctx, q, admin.Password, admin.Status, admin.Email, string(perms), string(filters), admin.AdditionalInfo, admin.Description, util.GetTimeAsMsSinceEpoch(time.Now()), admin.Username) return err } func sqlCommonDeleteAdmin(admin Admin, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteAdminQuery() res, err := dbHandle.ExecContext(ctx, q, admin.Username) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonGetAdmins(limit, offset int, order string, dbHandle sqlQuerier) ([]Admin, error) { admins := make([]Admin, 0, limit) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAdminsQuery(order) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return admins, err } defer rows.Close() for rows.Next() { a, err := getAdminFromDbRow(rows) if err != nil { return admins, err } a.HideConfidentialData() admins = append(admins, a) } return admins, rows.Err() } func sqlCommonDumpAdmins(dbHandle sqlQuerier) ([]Admin, error) { admins := make([]Admin, 0, 30) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDumpAdminsQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return admins, err } defer rows.Close() for rows.Next() { a, err := getAdminFromDbRow(rows) if err != nil { return admins, err } admins = append(admins, a) } return admins, rows.Err() } func sqlCommonGetGroupByName(name string, dbHandle sqlQuerier) (Group, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getGroupByNameQuery() row := dbHandle.QueryRowContext(ctx, q, name) group, err := getGroupFromDbRow(row) if err != nil { return group, err } group, err = getGroupWithVirtualFolders(ctx, group, dbHandle) if err != nil { return group, err } return getGroupWithUsers(ctx, group, dbHandle) } func sqlCommonDumpGroups(dbHandle sqlQuerier) ([]Group, error) { groups := make([]Group, 0, 50) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getDumpGroupsQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return groups, err } defer rows.Close() for rows.Next() { group, err := getGroupFromDbRow(rows) if err != nil { return groups, err } groups = append(groups, group) } err = rows.Err() if err != nil { return groups, err } return getGroupsWithVirtualFolders(ctx, groups, dbHandle) } func sqlCommonGetUsersInGroups(names []string, dbHandle sqlQuerier) ([]string, error) { if len(names) == 0 { return nil, nil } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUsersInGroupsQuery(len(names)) args := make([]any, 0, len(names)) for _, name := range names { args = append(args, name) } usernames := make([]string, 0, len(names)) rows, err := dbHandle.QueryContext(ctx, q, args...) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var username string err = rows.Scan(&username) if err != nil { return usernames, err } usernames = append(usernames, username) } return usernames, rows.Err() } func sqlCommonGetGroupsWithNames(names []string, dbHandle sqlQuerier) ([]Group, error) { if len(names) == 0 { return nil, nil } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getGroupsWithNamesQuery(len(names)) args := make([]any, 0, len(names)) for _, name := range names { args = append(args, name) } groups := make([]Group, 0, len(names)) rows, err := dbHandle.QueryContext(ctx, q, args...) if err != nil { return groups, err } defer rows.Close() for rows.Next() { group, err := getGroupFromDbRow(rows) if err != nil { return groups, err } groups = append(groups, group) } err = rows.Err() if err != nil { return groups, err } return getGroupsWithVirtualFolders(ctx, groups, dbHandle) } func sqlCommonGetGroups(limit int, offset int, order string, minimal bool, dbHandle sqlQuerier) ([]Group, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getGroupsQuery(order, minimal) groups := make([]Group, 0, limit) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return groups, err } defer rows.Close() for rows.Next() { var group Group if minimal { err = rows.Scan(&group.ID, &group.Name) } else { group, err = getGroupFromDbRow(rows) } if err != nil { return groups, err } groups = append(groups, group) } err = rows.Err() if err != nil { return groups, err } if minimal { return groups, nil } groups, err = getGroupsWithVirtualFolders(ctx, groups, dbHandle) if err != nil { return groups, err } groups, err = getGroupsWithUsers(ctx, groups, dbHandle) if err != nil { return groups, err } for idx := range groups { groups[idx].PrepareForRendering() } return groups, nil } func sqlCommonAddGroup(group *Group, dbHandle *sql.DB) error { if err := group.validate(); err != nil { return err } settings, err := json.Marshal(group.UserSettings) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getAddGroupQuery() _, err := tx.ExecContext(ctx, q, group.Name, group.Description, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now()), string(settings)) if err != nil { return err } return generateGroupVirtualFoldersMapping(ctx, group, tx) }) } func sqlCommonUpdateGroup(group *Group, dbHandle *sql.DB) error { if err := group.validate(); err != nil { return err } settings, err := json.Marshal(group.UserSettings) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getUpdateGroupQuery() _, err := tx.ExecContext(ctx, q, group.Description, settings, util.GetTimeAsMsSinceEpoch(time.Now()), group.Name) if err != nil { return err } return generateGroupVirtualFoldersMapping(ctx, group, tx) }) } func sqlCommonDeleteGroup(group Group, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteGroupQuery() res, err := dbHandle.ExecContext(ctx, q, group.Name) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonGetUserByUsername(username string, dbHandle sqlQuerier) (User, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUserByUsernameQuery() row := dbHandle.QueryRowContext(ctx, q, username) user, err := getUserFromDbRow(row) if err != nil { return user, err } user, err = getUserWithVirtualFolders(ctx, user, dbHandle) if err != nil { return user, err } return getUserWithGroups(ctx, user, dbHandle) } func sqlCommonValidateUserAndPass(username, password, ip, protocol string, dbHandle *sql.DB) (User, error) { user, err := sqlCommonGetUserByUsername(username, dbHandle) if err != nil { providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err) return user, err } return checkUserAndPass(&user, password, ip, protocol) } func sqlCommonValidateUserAndTLSCertificate(username, protocol string, tlsCert *x509.Certificate, dbHandle *sql.DB) (User, error) { var user User if tlsCert == nil { return user, errors.New("TLS certificate cannot be null or empty") } user, err := sqlCommonGetUserByUsername(username, dbHandle) if err != nil { providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err) return user, err } return checkUserAndTLSCertificate(&user, protocol, tlsCert) } func sqlCommonValidateUserAndPubKey(username string, pubKey []byte, isSSHCert bool, dbHandle *sql.DB) (User, string, error) { var user User if len(pubKey) == 0 { return user, "", errors.New("credentials cannot be null or empty") } user, err := sqlCommonGetUserByUsername(username, dbHandle) if err != nil { providerLog(logger.LevelWarn, "error authenticating user %#v: %v", username, err) return user, "", err } return checkUserAndPubKey(&user, pubKey, isSSHCert) } func sqlCommonCheckAvailability(dbHandle *sql.DB) (err error) { defer func() { if r := recover(); r != nil { providerLog(logger.LevelError, "panic in check provider availability, stack trace: %v", string(debug.Stack())) err = errors.New("unable to check provider status") } }() ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() err = dbHandle.PingContext(ctx) return } func sqlCommonUpdateTransferQuota(username string, uploadSize, downloadSize int64, reset bool, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateTransferQuotaQuery(reset) _, err := dbHandle.ExecContext(ctx, q, uploadSize, downloadSize, util.GetTimeAsMsSinceEpoch(time.Now()), username) if err == nil { providerLog(logger.LevelDebug, "transfer quota updated for user %#v, ul increment: %v dl increment: %v is reset? %v", username, uploadSize, downloadSize, reset) } else { providerLog(logger.LevelError, "error updating quota for user %#v: %v", username, err) } return err } func sqlCommonUpdateQuota(username string, filesAdd int, sizeAdd int64, reset bool, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateQuotaQuery(reset) _, err := dbHandle.ExecContext(ctx, q, sizeAdd, filesAdd, util.GetTimeAsMsSinceEpoch(time.Now()), username) if err == nil { providerLog(logger.LevelDebug, "quota updated for user %#v, files increment: %v size increment: %v is reset? %v", username, filesAdd, sizeAdd, reset) } else { providerLog(logger.LevelError, "error updating quota for user %#v: %v", username, err) } return err } func sqlCommonGetUsedQuota(username string, dbHandle *sql.DB) (int, int64, int64, int64, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getQuotaQuery() var usedFiles int var usedSize, usedUploadSize, usedDownloadSize int64 err := dbHandle.QueryRowContext(ctx, q, username).Scan(&usedSize, &usedFiles, &usedUploadSize, &usedDownloadSize) if err != nil { providerLog(logger.LevelError, "error getting quota for user: %v, error: %v", username, err) return 0, 0, 0, 0, err } return usedFiles, usedSize, usedUploadSize, usedDownloadSize, err } func sqlCommonUpdateShareLastUse(shareID string, numTokens int, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateShareLastUseQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), numTokens, shareID) if err == nil { providerLog(logger.LevelDebug, "last use updated for shared object %#v", shareID) } else { providerLog(logger.LevelWarn, "error updating last use for shared object %#v: %v", shareID, err) } return err } func sqlCommonUpdateAPIKeyLastUse(keyID string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateAPIKeyLastUseQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), keyID) if err == nil { providerLog(logger.LevelDebug, "last use updated for key %#v", keyID) } else { providerLog(logger.LevelWarn, "error updating last use for key %#v: %v", keyID, err) } return err } func sqlCommonUpdateAdminLastLogin(username string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateAdminLastLoginQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), username) if err == nil { providerLog(logger.LevelDebug, "last login updated for admin %#v", username) } else { providerLog(logger.LevelWarn, "error updating last login for admin %#v: %v", username, err) } return err } func sqlCommonSetUpdatedAt(username string, dbHandle *sql.DB) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getSetUpdateAtQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), username) if err == nil { providerLog(logger.LevelDebug, "updated_at set for user %#v", username) } else { providerLog(logger.LevelWarn, "error setting updated_at for user %#v: %v", username, err) } } func sqlCommonUpdateLastLogin(username string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateLastLoginQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), username) if err == nil { providerLog(logger.LevelDebug, "last login updated for user %#v", username) } else { providerLog(logger.LevelWarn, "error updating last login for user %#v: %v", username, err) } return err } func sqlCommonAddUser(user *User, dbHandle *sql.DB) error { err := ValidateUser(user) if err != nil { return err } permissions, err := user.GetPermissionsAsJSON() if err != nil { return err } publicKeys, err := user.GetPublicKeysAsJSON() if err != nil { return err } filters, err := user.GetFiltersAsJSON() if err != nil { return err } fsConfig, err := user.GetFsConfigAsJSON() if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getAddUserQuery() _, err := tx.ExecContext(ctx, q, user.Username, user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID, user.MaxSessions, user.QuotaSize, user.QuotaFiles, string(permissions), user.UploadBandwidth, user.DownloadBandwidth, user.Status, user.ExpirationDate, string(filters), string(fsConfig), user.AdditionalInfo, user.Description, user.Email, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now()), user.UploadDataTransfer, user.DownloadDataTransfer, user.TotalDataTransfer) if err != nil { return err } if err := generateUserVirtualFoldersMapping(ctx, user, tx); err != nil { return err } return generateUserGroupMapping(ctx, user, tx) }) } func sqlCommonUpdateUserPassword(username, password string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateUserPasswordQuery() _, err := dbHandle.ExecContext(ctx, q, password, username) return err } func sqlCommonUpdateUser(user *User, dbHandle *sql.DB) error { err := ValidateUser(user) if err != nil { return err } permissions, err := user.GetPermissionsAsJSON() if err != nil { return err } publicKeys, err := user.GetPublicKeysAsJSON() if err != nil { return err } filters, err := user.GetFiltersAsJSON() if err != nil { return err } fsConfig, err := user.GetFsConfigAsJSON() if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getUpdateUserQuery() _, err := tx.ExecContext(ctx, q, user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID, user.MaxSessions, user.QuotaSize, user.QuotaFiles, string(permissions), user.UploadBandwidth, user.DownloadBandwidth, user.Status, user.ExpirationDate, string(filters), string(fsConfig), user.AdditionalInfo, user.Description, user.Email, util.GetTimeAsMsSinceEpoch(time.Now()), user.UploadDataTransfer, user.DownloadDataTransfer, user.TotalDataTransfer, user.ID) if err != nil { return err } if err := generateUserVirtualFoldersMapping(ctx, user, tx); err != nil { return err } return generateUserGroupMapping(ctx, user, tx) }) } func sqlCommonDeleteUser(user User, softDelete bool, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteUserQuery(softDelete) if softDelete { return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { if err := sqlCommonClearUserFolderMapping(ctx, &user, tx); err != nil { return err } if err := sqlCommonClearUserGroupMapping(ctx, &user, tx); err != nil { return err } ts := util.GetTimeAsMsSinceEpoch(time.Now()) res, err := tx.ExecContext(ctx, q, ts, ts, user.Username) if err != nil { return err } return sqlCommonRequireRowAffected(res) }) } res, err := dbHandle.ExecContext(ctx, q, user.ID) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonDumpUsers(dbHandle sqlQuerier) ([]User, error) { users := make([]User, 0, 100) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getDumpUsersQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return users, err } defer rows.Close() for rows.Next() { u, err := getUserFromDbRow(rows) if err != nil { return users, err } users = append(users, u) } err = rows.Err() if err != nil { return users, err } users, err = getUsersWithVirtualFolders(ctx, users, dbHandle) if err != nil { return users, err } return getUsersWithGroups(ctx, users, dbHandle) } func sqlCommonGetRecentlyUpdatedUsers(after int64, dbHandle sqlQuerier) ([]User, error) { users := make([]User, 0, 10) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getRecentlyUpdatedUsersQuery() rows, err := dbHandle.QueryContext(ctx, q, after) if err != nil { return users, err } defer rows.Close() for rows.Next() { u, err := getUserFromDbRow(rows) if err != nil { return users, err } users = append(users, u) } err = rows.Err() if err != nil { return users, err } users, err = getUsersWithVirtualFolders(ctx, users, dbHandle) if err != nil { return users, err } users, err = getUsersWithGroups(ctx, users, dbHandle) if err != nil { return users, err } var groupNames []string for _, u := range users { for _, g := range u.Groups { groupNames = append(groupNames, g.Name) } } groupNames = util.RemoveDuplicates(groupNames, false) groups, err := sqlCommonGetGroupsWithNames(groupNames, dbHandle) if err != nil { return users, err } if len(groups) == 0 { return users, nil } groupsMapping := make(map[string]Group) for idx := range groups { groupsMapping[groups[idx].Name] = groups[idx] } for idx := range users { ref := &users[idx] ref.applyGroupSettings(groupsMapping) } return users, nil } func sqlCommonGetUsersForQuotaCheck(toFetch map[string]bool, dbHandle sqlQuerier) ([]User, error) { users := make([]User, 0, 30) usernames := make([]string, 0, len(toFetch)) for k := range toFetch { usernames = append(usernames, k) } maxUsers := 30 for len(usernames) > 0 { if maxUsers > len(usernames) { maxUsers = len(usernames) } usersRange, err := sqlCommonGetUsersRangeForQuotaCheck(usernames[:maxUsers], dbHandle) if err != nil { return users, err } users = append(users, usersRange...) usernames = usernames[maxUsers:] } var usersWithFolders []User validIdx := 0 for _, user := range users { if toFetch[user.Username] { usersWithFolders = append(usersWithFolders, user) } else { users[validIdx] = user validIdx++ } } users = users[:validIdx] ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() usersWithFolders, err := getUsersWithVirtualFolders(ctx, usersWithFolders, dbHandle) if err != nil { return users, err } users = append(users, usersWithFolders...) users, err = getUsersWithGroups(ctx, users, dbHandle) if err != nil { return users, err } var groupNames []string for _, u := range users { for _, g := range u.Groups { groupNames = append(groupNames, g.Name) } } groupNames = util.RemoveDuplicates(groupNames, false) if len(groupNames) == 0 { return users, nil } groups, err := sqlCommonGetGroupsWithNames(groupNames, dbHandle) if err != nil { return users, err } groupsMapping := make(map[string]Group) for idx := range groups { groupsMapping[groups[idx].Name] = groups[idx] } for idx := range users { ref := &users[idx] ref.applyGroupSettings(groupsMapping) } return users, nil } func sqlCommonGetUsersRangeForQuotaCheck(usernames []string, dbHandle sqlQuerier) ([]User, error) { users := make([]User, 0, len(usernames)) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUsersForQuotaCheckQuery(len(usernames)) queryArgs := make([]any, 0, len(usernames)) for idx := range usernames { queryArgs = append(queryArgs, usernames[idx]) } rows, err := dbHandle.QueryContext(ctx, q, queryArgs...) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var user User var filters sql.NullString err = rows.Scan(&user.ID, &user.Username, &user.QuotaSize, &user.UsedQuotaSize, &user.TotalDataTransfer, &user.UploadDataTransfer, &user.DownloadDataTransfer, &user.UsedUploadDataTransfer, &user.UsedDownloadDataTransfer, &filters) if err != nil { return users, err } if filters.Valid { var userFilters UserFilters err = json.Unmarshal([]byte(filters.String), &userFilters) if err == nil { user.Filters = userFilters } } users = append(users, user) } return users, rows.Err() } func sqlCommonAddActiveTransfer(transfer ActiveTransfer, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddActiveTransferQuery() now := util.GetTimeAsMsSinceEpoch(time.Now()) _, err := dbHandle.ExecContext(ctx, q, transfer.ID, transfer.ConnID, transfer.Type, transfer.Username, transfer.FolderName, transfer.IP, transfer.TruncatedSize, transfer.CurrentULSize, transfer.CurrentDLSize, now, now) return err } func sqlCommonUpdateActiveTransferSizes(ulSize, dlSize, transferID int64, connectionID string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateActiveTransferSizesQuery() _, err := dbHandle.ExecContext(ctx, q, ulSize, dlSize, util.GetTimeAsMsSinceEpoch(time.Now()), connectionID, transferID) return err } func sqlCommonRemoveActiveTransfer(transferID int64, connectionID string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getRemoveActiveTransferQuery() _, err := dbHandle.ExecContext(ctx, q, connectionID, transferID) return err } func sqlCommonCleanupActiveTransfers(before time.Time, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getCleanupActiveTransfersQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(before)) return err } func sqlCommonGetActiveTransfers(from time.Time, dbHandle sqlQuerier) ([]ActiveTransfer, error) { transfers := make([]ActiveTransfer, 0, 30) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getActiveTransfersQuery() rows, err := dbHandle.QueryContext(ctx, q, util.GetTimeAsMsSinceEpoch(from)) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var transfer ActiveTransfer var folderName sql.NullString err = rows.Scan(&transfer.ID, &transfer.ConnID, &transfer.Type, &transfer.Username, &folderName, &transfer.IP, &transfer.TruncatedSize, &transfer.CurrentULSize, &transfer.CurrentDLSize, &transfer.CreatedAt, &transfer.UpdatedAt) if err != nil { return transfers, err } if folderName.Valid { transfer.FolderName = folderName.String } transfers = append(transfers, transfer) } return transfers, rows.Err() } func sqlCommonGetUsers(limit int, offset int, order string, dbHandle sqlQuerier) ([]User, error) { users := make([]User, 0, limit) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUsersQuery(order) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return users, err } defer rows.Close() for rows.Next() { u, err := getUserFromDbRow(rows) if err != nil { return users, err } users = append(users, u) } err = rows.Err() if err != nil { return users, err } users, err = getUsersWithVirtualFolders(ctx, users, dbHandle) if err != nil { return users, err } users, err = getUsersWithGroups(ctx, users, dbHandle) if err != nil { return users, err } for idx := range users { users[idx].PrepareForRendering() } return users, nil } func sqlCommonGetDefenderHosts(from int64, limit int, dbHandle sqlQuerier) ([]DefenderEntry, error) { hosts := make([]DefenderEntry, 0, 100) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderHostsQuery() rows, err := dbHandle.QueryContext(ctx, q, from, limit) if err != nil { providerLog(logger.LevelError, "unable to get defender hosts: %v", err) return hosts, err } defer rows.Close() var idForScores []int64 for rows.Next() { var banTime sql.NullInt64 host := DefenderEntry{} err = rows.Scan(&host.ID, &host.IP, &banTime) if err != nil { providerLog(logger.LevelError, "unable to scan defender host row: %v", err) return hosts, err } var hostBanTime time.Time if banTime.Valid && banTime.Int64 > 0 { hostBanTime = util.GetTimeFromMsecSinceEpoch(banTime.Int64) } if hostBanTime.IsZero() || hostBanTime.Before(time.Now()) { idForScores = append(idForScores, host.ID) } else { host.BanTime = hostBanTime } hosts = append(hosts, host) } err = rows.Err() if err != nil { providerLog(logger.LevelError, "unable to iterate over defender host rows: %v", err) return hosts, err } return getDefenderHostsWithScores(ctx, hosts, from, idForScores, dbHandle) } func sqlCommonIsDefenderHostBanned(ip string, dbHandle sqlQuerier) (DefenderEntry, error) { var host DefenderEntry ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderIsHostBannedQuery() row := dbHandle.QueryRowContext(ctx, q, ip, util.GetTimeAsMsSinceEpoch(time.Now())) err := row.Scan(&host.ID) if err != nil { if errors.Is(err, sql.ErrNoRows) { return host, util.NewRecordNotFoundError("host not found") } providerLog(logger.LevelError, "unable to check ban status for host %#v: %v", ip, err) return host, err } return host, nil } func sqlCommonGetDefenderHostByIP(ip string, from int64, dbHandle sqlQuerier) (DefenderEntry, error) { var host DefenderEntry ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderHostQuery() row := dbHandle.QueryRowContext(ctx, q, ip, from) var banTime sql.NullInt64 err := row.Scan(&host.ID, &host.IP, &banTime) if err != nil { if errors.Is(err, sql.ErrNoRows) { return host, util.NewRecordNotFoundError("host not found") } providerLog(logger.LevelError, "unable to get host for ip %#v: %v", ip, err) return host, err } if banTime.Valid && banTime.Int64 > 0 { hostBanTime := util.GetTimeFromMsecSinceEpoch(banTime.Int64) if !hostBanTime.IsZero() && hostBanTime.After(time.Now()) { host.BanTime = hostBanTime return host, nil } } hosts, err := getDefenderHostsWithScores(ctx, []DefenderEntry{host}, from, []int64{host.ID}, dbHandle) if err != nil { return host, err } if len(hosts) == 0 { return host, util.NewRecordNotFoundError("host not found") } return hosts[0], nil } func sqlCommonDefenderIncrementBanTime(ip string, minutesToAdd int, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderIncrementBanTimeQuery() _, err := dbHandle.ExecContext(ctx, q, minutesToAdd*60000, ip) if err == nil { providerLog(logger.LevelDebug, "ban time updated for ip %#v, increment (minutes): %v", ip, minutesToAdd) } else { providerLog(logger.LevelError, "error updating ban time for ip %#v: %v", ip, err) } return err } func sqlCommonSetDefenderBanTime(ip string, banTime int64, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderSetBanTimeQuery() _, err := dbHandle.ExecContext(ctx, q, banTime, ip) if err == nil { providerLog(logger.LevelDebug, "ip %#v banned until %v", ip, util.GetTimeFromMsecSinceEpoch(banTime)) } else { providerLog(logger.LevelError, "error setting ban time for ip %#v: %v", ip, err) } return err } func sqlCommonDeleteDefenderHost(ip string, dbHandle sqlQuerier) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteDefenderHostQuery() res, err := dbHandle.ExecContext(ctx, q, ip) if err != nil { providerLog(logger.LevelError, "unable to delete defender host %#v: %v", ip, err) return err } return sqlCommonRequireRowAffected(res) } func sqlCommonAddDefenderHostAndEvent(ip string, score int, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { if err := sqlCommonAddDefenderHost(ctx, ip, tx); err != nil { return err } return sqlCommonAddDefenderEvent(ctx, ip, score, tx) }) } func sqlCommonDefenderCleanup(from int64, dbHandler *sql.DB) error { if err := sqlCommonCleanupDefenderEvents(from, dbHandler); err != nil { return err } return sqlCommonCleanupDefenderHosts(from, dbHandler) } func sqlCommonAddDefenderHost(ctx context.Context, ip string, tx *sql.Tx) error { q := getAddDefenderHostQuery() _, err := tx.ExecContext(ctx, q, ip, util.GetTimeAsMsSinceEpoch(time.Now())) if err != nil { providerLog(logger.LevelError, "unable to add defender host %#v: %v", ip, err) } return err } func sqlCommonAddDefenderEvent(ctx context.Context, ip string, score int, tx *sql.Tx) error { q := getAddDefenderEventQuery() _, err := tx.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), score, ip) if err != nil { providerLog(logger.LevelError, "unable to add defender event for %#v: %v", ip, err) } return err } func sqlCommonCleanupDefenderHosts(from int64, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderHostsCleanupQuery() _, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), from) if err != nil { providerLog(logger.LevelError, "unable to cleanup defender hosts: %v", err) } return err } func sqlCommonCleanupDefenderEvents(from int64, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDefenderEventsCleanupQuery() _, err := dbHandle.ExecContext(ctx, q, from) if err != nil { providerLog(logger.LevelError, "unable to cleanup defender events: %v", err) } return err } func getShareFromDbRow(row sqlScanner) (Share, error) { var share Share var description, password, allowFrom, paths sql.NullString err := row.Scan(&share.ShareID, &share.Name, &description, &share.Scope, &paths, &share.Username, &share.CreatedAt, &share.UpdatedAt, &share.LastUseAt, &share.ExpiresAt, &password, &share.MaxTokens, &share.UsedTokens, &allowFrom) if err != nil { if errors.Is(err, sql.ErrNoRows) { return share, util.NewRecordNotFoundError(err.Error()) } return share, err } if paths.Valid { var list []string err = json.Unmarshal([]byte(paths.String), &list) if err != nil { return share, err } share.Paths = list } else { return share, errors.New("unable to decode shared paths") } if description.Valid { share.Description = description.String } if password.Valid { share.Password = password.String } if allowFrom.Valid { var list []string err = json.Unmarshal([]byte(allowFrom.String), &list) if err == nil { share.AllowFrom = list } } return share, nil } func getAPIKeyFromDbRow(row sqlScanner) (APIKey, error) { var apiKey APIKey var userID, adminID sql.NullInt64 var description sql.NullString err := row.Scan(&apiKey.KeyID, &apiKey.Name, &apiKey.Key, &apiKey.Scope, &apiKey.CreatedAt, &apiKey.UpdatedAt, &apiKey.LastUseAt, &apiKey.ExpiresAt, &description, &userID, &adminID) if err != nil { if errors.Is(err, sql.ErrNoRows) { return apiKey, util.NewRecordNotFoundError(err.Error()) } return apiKey, err } if userID.Valid { apiKey.userID = userID.Int64 } if adminID.Valid { apiKey.adminID = adminID.Int64 } if description.Valid { apiKey.Description = description.String } return apiKey, nil } func getAdminFromDbRow(row sqlScanner) (Admin, error) { var admin Admin var email, filters, additionalInfo, permissions, description sql.NullString err := row.Scan(&admin.ID, &admin.Username, &admin.Password, &admin.Status, &email, &permissions, &filters, &additionalInfo, &description, &admin.CreatedAt, &admin.UpdatedAt, &admin.LastLogin) if err != nil { if errors.Is(err, sql.ErrNoRows) { return admin, util.NewRecordNotFoundError(err.Error()) } return admin, err } if permissions.Valid { var perms []string err = json.Unmarshal([]byte(permissions.String), &perms) if err != nil { return admin, err } admin.Permissions = perms } if email.Valid { admin.Email = email.String } if filters.Valid { var adminFilters AdminFilters err = json.Unmarshal([]byte(filters.String), &adminFilters) if err == nil { admin.Filters = adminFilters } } if additionalInfo.Valid { admin.AdditionalInfo = additionalInfo.String } if description.Valid { admin.Description = description.String } admin.SetEmptySecretsIfNil() return admin, nil } func getEventActionFromDbRow(row sqlScanner) (BaseEventAction, error) { var action BaseEventAction var description sql.NullString var options []byte err := row.Scan(&action.ID, &action.Name, &description, &action.Type, &options) if err != nil { if errors.Is(err, sql.ErrNoRows) { return action, util.NewRecordNotFoundError(err.Error()) } return action, err } if description.Valid { action.Description = description.String } if len(options) > 0 { err = json.Unmarshal(options, &action.Options) if err != nil { return action, err } } return action, nil } func getEventRuleFromDbRow(row sqlScanner) (EventRule, error) { var rule EventRule var description sql.NullString var conditions []byte err := row.Scan(&rule.ID, &rule.Name, &description, &rule.CreatedAt, &rule.UpdatedAt, &rule.Trigger, &conditions, &rule.DeletedAt) if err != nil { if errors.Is(err, sql.ErrNoRows) { return rule, util.NewRecordNotFoundError(err.Error()) } return rule, err } if len(conditions) > 0 { err = json.Unmarshal(conditions, &rule.Conditions) if err != nil { return rule, err } } if description.Valid { rule.Description = description.String } return rule, nil } func getGroupFromDbRow(row sqlScanner) (Group, error) { var group Group var userSettings, description sql.NullString err := row.Scan(&group.ID, &group.Name, &description, &group.CreatedAt, &group.UpdatedAt, &userSettings) if err != nil { if errors.Is(err, sql.ErrNoRows) { return group, util.NewRecordNotFoundError(err.Error()) } return group, err } if description.Valid { group.Description = description.String } if userSettings.Valid { var settings GroupUserSettings err = json.Unmarshal([]byte(userSettings.String), &settings) if err == nil { group.UserSettings = settings } } return group, nil } func getUserFromDbRow(row sqlScanner) (User, error) { var user User var permissions sql.NullString var password sql.NullString var publicKey sql.NullString var filters sql.NullString var fsConfig sql.NullString var additionalInfo, description, email sql.NullString err := row.Scan(&user.ID, &user.Username, &password, &publicKey, &user.HomeDir, &user.UID, &user.GID, &user.MaxSessions, &user.QuotaSize, &user.QuotaFiles, &permissions, &user.UsedQuotaSize, &user.UsedQuotaFiles, &user.LastQuotaUpdate, &user.UploadBandwidth, &user.DownloadBandwidth, &user.ExpirationDate, &user.LastLogin, &user.Status, &filters, &fsConfig, &additionalInfo, &description, &email, &user.CreatedAt, &user.UpdatedAt, &user.UploadDataTransfer, &user.DownloadDataTransfer, &user.TotalDataTransfer, &user.UsedUploadDataTransfer, &user.UsedDownloadDataTransfer, &user.DeletedAt) if err != nil { if errors.Is(err, sql.ErrNoRows) { return user, util.NewRecordNotFoundError(err.Error()) } return user, err } if password.Valid { user.Password = password.String } // we can have a empty string or an invalid json in null string // so we do a relaxed test if the field is optional, for example we // populate public keys only if unmarshal does not return an error if publicKey.Valid { var list []string err = json.Unmarshal([]byte(publicKey.String), &list) if err == nil { user.PublicKeys = list } } if permissions.Valid { perms := make(map[string][]string) err = json.Unmarshal([]byte(permissions.String), &perms) if err != nil { providerLog(logger.LevelError, "unable to deserialize permissions for user %#v: %v", user.Username, err) return user, fmt.Errorf("unable to deserialize permissions for user %#v: %v", user.Username, err) } user.Permissions = perms } if filters.Valid { var userFilters UserFilters err = json.Unmarshal([]byte(filters.String), &userFilters) if err == nil { user.Filters = userFilters } } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { user.FsConfig = fs } } if additionalInfo.Valid { user.AdditionalInfo = additionalInfo.String } if description.Valid { user.Description = description.String } if email.Valid { user.Email = email.String } user.SetEmptySecretsIfNil() return user, nil } func sqlCommonGetFolder(ctx context.Context, name string, dbHandle sqlQuerier) (vfs.BaseVirtualFolder, error) { var folder vfs.BaseVirtualFolder q := getFolderByNameQuery() row := dbHandle.QueryRowContext(ctx, q, name) var mappedPath, description, fsConfig sql.NullString err := row.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate, &folder.Name, &description, &fsConfig) if err != nil { if errors.Is(err, sql.ErrNoRows) { return folder, util.NewRecordNotFoundError(err.Error()) } return folder, err } if mappedPath.Valid { folder.MappedPath = mappedPath.String } if description.Valid { folder.Description = description.String } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { folder.FsConfig = fs } } return folder, err } func sqlCommonGetFolderByName(ctx context.Context, name string, dbHandle sqlQuerier) (vfs.BaseVirtualFolder, error) { folder, err := sqlCommonGetFolder(ctx, name, dbHandle) if err != nil { return folder, err } folders, err := getVirtualFoldersWithUsers([]vfs.BaseVirtualFolder{folder}, dbHandle) if err != nil { return folder, err } if len(folders) != 1 { return folder, fmt.Errorf("unable to associate users with folder %#v", name) } folders, err = getVirtualFoldersWithGroups([]vfs.BaseVirtualFolder{folders[0]}, dbHandle) if err != nil { return folder, err } if len(folders) != 1 { return folder, fmt.Errorf("unable to associate groups with folder %#v", name) } return folders[0], nil } func sqlCommonAddOrUpdateFolder(ctx context.Context, baseFolder *vfs.BaseVirtualFolder, usedQuotaSize int64, usedQuotaFiles int, lastQuotaUpdate int64, dbHandle sqlQuerier, ) error { fsConfig, err := json.Marshal(baseFolder.FsConfig) if err != nil { return err } q := getUpsertFolderQuery() _, err = dbHandle.ExecContext(ctx, q, baseFolder.MappedPath, usedQuotaSize, usedQuotaFiles, lastQuotaUpdate, baseFolder.Name, baseFolder.Description, string(fsConfig)) return err } func sqlCommonAddFolder(folder *vfs.BaseVirtualFolder, dbHandle sqlQuerier) error { err := ValidateFolder(folder) if err != nil { return err } fsConfig, err := json.Marshal(folder.FsConfig) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddFolderQuery() _, err = dbHandle.ExecContext(ctx, q, folder.MappedPath, folder.UsedQuotaSize, folder.UsedQuotaFiles, folder.LastQuotaUpdate, folder.Name, folder.Description, string(fsConfig)) return err } func sqlCommonUpdateFolder(folder *vfs.BaseVirtualFolder, dbHandle sqlQuerier) error { err := ValidateFolder(folder) if err != nil { return err } fsConfig, err := json.Marshal(folder.FsConfig) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateFolderQuery() _, err = dbHandle.ExecContext(ctx, q, folder.MappedPath, folder.Description, string(fsConfig), folder.Name) return err } func sqlCommonDeleteFolder(folder vfs.BaseVirtualFolder, dbHandle sqlQuerier) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteFolderQuery() res, err := dbHandle.ExecContext(ctx, q, folder.ID) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonDumpFolders(dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error) { folders := make([]vfs.BaseVirtualFolder, 0, 50) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getDumpFoldersQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return folders, err } defer rows.Close() for rows.Next() { var folder vfs.BaseVirtualFolder var mappedPath, description, fsConfig sql.NullString err = rows.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate, &folder.Name, &description, &fsConfig) if err != nil { return folders, err } if mappedPath.Valid { folder.MappedPath = mappedPath.String } if description.Valid { folder.Description = description.String } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { folder.FsConfig = fs } } folders = append(folders, folder) } return folders, rows.Err() } func sqlCommonGetFolders(limit, offset int, order string, minimal bool, dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error) { folders := make([]vfs.BaseVirtualFolder, 0, limit) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getFoldersQuery(order, minimal) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return folders, err } defer rows.Close() for rows.Next() { var folder vfs.BaseVirtualFolder if minimal { err = rows.Scan(&folder.ID, &folder.Name) if err != nil { return folders, err } } else { var mappedPath, description, fsConfig sql.NullString err = rows.Scan(&folder.ID, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate, &folder.Name, &description, &fsConfig) if err != nil { return folders, err } if mappedPath.Valid { folder.MappedPath = mappedPath.String } if description.Valid { folder.Description = description.String } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { folder.FsConfig = fs } } } folder.PrepareForRendering() folders = append(folders, folder) } err = rows.Err() if err != nil { return folders, err } if minimal { return folders, nil } folders, err = getVirtualFoldersWithUsers(folders, dbHandle) if err != nil { return folders, err } return getVirtualFoldersWithGroups(folders, dbHandle) } func sqlCommonClearUserFolderMapping(ctx context.Context, user *User, dbHandle sqlQuerier) error { q := getClearUserFolderMappingQuery() _, err := dbHandle.ExecContext(ctx, q, user.Username) return err } func sqlCommonClearGroupFolderMapping(ctx context.Context, group *Group, dbHandle sqlQuerier) error { q := getClearGroupFolderMappingQuery() _, err := dbHandle.ExecContext(ctx, q, group.Name) return err } func sqlCommonClearUserGroupMapping(ctx context.Context, user *User, dbHandle sqlQuerier) error { q := getClearUserGroupMappingQuery() _, err := dbHandle.ExecContext(ctx, q, user.Username) return err } func sqlCommonAddUserFolderMapping(ctx context.Context, user *User, folder *vfs.VirtualFolder, dbHandle sqlQuerier) error { q := getAddUserFolderMappingQuery() _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, user.Username) return err } func sqlCommonAddGroupFolderMapping(ctx context.Context, group *Group, folder *vfs.VirtualFolder, dbHandle sqlQuerier) error { q := getAddGroupFolderMappingQuery() _, err := dbHandle.ExecContext(ctx, q, folder.VirtualPath, folder.QuotaSize, folder.QuotaFiles, folder.Name, group.Name) return err } func sqlCommonAddUserGroupMapping(ctx context.Context, username, groupName string, groupType int, dbHandle sqlQuerier) error { q := getAddUserGroupMappingQuery() _, err := dbHandle.ExecContext(ctx, q, username, groupName, groupType) return err } func generateGroupVirtualFoldersMapping(ctx context.Context, group *Group, dbHandle sqlQuerier) error { err := sqlCommonClearGroupFolderMapping(ctx, group, dbHandle) if err != nil { return err } for idx := range group.VirtualFolders { vfolder := &group.VirtualFolders[idx] err = sqlCommonAddOrUpdateFolder(ctx, &vfolder.BaseVirtualFolder, 0, 0, 0, dbHandle) if err != nil { return err } err = sqlCommonAddGroupFolderMapping(ctx, group, vfolder, dbHandle) if err != nil { return err } } return err } func generateUserVirtualFoldersMapping(ctx context.Context, user *User, dbHandle sqlQuerier) error { err := sqlCommonClearUserFolderMapping(ctx, user, dbHandle) if err != nil { return err } for idx := range user.VirtualFolders { vfolder := &user.VirtualFolders[idx] err := sqlCommonAddOrUpdateFolder(ctx, &vfolder.BaseVirtualFolder, 0, 0, 0, dbHandle) if err != nil { return err } err = sqlCommonAddUserFolderMapping(ctx, user, vfolder, dbHandle) if err != nil { return err } } return err } func generateUserGroupMapping(ctx context.Context, user *User, dbHandle sqlQuerier) error { err := sqlCommonClearUserGroupMapping(ctx, user, dbHandle) if err != nil { return err } for _, group := range user.Groups { err = sqlCommonAddUserGroupMapping(ctx, user.Username, group.Name, group.Type, dbHandle) if err != nil { return err } } return err } func getDefenderHostsWithScores(ctx context.Context, hosts []DefenderEntry, from int64, idForScores []int64, dbHandle sqlQuerier) ( []DefenderEntry, error, ) { if len(idForScores) == 0 { return hosts, nil } hostsWithScores := make(map[int64]int) q := getDefenderEventsQuery(idForScores) rows, err := dbHandle.QueryContext(ctx, q, from) if err != nil { providerLog(logger.LevelError, "unable to get score for hosts with id %+v: %v", idForScores, err) return nil, err } defer rows.Close() for rows.Next() { var hostID int64 var score int err = rows.Scan(&hostID, &score) if err != nil { providerLog(logger.LevelError, "error scanning host score row: %v", err) return hosts, err } if score > 0 { hostsWithScores[hostID] = score } } err = rows.Err() if err != nil { return hosts, err } result := make([]DefenderEntry, 0, len(hosts)) for idx := range hosts { hosts[idx].Score = hostsWithScores[hosts[idx].ID] if hosts[idx].Score > 0 || !hosts[idx].BanTime.IsZero() { result = append(result, hosts[idx]) } } return result, nil } func getUserWithVirtualFolders(ctx context.Context, user User, dbHandle sqlQuerier) (User, error) { users, err := getUsersWithVirtualFolders(ctx, []User{user}, dbHandle) if err != nil { return user, err } if len(users) == 0 { return user, errSQLFoldersAssociation } return users[0], err } func getUsersWithVirtualFolders(ctx context.Context, users []User, dbHandle sqlQuerier) ([]User, error) { if len(users) == 0 { return users, nil } usersVirtualFolders := make(map[int64][]vfs.VirtualFolder) q := getRelatedFoldersForUsersQuery(users) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var folder vfs.VirtualFolder var userID int64 var mappedPath, fsConfig, description sql.NullString err = rows.Scan(&folder.ID, &folder.Name, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate, &folder.VirtualPath, &folder.QuotaSize, &folder.QuotaFiles, &userID, &fsConfig, &description) if err != nil { return users, err } if mappedPath.Valid { folder.MappedPath = mappedPath.String } if description.Valid { folder.Description = description.String } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { folder.FsConfig = fs } } usersVirtualFolders[userID] = append(usersVirtualFolders[userID], folder) } err = rows.Err() if err != nil { return users, err } if len(usersVirtualFolders) == 0 { return users, err } for idx := range users { ref := &users[idx] ref.VirtualFolders = usersVirtualFolders[ref.ID] } return users, err } func getUserWithGroups(ctx context.Context, user User, dbHandle sqlQuerier) (User, error) { users, err := getUsersWithGroups(ctx, []User{user}, dbHandle) if err != nil { return user, err } if len(users) == 0 { return user, errSQLGroupsAssociation } return users[0], err } func getUsersWithGroups(ctx context.Context, users []User, dbHandle sqlQuerier) ([]User, error) { if len(users) == 0 { return users, nil } usersGroups := make(map[int64][]sdk.GroupMapping) q := getRelatedGroupsForUsersQuery(users) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var group sdk.GroupMapping var userID int64 err = rows.Scan(&group.Name, &group.Type, &userID) if err != nil { return users, err } usersGroups[userID] = append(usersGroups[userID], group) } err = rows.Err() if err != nil { return users, err } if len(usersGroups) == 0 { return users, err } for idx := range users { ref := &users[idx] ref.Groups = usersGroups[ref.ID] } return users, err } func getGroupWithUsers(ctx context.Context, group Group, dbHandle sqlQuerier) (Group, error) { groups, err := getGroupsWithUsers(ctx, []Group{group}, dbHandle) if err != nil { return group, err } if len(groups) == 0 { return group, errSQLUsersAssociation } return groups[0], err } func getGroupWithVirtualFolders(ctx context.Context, group Group, dbHandle sqlQuerier) (Group, error) { groups, err := getGroupsWithVirtualFolders(ctx, []Group{group}, dbHandle) if err != nil { return group, err } if len(groups) == 0 { return group, errSQLFoldersAssociation } return groups[0], err } func getGroupsWithVirtualFolders(ctx context.Context, groups []Group, dbHandle sqlQuerier) ([]Group, error) { if len(groups) == 0 { return groups, nil } q := getRelatedFoldersForGroupsQuery(groups) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() groupsVirtualFolders := make(map[int64][]vfs.VirtualFolder) for rows.Next() { var groupID int64 var folder vfs.VirtualFolder var mappedPath, fsConfig, description sql.NullString err = rows.Scan(&folder.ID, &folder.Name, &mappedPath, &folder.UsedQuotaSize, &folder.UsedQuotaFiles, &folder.LastQuotaUpdate, &folder.VirtualPath, &folder.QuotaSize, &folder.QuotaFiles, &groupID, &fsConfig, &description) if err != nil { return groups, err } if mappedPath.Valid { folder.MappedPath = mappedPath.String } if description.Valid { folder.Description = description.String } if fsConfig.Valid { var fs vfs.Filesystem err = json.Unmarshal([]byte(fsConfig.String), &fs) if err == nil { folder.FsConfig = fs } } groupsVirtualFolders[groupID] = append(groupsVirtualFolders[groupID], folder) } err = rows.Err() if err != nil { return groups, err } if len(groupsVirtualFolders) == 0 { return groups, err } for idx := range groups { ref := &groups[idx] ref.VirtualFolders = groupsVirtualFolders[ref.ID] } return groups, err } func getGroupsWithUsers(ctx context.Context, groups []Group, dbHandle sqlQuerier) ([]Group, error) { if len(groups) == 0 { return groups, nil } q := getRelatedUsersForGroupsQuery(groups) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() groupsUsers := make(map[int64][]string) for rows.Next() { var username string var groupID int64 err = rows.Scan(&groupID, &username) if err != nil { return groups, err } groupsUsers[groupID] = append(groupsUsers[groupID], username) } err = rows.Err() if err != nil { return groups, err } if len(groupsUsers) == 0 { return groups, err } for idx := range groups { ref := &groups[idx] ref.Users = groupsUsers[ref.ID] } return groups, err } func getVirtualFoldersWithGroups(folders []vfs.BaseVirtualFolder, dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error) { if len(folders) == 0 { return folders, nil } vFoldersGroups := make(map[int64][]string) ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getRelatedGroupsForFoldersQuery(folders) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var name string var folderID int64 err = rows.Scan(&folderID, &name) if err != nil { return folders, err } vFoldersGroups[folderID] = append(vFoldersGroups[folderID], name) } err = rows.Err() if err != nil { return folders, err } if len(vFoldersGroups) == 0 { return folders, err } for idx := range folders { ref := &folders[idx] ref.Groups = vFoldersGroups[ref.ID] } return folders, err } func getVirtualFoldersWithUsers(folders []vfs.BaseVirtualFolder, dbHandle sqlQuerier) ([]vfs.BaseVirtualFolder, error) { if len(folders) == 0 { return folders, nil } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getRelatedUsersForFoldersQuery(folders) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() vFoldersUsers := make(map[int64][]string) for rows.Next() { var username string var folderID int64 err = rows.Scan(&folderID, &username) if err != nil { return folders, err } vFoldersUsers[folderID] = append(vFoldersUsers[folderID], username) } err = rows.Err() if err != nil { return folders, err } if len(vFoldersUsers) == 0 { return folders, err } for idx := range folders { ref := &folders[idx] ref.Users = vFoldersUsers[ref.ID] } return folders, err } func sqlCommonUpdateFolderQuota(name string, filesAdd int, sizeAdd int64, reset bool, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateFolderQuotaQuery(reset) _, err := dbHandle.ExecContext(ctx, q, sizeAdd, filesAdd, util.GetTimeAsMsSinceEpoch(time.Now()), name) if err == nil { providerLog(logger.LevelDebug, "quota updated for folder %#v, files increment: %v size increment: %v is reset? %v", name, filesAdd, sizeAdd, reset) } else { providerLog(logger.LevelWarn, "error updating quota for folder %#v: %v", name, err) } return err } func sqlCommonGetFolderUsedQuota(mappedPath string, dbHandle *sql.DB) (int, int64, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getQuotaFolderQuery() var usedFiles int var usedSize int64 err := dbHandle.QueryRowContext(ctx, q, mappedPath).Scan(&usedSize, &usedFiles) if err != nil { providerLog(logger.LevelError, "error getting quota for folder: %v, error: %v", mappedPath, err) return 0, 0, err } return usedFiles, usedSize, err } func getAPIKeyWithRelatedFields(ctx context.Context, apiKey APIKey, dbHandle sqlQuerier) (APIKey, error) { var apiKeys []APIKey var err error scope := APIKeyScopeAdmin if apiKey.userID > 0 { scope = APIKeyScopeUser } apiKeys, err = getRelatedValuesForAPIKeys(ctx, []APIKey{apiKey}, dbHandle, scope) if err != nil { return apiKey, err } if len(apiKeys) > 0 { apiKey = apiKeys[0] } return apiKey, nil } func getRelatedValuesForAPIKeys(ctx context.Context, apiKeys []APIKey, dbHandle sqlQuerier, scope APIKeyScope) ([]APIKey, error) { if len(apiKeys) == 0 { return apiKeys, nil } values := make(map[int64]string) var q string if scope == APIKeyScopeUser { q = getRelatedUsersForAPIKeysQuery(apiKeys) } else { q = getRelatedAdminsForAPIKeysQuery(apiKeys) } rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var valueID int64 var valueName string err = rows.Scan(&valueID, &valueName) if err != nil { return apiKeys, err } values[valueID] = valueName } err = rows.Err() if err != nil { return apiKeys, err } if len(values) == 0 { return apiKeys, nil } for idx := range apiKeys { ref := &apiKeys[idx] if scope == APIKeyScopeUser { ref.User = values[ref.userID] } else { ref.Admin = values[ref.adminID] } } return apiKeys, nil } func sqlCommonGetAPIKeyRelatedIDs(apiKey *APIKey) (sql.NullInt64, sql.NullInt64, error) { var userID, adminID sql.NullInt64 if apiKey.User != "" { u, err := provider.userExists(apiKey.User) if err != nil { return userID, adminID, util.NewValidationError(fmt.Sprintf("unable to validate user %v", apiKey.User)) } userID.Valid = true userID.Int64 = u.ID } if apiKey.Admin != "" { a, err := provider.adminExists(apiKey.Admin) if err != nil { return userID, adminID, util.NewValidationError(fmt.Sprintf("unable to validate admin %v", apiKey.Admin)) } adminID.Valid = true adminID.Int64 = a.ID } return userID, adminID, nil } func sqlCommonAddSession(session Session, dbHandle *sql.DB) error { if err := session.validate(); err != nil { return err } data, err := json.Marshal(session.Data) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddSessionQuery() _, err = dbHandle.ExecContext(ctx, q, session.Key, data, session.Type, session.Timestamp) return err } func sqlCommonGetSession(key string, dbHandle sqlQuerier) (Session, error) { var session Session ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getSessionQuery() var data []byte // type hint, some driver will use string instead of []byte if the type is any err := dbHandle.QueryRowContext(ctx, q, key).Scan(&session.Key, &data, &session.Type, &session.Timestamp) if err != nil { return session, err } session.Data = data return session, nil } func sqlCommonDeleteSession(key string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteSessionQuery() res, err := dbHandle.ExecContext(ctx, q, key) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonCleanupSessions(sessionType SessionType, before int64, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getCleanupSessionsQuery() _, err := dbHandle.ExecContext(ctx, q, sessionType, before) return err } func getActionsWithRuleNames(ctx context.Context, actions []BaseEventAction, dbHandle sqlQuerier, ) ([]BaseEventAction, error) { if len(actions) == 0 { return actions, nil } q := getRelatedRulesForActionsQuery(actions) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() actionsRules := make(map[int64][]string) for rows.Next() { var name string var actionID int64 if err = rows.Scan(&actionID, &name); err != nil { return nil, err } actionsRules[actionID] = append(actionsRules[actionID], name) } err = rows.Err() if err != nil { return nil, err } if len(actionsRules) == 0 { return actions, nil } for idx := range actions { ref := &actions[idx] ref.Rules = actionsRules[ref.ID] } return actions, nil } func getRulesWithActions(ctx context.Context, rules []EventRule, dbHandle sqlQuerier) ([]EventRule, error) { if len(rules) == 0 { return rules, nil } rulesActions := make(map[int64][]EventAction) q := getRelatedActionsForRulesQuery(rules) rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return nil, err } defer rows.Close() for rows.Next() { var action EventAction var ruleID int64 var description sql.NullString var baseOptions, options []byte err = rows.Scan(&action.ID, &action.Name, &description, &action.Type, &baseOptions, &options, &action.Order, &ruleID) if err != nil { return rules, err } if len(baseOptions) > 0 { err = json.Unmarshal(baseOptions, &action.BaseEventAction.Options) if err != nil { return rules, err } } if len(options) > 0 { err = json.Unmarshal(options, &action.Options) if err != nil { return rules, err } } action.BaseEventAction.Options.SetEmptySecretsIfNil() rulesActions[ruleID] = append(rulesActions[ruleID], action) } err = rows.Err() if err != nil { return rules, err } if len(rulesActions) == 0 { return rules, nil } for idx := range rules { ref := &rules[idx] ref.Actions = rulesActions[ref.ID] } return rules, nil } func generateEventRuleActionsMapping(ctx context.Context, rule *EventRule, dbHandle sqlQuerier) error { q := getClearRuleActionMappingQuery() _, err := dbHandle.ExecContext(ctx, q, rule.Name) if err != nil { return err } for _, action := range rule.Actions { options, err := json.Marshal(action.Options) if err != nil { return err } q = getAddRuleActionMappingQuery() _, err = dbHandle.ExecContext(ctx, q, rule.Name, action.Name, action.Order, string(options)) if err != nil { return err } } return nil } func sqlCommonGetEventActionByName(name string, dbHandle sqlQuerier) (BaseEventAction, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getEventActionByNameQuery() row := dbHandle.QueryRowContext(ctx, q, name) action, err := getEventActionFromDbRow(row) if err != nil { return action, err } actions, err := getActionsWithRuleNames(ctx, []BaseEventAction{action}, dbHandle) if err != nil { return action, err } if len(actions) != 1 { return action, fmt.Errorf("unable to associate rules with action %q", name) } return actions[0], nil } func sqlCommonDumpEventActions(dbHandle sqlQuerier) ([]BaseEventAction, error) { actions := make([]BaseEventAction, 0, 10) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getDumpEventActionsQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return actions, err } defer rows.Close() for rows.Next() { action, err := getEventActionFromDbRow(rows) if err != nil { return actions, err } actions = append(actions, action) } return actions, rows.Err() } func sqlCommonGetEventActions(limit int, offset int, order string, minimal bool, dbHandle sqlQuerier, ) ([]BaseEventAction, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getEventsActionsQuery(order, minimal) actions := make([]BaseEventAction, 0, limit) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return actions, err } defer rows.Close() for rows.Next() { var action BaseEventAction if minimal { err = rows.Scan(&action.ID, &action.Name) } else { action, err = getEventActionFromDbRow(rows) } if err != nil { return actions, err } actions = append(actions, action) } err = rows.Err() if err != nil { return nil, err } if minimal { return actions, nil } actions, err = getActionsWithRuleNames(ctx, actions, dbHandle) if err != nil { return nil, err } for idx := range actions { actions[idx].PrepareForRendering() } return actions, nil } func sqlCommonAddEventAction(action *BaseEventAction, dbHandle *sql.DB) error { if err := action.validate(); err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddEventActionQuery() options, err := json.Marshal(action.Options) if err != nil { return err } _, err = dbHandle.ExecContext(ctx, q, action.Name, action.Description, action.Type, string(options)) return err } func sqlCommonUpdateEventAction(action *BaseEventAction, dbHandle *sql.DB) error { if err := action.validate(); err != nil { return err } options, err := json.Marshal(action.Options) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getUpdateEventActionQuery() _, err = tx.ExecContext(ctx, q, action.Description, action.Type, string(options), action.Name) if err != nil { return err } q = getUpdateRulesTimestampQuery() _, err = tx.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), action.ID) return err }) } func sqlCommonDeleteEventAction(action BaseEventAction, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteEventActionQuery() res, err := dbHandle.ExecContext(ctx, q, action.Name) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonGetEventRuleByName(name string, dbHandle sqlQuerier) (EventRule, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getEventRulesByNameQuery() row := dbHandle.QueryRowContext(ctx, q, name) rule, err := getEventRuleFromDbRow(row) if err != nil { return rule, err } rules, err := getRulesWithActions(ctx, []EventRule{rule}, dbHandle) if err != nil { return rule, err } if len(rules) != 1 { return rule, fmt.Errorf("unable to associate rule %q with actions", name) } return rules[0], nil } func sqlCommonDumpEventRules(dbHandle sqlQuerier) ([]EventRule, error) { rules := make([]EventRule, 0, 10) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getDumpEventRulesQuery() rows, err := dbHandle.QueryContext(ctx, q) if err != nil { return rules, err } defer rows.Close() for rows.Next() { rule, err := getEventRuleFromDbRow(rows) if err != nil { return rules, err } rules = append(rules, rule) } err = rows.Err() if err != nil { return rules, err } return getRulesWithActions(ctx, rules, dbHandle) } func sqlCommonGetRecentlyUpdatedRules(after int64, dbHandle sqlQuerier) ([]EventRule, error) { rules := make([]EventRule, 0, 10) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() q := getRecentlyUpdatedRulesQuery() rows, err := dbHandle.QueryContext(ctx, q, after) if err != nil { return rules, err } defer rows.Close() for rows.Next() { rule, err := getEventRuleFromDbRow(rows) if err != nil { return rules, err } rules = append(rules, rule) } err = rows.Err() if err != nil { return rules, err } return getRulesWithActions(ctx, rules, dbHandle) } func sqlCommonGetEventRules(limit int, offset int, order string, dbHandle sqlQuerier) ([]EventRule, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getEventRulesQuery(order) rules := make([]EventRule, 0, limit) rows, err := dbHandle.QueryContext(ctx, q, limit, offset) if err != nil { return rules, err } defer rows.Close() for rows.Next() { rule, err := getEventRuleFromDbRow(rows) if err != nil { return rules, err } rules = append(rules, rule) } err = rows.Err() if err != nil { return rules, err } rules, err = getRulesWithActions(ctx, rules, dbHandle) if err != nil { return rules, err } for idx := range rules { rules[idx].PrepareForRendering() } return rules, nil } func sqlCommonAddEventRule(rule *EventRule, dbHandle *sql.DB) error { if err := rule.validate(); err != nil { return err } conditions, err := json.Marshal(rule.Conditions) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getAddEventRuleQuery() _, err := tx.ExecContext(ctx, q, rule.Name, rule.Description, util.GetTimeAsMsSinceEpoch(time.Now()), util.GetTimeAsMsSinceEpoch(time.Now()), rule.Trigger, string(conditions)) if err != nil { return err } return generateEventRuleActionsMapping(ctx, rule, tx) }) } func sqlCommonUpdateEventRule(rule *EventRule, dbHandle *sql.DB) error { if err := rule.validate(); err != nil { return err } conditions, err := json.Marshal(rule.Conditions) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { q := getUpdateEventRuleQuery() _, err := tx.ExecContext(ctx, q, rule.Description, util.GetTimeAsMsSinceEpoch(time.Now()), rule.Trigger, string(conditions), rule.Name) if err != nil { return err } return generateEventRuleActionsMapping(ctx, rule, tx) }) } func sqlCommonDeleteEventRule(rule EventRule, softDelete bool, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { if softDelete { q := getClearRuleActionMappingQuery() _, err := tx.ExecContext(ctx, q, rule.Name) if err != nil { return err } } q := getDeleteEventRuleQuery(softDelete) if softDelete { ts := util.GetTimeAsMsSinceEpoch(time.Now()) res, err := tx.ExecContext(ctx, q, ts, ts, rule.Name) if err != nil { return err } return sqlCommonRequireRowAffected(res) } res, err := tx.ExecContext(ctx, q, rule.Name) if err != nil { return err } if err = sqlCommonRequireRowAffected(res); err != nil { return err } return sqlCommonDeleteTask(rule.Name, tx) }) } func sqlCommonGetTaskByName(name string, dbHandle sqlQuerier) (Task, error) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() task := Task{ Name: name, } q := getTaskByNameQuery() row := dbHandle.QueryRowContext(ctx, q, name) err := row.Scan(&task.UpdateAt, &task.Version) if err != nil { if errors.Is(err, sql.ErrNoRows) { return task, util.NewRecordNotFoundError(err.Error()) } } return task, err } func sqlCommonAddTask(name string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getAddTaskQuery() _, err := dbHandle.ExecContext(ctx, q, name, util.GetTimeAsMsSinceEpoch(time.Now())) return err } func sqlCommonUpdateTask(name string, version int64, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateTaskQuery() res, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), name, version) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonUpdateTaskTimestamp(name string, dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getUpdateTaskTimestampQuery() res, err := dbHandle.ExecContext(ctx, q, util.GetTimeAsMsSinceEpoch(time.Now()), name) if err != nil { return err } return sqlCommonRequireRowAffected(res) } func sqlCommonDeleteTask(name string, dbHandle sqlQuerier) error { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDeleteTaskQuery() _, err := dbHandle.ExecContext(ctx, q, name) return err } func sqlCommonGetDatabaseVersion(dbHandle sqlQuerier, showInitWarn bool) (schemaVersion, error) { var result schemaVersion ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() q := getDatabaseVersionQuery() stmt, err := dbHandle.PrepareContext(ctx, q) if err != nil { providerLog(logger.LevelError, "error preparing database query %#v: %v", q, err) if showInitWarn && strings.Contains(err.Error(), sqlTableSchemaVersion) { logger.WarnToConsole("database query error, did you forgot to run the \"initprovider\" command?") } return result, err } defer stmt.Close() row := stmt.QueryRowContext(ctx) err = row.Scan(&result.Version) return result, err } func sqlCommonRequireRowAffected(res sql.Result) error { // MariaDB/MySQL returns 0 rows affected for updates that don't change anything // so we don't check rows affected for updates affected, err := res.RowsAffected() if err == nil && affected == 0 { return util.NewRecordNotFoundError(sql.ErrNoRows.Error()) } return nil } func sqlCommonUpdateDatabaseVersion(ctx context.Context, dbHandle sqlQuerier, version int) error { q := getUpdateDBVersionQuery() _, err := dbHandle.ExecContext(ctx, q, version) return err } func sqlCommonExecSQLAndUpdateDBVersion(dbHandle *sql.DB, sqlQueries []string, newVersion int, isUp bool) error { if err := sqlAcquireLock(dbHandle); err != nil { return err } defer sqlReleaseLock(dbHandle) ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() if newVersion > 0 { currentVersion, err := sqlCommonGetDatabaseVersion(dbHandle, false) if err == nil { if (isUp && currentVersion.Version >= newVersion) || (!isUp && currentVersion.Version <= newVersion) { providerLog(logger.LevelInfo, "current schema version: %v, requested: %v, did you execute simultaneous migrations?", currentVersion.Version, newVersion) return nil } } } return sqlCommonExecuteTx(ctx, dbHandle, func(tx *sql.Tx) error { for _, q := range sqlQueries { if strings.TrimSpace(q) == "" { continue } _, err := tx.ExecContext(ctx, q) if err != nil { return err } } if newVersion == 0 { return nil } return sqlCommonUpdateDatabaseVersion(ctx, tx, newVersion) }) } func sqlAcquireLock(dbHandle *sql.DB) error { ctx, cancel := context.WithTimeout(context.Background(), longSQLQueryTimeout) defer cancel() switch config.Driver { case PGSQLDataProviderName: _, err := dbHandle.ExecContext(ctx, `SELECT pg_advisory_lock(101,1)`) if err != nil { return fmt.Errorf("unable to get advisory lock: %w", err) } providerLog(logger.LevelInfo, "acquired database lock") case MySQLDataProviderName: var lockResult sql.NullInt64 err := dbHandle.QueryRowContext(ctx, `SELECT GET_LOCK('sftpgo.migration',30)`).Scan(&lockResult) if err != nil { return fmt.Errorf("unable to get lock: %w", err) } if !lockResult.Valid { return errors.New("unable to get lock: null value returned") } if lockResult.Int64 != 1 { return fmt.Errorf("unable to get lock, result: %d", lockResult.Int64) } providerLog(logger.LevelInfo, "acquired database lock") } return nil } func sqlReleaseLock(dbHandle *sql.DB) { ctx, cancel := context.WithTimeout(context.Background(), defaultSQLQueryTimeout) defer cancel() switch config.Driver { case PGSQLDataProviderName: _, err := dbHandle.ExecContext(ctx, `SELECT pg_advisory_unlock(101,1)`) if err != nil { providerLog(logger.LevelWarn, "unable to release lock: %v", err) } else { providerLog(logger.LevelInfo, "released database lock") } case MySQLDataProviderName: _, err := dbHandle.ExecContext(ctx, `SELECT RELEASE_LOCK('sftpgo.migration')`) if err != nil { providerLog(logger.LevelWarn, "unable to release lock: %v", err) } else { providerLog(logger.LevelInfo, "released database lock") } } } func sqlCommonExecuteTx(ctx context.Context, dbHandle *sql.DB, txFn func(*sql.Tx) error) error { if config.Driver == CockroachDataProviderName { return crdb.ExecuteTx(ctx, dbHandle, nil, txFn) } tx, err := dbHandle.BeginTx(ctx, nil) if err != nil { return err } err = txFn(tx) if err != nil { // we don't change the returned error tx.Rollback() //nolint:errcheck return err } return tx.Commit() }