beenull/sftpgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sftpgo/dataprovider/sqlcommon.go

350 lines
9.5 KiB
Go
Raw Normal View History

first version
2019-07-20 10:26:52 +00:00
package dataprovider
import (
improve SQL provider availability check adding a timeout
2019-09-14 14:18:31 +00:00
"context"
first version
2019-07-20 10:26:52 +00:00
"database/sql"
"encoding/json"
"errors"
"time"
"github.com/drakkan/sftpgo/logger"
"github.com/drakkan/sftpgo/utils"
)
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func getUserByUsername(username string, dbHandle *sql.DB) (User, error) {
first version
2019-07-20 10:26:52 +00:00
var user User
q := getUserByUsernameQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return user, err
}
defer stmt.Close()
row := stmt.QueryRow(username)
return getUserFromDbRow(row, nil)
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonValidateUserAndPass(username string, password string, dbHandle *sql.DB) (User, error) {
first version
2019-07-20 10:26:52 +00:00
var user User
if len(password) == 0 {
return user, errors.New("Credentials cannot be null or empty")
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
user, err := getUserByUsername(username, dbHandle)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error authenticating user: %v, error: %v", username, err)
dataprovider: add support for bbolt key/value store This way there is an alternative for embedded/small systems if CGO is disabled at build time and so SQLite support cannot be compiled
2019-08-12 16:31:31 +00:00
return user, err
first version
2019-07-20 10:26:52 +00:00
}
dataprovider: add support for bbolt key/value store This way there is an alternative for embedded/small systems if CGO is disabled at build time and so SQLite support cannot be compiled
2019-08-12 16:31:31 +00:00
return checkUserAndPass(user, password)
first version
2019-07-20 10:26:52 +00:00
}
Show info about public key during login This will show the key fingerprint and the associated comment, or "password" when password was used, during login. Eg.: ``` message":"User id: 1, logged in with: \"public_key:SHA256:FV3+wlAKGzYy7+J02786fh8N8c06+jga/mdiSOSPT7g:jo@desktop\", ``` or ``` message":"User id: 1, logged in with: \"password\", ...` Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 19:35:53 +00:00
func sqlCommonValidateUserAndPubKey(username string, pubKey string, dbHandle *sql.DB) (User, string, error) {
first version
2019-07-20 10:26:52 +00:00
var user User
if len(pubKey) == 0 {
Show info about public key during login This will show the key fingerprint and the associated comment, or "password" when password was used, during login. Eg.: ``` message":"User id: 1, logged in with: \"public_key:SHA256:FV3+wlAKGzYy7+J02786fh8N8c06+jga/mdiSOSPT7g:jo@desktop\", ``` or ``` message":"User id: 1, logged in with: \"password\", ...` Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 19:35:53 +00:00
return user, "", errors.New("Credentials cannot be null or empty")
first version
2019-07-20 10:26:52 +00:00
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
user, err := getUserByUsername(username, dbHandle)
first version
2019-07-20 10:26:52 +00:00
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error authenticating user: %v, error: %v", username, err)
Show info about public key during login This will show the key fingerprint and the associated comment, or "password" when password was used, during login. Eg.: ``` message":"User id: 1, logged in with: \"public_key:SHA256:FV3+wlAKGzYy7+J02786fh8N8c06+jga/mdiSOSPT7g:jo@desktop\", ``` or ``` message":"User id: 1, logged in with: \"password\", ...` Signed-off-by: Jo Vandeginste <Jo.Vandeginste@kuleuven.be>
2019-09-05 19:35:53 +00:00
return user, "", err
fix misspells and ineffectual assignments
2019-07-20 19:17:53 +00:00
}
dataprovider: add support for bbolt key/value store This way there is an alternative for embedded/small systems if CGO is disabled at build time and so SQLite support cannot be compiled
2019-08-12 16:31:31 +00:00
return checkUserAndPubKey(user, pubKey)
first version
2019-07-20 10:26:52 +00:00
}
add Prometheus support some basic counters and gauges are now exposed
2019-09-13 16:45:36 +00:00
func sqlCommonCheckAvailability(dbHandle *sql.DB) error {
improve SQL provider availability check adding a timeout
2019-09-14 14:18:31 +00:00
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
return dbHandle.PingContext(ctx)
add Prometheus support some basic counters and gauges are now exposed
2019-09-13 16:45:36 +00:00
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonGetUserByID(ID int64, dbHandle *sql.DB) (User, error) {
first version
2019-07-20 10:26:52 +00:00
var user User
q := getUserByIDQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return user, err
}
defer stmt.Close()
row := stmt.QueryRow(ID)
return getUserFromDbRow(row, nil)
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonUpdateQuota(username string, filesAdd int, sizeAdd int64, reset bool, dbHandle *sql.DB) error {
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
q := getUpdateQuotaQuery(reset)
first version
2019-07-20 10:26:52 +00:00
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return err
}
defer stmt.Close()
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
_, err = stmt.Exec(sizeAdd, filesAdd, utils.GetTimeAsMsSinceEpoch(time.Now()), username)
first version
2019-07-20 10:26:52 +00:00
if err == nil {
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
providerLog(logger.LevelDebug, "quota updated for user %#v, files increment: %v size increment: %v is reset? %v",
quota tracking: fix concurrent updates added a test case to check quota size for upload that replace an existing file
2019-07-28 11:24:46 +00:00
username, filesAdd, sizeAdd, reset)
first version
2019-07-20 10:26:52 +00:00
} else {
dataprovider: add support for user status and expiration an user can now be disabled or expired. If you are using an SQL database as dataprovider please remember to execute the sql update script inside "sql" folder. Fixes #57
2019-11-13 10:36:21 +00:00
providerLog(logger.LevelWarn, "error updating quota for user %#v: %v", username, err)
}
return err
}
func sqlCommonUpdateLastLogin(username string, dbHandle *sql.DB) error {
q := getUpdateLastLoginQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
return err
}
defer stmt.Close()
_, err = stmt.Exec(utils.GetTimeAsMsSinceEpoch(time.Now()), username)
if err == nil {
providerLog(logger.LevelDebug, "last login updated for user %#v", username)
} else {
providerLog(logger.LevelWarn, "error updating last login for user %#v: %v", username, err)
first version
2019-07-20 10:26:52 +00:00
}
return err
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonGetUsedQuota(username string, dbHandle *sql.DB) (int, int64, error) {
first version
2019-07-20 10:26:52 +00:00
q := getQuotaQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return 0, 0, err
}
defer stmt.Close()
var usedFiles int
var usedSize int64
err = stmt.QueryRow(username).Scan(&usedSize, &usedFiles)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error getting quota for user: %v, error: %v", username, err)
first version
2019-07-20 10:26:52 +00:00
return 0, 0, err
}
return usedFiles, usedSize, err
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonCheckUserExists(username string, dbHandle *sql.DB) (User, error) {
first version
2019-07-20 10:26:52 +00:00
var user User
q := getUserByUsernameQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return user, err
}
defer stmt.Close()
row := stmt.QueryRow(username)
return getUserFromDbRow(row, nil)
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonAddUser(user User, dbHandle *sql.DB) error {
first version
2019-07-20 10:26:52 +00:00
err := validateUser(&user)
if err != nil {
return err
}
q := getAddUserQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return err
}
defer stmt.Close()
permissions, err := user.GetPermissionsAsJSON()
if err != nil {
return err
}
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
publicKeys, err := user.GetPublicKeysAsJSON()
if err != nil {
return err
}
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
filters, err := user.GetFiltersAsJSON()
if err != nil {
return err
}
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
fsConfig, err := user.GetFsConfigAsJSON()
if err != nil {
return err
}
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
_, err = stmt.Exec(user.Username, user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID, user.MaxSessions, user.QuotaSize,
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
user.QuotaFiles, string(permissions), user.UploadBandwidth, user.DownloadBandwidth, user.Status, user.ExpirationDate, string(filters),
string(fsConfig))
first version
2019-07-20 10:26:52 +00:00
return err
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonUpdateUser(user User, dbHandle *sql.DB) error {
first version
2019-07-20 10:26:52 +00:00
err := validateUser(&user)
if err != nil {
return err
}
q := getUpdateUserQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return err
}
defer stmt.Close()
permissions, err := user.GetPermissionsAsJSON()
if err != nil {
return err
}
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
publicKeys, err := user.GetPublicKeysAsJSON()
if err != nil {
return err
}
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
filters, err := user.GetFiltersAsJSON()
if err != nil {
return err
}
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
fsConfig, err := user.GetFsConfigAsJSON()
if err != nil {
return err
}
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
_, err = stmt.Exec(user.Password, string(publicKeys), user.HomeDir, user.UID, user.GID, user.MaxSessions, user.QuotaSize,
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
user.QuotaFiles, string(permissions), user.UploadBandwidth, user.DownloadBandwidth, user.Status, user.ExpirationDate,
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
string(filters), string(fsConfig), user.ID)
first version
2019-07-20 10:26:52 +00:00
return err
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonDeleteUser(user User, dbHandle *sql.DB) error {
first version
2019-07-20 10:26:52 +00:00
q := getDeleteUserQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return err
}
defer stmt.Close()
_, err = stmt.Exec(user.ID)
return err
}
add backup/restore REST API
2019-12-27 22:12:44 +00:00
func sqlCommonDumpUsers(dbHandle *sql.DB) ([]User, error) {
users := []User{}
q := getDumpUsersQuery()
stmt, err := dbHandle.Prepare(q)
if err != nil {
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
return nil, err
}
defer stmt.Close()
rows, err := stmt.Query()
if err == nil {
defer rows.Close()
for rows.Next() {
u, err := getUserFromDbRow(nil, rows)
if err == nil {
users = append(users, u)
} else {
break
}
}
}
return users, err
}
dataprovider move db handle to provider struct This is needed to support non SQL providers
2019-08-11 12:53:37 +00:00
func sqlCommonGetUsers(limit int, offset int, order string, username string, dbHandle *sql.DB) ([]User, error) {
first version
2019-07-20 10:26:52 +00:00
users := []User{}
q := getUsersQuery(order, username)
stmt, err := dbHandle.Prepare(q)
if err != nil {
improve logging this partially revert #45
2019-09-06 13:19:01 +00:00
providerLog(logger.LevelWarn, "error preparing database query %#v: %v", q, err)
first version
2019-07-20 10:26:52 +00:00
return nil, err
}
defer stmt.Close()
var rows *sql.Rows
if len(username) > 0 {
rows, err = stmt.Query(username, limit, offset)
} else {
rows, err = stmt.Query(limit, offset)
}
if err == nil {
defer rows.Close()
for rows.Next() {
u, err := getUserFromDbRow(nil, rows)
if err == nil {
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
users = append(users, HideUserSensitiveData(&u))
first version
2019-07-20 10:26:52 +00:00
} else {
break
}
}
}
return users, err
}
func getUserFromDbRow(row *sql.Row, rows *sql.Rows) (User, error) {
var user User
var permissions sql.NullString
var password sql.NullString
var publicKey sql.NullString
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
var filters sql.NullString
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
var fsConfig sql.NullString
first version
2019-07-20 10:26:52 +00:00
var err error
if row != nil {
err = row.Scan(&user.ID, &user.Username, &password, &publicKey, &user.HomeDir, &user.UID, &user.GID, &user.MaxSessions,
rename last_quota_scan to last_quota_update Existing databases must be updated using the script 20190728.sql
2019-07-28 17:29:32 +00:00
&user.QuotaSize, &user.QuotaFiles, &permissions, &user.UsedQuotaSize, &user.UsedQuotaFiles, &user.LastQuotaUpdate,
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
&user.UploadBandwidth, &user.DownloadBandwidth, &user.ExpirationDate, &user.LastLogin, &user.Status, &filters, &fsConfig)
first version
2019-07-20 10:26:52 +00:00
} else {
err = rows.Scan(&user.ID, &user.Username, &password, &publicKey, &user.HomeDir, &user.UID, &user.GID, &user.MaxSessions,
rename last_quota_scan to last_quota_update Existing databases must be updated using the script 20190728.sql
2019-07-28 17:29:32 +00:00
&user.QuotaSize, &user.QuotaFiles, &permissions, &user.UsedQuotaSize, &user.UsedQuotaFiles, &user.LastQuotaUpdate,
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
&user.UploadBandwidth, &user.DownloadBandwidth, &user.ExpirationDate, &user.LastLogin, &user.Status, &filters, &fsConfig)
first version
2019-07-20 10:26:52 +00:00
}
if err != nil {
dataprovider: add support for bbolt key/value store This way there is an alternative for embedded/small systems if CGO is disabled at build time and so SQLite support cannot be compiled
2019-08-12 16:31:31 +00:00
if err == sql.ErrNoRows {
return user, &RecordNotFoundError{err: err.Error()}
}
first version
2019-07-20 10:26:52 +00:00
return user, err
}
if password.Valid {
user.Password = password.String
}
if publicKey.Valid {
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
var list []string
err = json.Unmarshal([]byte(publicKey.String), &list)
if err == nil {
rename public_key in public_keys remove compatibility layer to convert public keys newline delimited in json list
2019-08-07 21:41:10 +00:00
user.PublicKeys = list
convert public key from newline delimited string to a real array Added a compatibility layer that will convert newline delimited keys to array when the user is fetched from the database. This code will be removed in future versions please update your public keys, you only need to resave the users using the REST API.
2019-08-01 20:42:46 +00:00
}
first version
2019-07-20 10:26:52 +00:00
}
if permissions.Valid {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
perms := make(map[string][]string)
err = json.Unmarshal([]byte(permissions.String), &perms)
first version
2019-07-20 10:26:52 +00:00
if err == nil {
add per directory permissions we can now have permissions such as these ones {"/":["*"],"/somedir":["list","download"]} The old permissions are automatically converted to the new structure, no database migration is needed
2019-12-25 17:20:19 +00:00
user.Permissions = perms
} else {
// compatibility layer: until version 0.9.4 permissions were a string list
var list []string
err = json.Unmarshal([]byte(permissions.String), &list)
if err == nil {
perms["/"] = list
user.Permissions = perms
}
first version
2019-07-20 10:26:52 +00:00
}
}
Add support for allowed/denied IP/Mask Login can be restricted to specific ranges of IP address or to a specific IP address. Please apply the appropriate SQL upgrade script to add the filter field to your database. The filter database field will allow to add other filters without requiring a new database migration
2019-12-30 17:37:50 +00:00
if filters.Valid {
var userFilters UserFilters
err = json.Unmarshal([]byte(filters.String), &userFilters)
if err == nil {
user.Filters = userFilters
}
} else {
user.Filters = UserFilters{
AllowedIP: []string{},
DeniedIP: []string{},
}
}
add basic S3-Compatible Object Storage support we have now an interface for filesystem backeds, this make easy to add new filesystem backends
2020-01-19 06:41:05 +00:00
if fsConfig.Valid {
var fs Filesystem
err = json.Unmarshal([]byte(fsConfig.String), &fs)
if err == nil {
user.FsConfig = fs
}
} else {
user.FsConfig = Filesystem{
Provider: 0,
}
}
first version
2019-07-20 10:26:52 +00:00
return user, err
}
Reference in a new issue Copy permalink