forgejo/models/migrations/v85.go

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package migrations

import (
	"fmt"

	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/timeutil"
	"code.gitea.io/gitea/modules/util"

	"xorm.io/xorm"
)

func hashAppToken(x *xorm.Engine) error {
	// AccessToken see models/token.go
	type AccessToken struct {
		ID             int64 `xorm:"pk autoincr"`
		UID            int64 `xorm:"INDEX"`
		Name           string
		Sha1           string
		Token          string `xorm:"-"`
		TokenHash      string // sha256 of token - we will ensure UNIQUE later
		TokenSalt      string
		TokenLastEight string `xorm:"token_last_eight"`

		CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`
		UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`
		HasRecentActivity bool               `xorm:"-"`
		HasUsed           bool               `xorm:"-"`
	}

	// First remove the index
	sess := x.NewSession()
	defer sess.Close()

	if err := sess.Begin(); err != nil {
		return err
	}

	if err := sess.Sync2(new(AccessToken)); err != nil {
		return fmt.Errorf("Sync2: %v", err)
	}

	if err := sess.Commit(); err != nil {
		return err
	}

	if err := sess.Begin(); err != nil {
		return err
	}

	// transform all tokens to hashes
	const batchSize = 100
	for start := 0; ; start += batchSize {
		tokens := make([]*AccessToken, 0, batchSize)
		if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {
			return err
		}
		if len(tokens) == 0 {
			break
		}

		for _, token := range tokens {
			// generate salt
			salt, err := util.RandomString(10)
			if err != nil {
				return err
			}
			token.TokenSalt = salt
			token.TokenHash = hashToken(token.Sha1, salt)
			if len(token.Sha1) < 8 {
				log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)
				continue
			}
			token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]
			token.Sha1 = "" // ensure to blank out column in case drop column doesn't work

			if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {
				return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err)
			}

		}
	}

	// Commit and begin new transaction for dropping columns
	if err := sess.Commit(); err != nil {
		return err
	}
	if err := sess.Begin(); err != nil {
		return err
	}

	if err := dropTableColumns(sess, "access_token", "sha1"); err != nil {
		return err
	}
	if err := sess.Commit(); err != nil {
		return err
	}
	return resyncHashAppTokenWithUniqueHash(x)
}

func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {
	// AccessToken see models/token.go
	type AccessToken struct {
		TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later
	}
	sess := x.NewSession()
	defer sess.Close()
	if err := sess.Begin(); err != nil {
		return err
	}
	if err := sess.Sync2(new(AccessToken)); err != nil {
		return fmt.Errorf("Sync2: %v", err)
	}
	return sess.Commit()
}
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package migrations`

			`import (`
			`"fmt"`

			`"code.gitea.io/gitea/modules/log"`
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger 2019-08-15 17:46:21 +03:00			`"code.gitea.io/gitea/modules/timeutil"`
Use single shared random string generation function (#15741) * Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com> 2021-05-10 09:45:17 +03:00			`"code.gitea.io/gitea/modules/util"`
Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger 2019-08-15 17:46:21 +03:00
Upgrade xorm to v0.8.0 (#8536) 2019-10-17 12:26:49 +03:00			`"xorm.io/xorm"`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`)`

			`func hashAppToken(x *xorm.Engine) error {`
			`// AccessToken see models/token.go`
			`type AccessToken struct {`
			ID int64 `xorm:"pk autoincr"`
			UID int64 `xorm:"INDEX"`
			`Name string`
			`Sha1 string`
			Token string `xorm:"-"`
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-05-05 16:47:42 +03:00			`TokenHash string // sha256 of token - we will ensure UNIQUE later`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`TokenSalt string`
			TokenLastEight string `xorm:"token_last_eight"`

Display ui time with customize time location (#7792) * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger 2019-08-15 17:46:21 +03:00			CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
			UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
			HasRecentActivity bool `xorm:"-"`
			HasUsed bool `xorm:"-"`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`}`

			`// First remove the index`
			`sess := x.NewSession()`
			`defer sess.Close()`

			`if err := sess.Begin(); err != nil {`
			`return err`
			`}`

Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-05-05 16:47:42 +03:00			`if err := sess.Sync2(new(AccessToken)); err != nil {`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`return fmt.Errorf("Sync2: %v", err)`
			`}`

Fix dropTableColumns sqlite implementation (#7710) * Fix dropTableColumns sqlite implementation * use droptables and its index dropping support in v78 and v85 * golang-ci fixes * Add migration from gitea 1.3.3 for sqlite which reveals the droptables bug - thus showing this works 2019-08-06 00:49:49 +03:00			`if err := sess.Commit(); err != nil {`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`return err`
			`}`

			`if err := sess.Begin(); err != nil {`
			`return err`
			`}`

			`// transform all tokens to hashes`
			`const batchSize = 100`
			`for start := 0; ; start += batchSize {`
			`tokens := make([]*AccessToken, 0, batchSize)`
			`if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {`
			`return err`
			`}`
			`if len(tokens) == 0 {`
			`break`
			`}`

			`for _, token := range tokens {`
			`// generate salt`
Use single shared random string generation function (#15741) * Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com> 2021-05-10 09:45:17 +03:00			`salt, err := util.RandomString(10)`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`if err != nil {`
			`return err`
			`}`
			`token.TokenSalt = salt`
			`token.TokenHash = hashToken(token.Sha1, salt)`
			`if len(token.Sha1) < 8 {`
			`log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)`
			`continue`
			`}`
			`token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]`
			`token.Sha1 = "" // ensure to blank out column in case drop column doesn't work`

			`if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {`
			`return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err)`
			`}`

			`}`
			`}`

			`// Commit and begin new transaction for dropping columns`
			`if err := sess.Commit(); err != nil {`
			`return err`
			`}`
			`if err := sess.Begin(); err != nil {`
			`return err`
			`}`

			`if err := dropTableColumns(sess, "access_token", "sha1"); err != nil {`
			`return err`
			`}`
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-05-05 16:47:42 +03:00			`if err := sess.Commit(); err != nil {`
			`return err`
			`}`
			`return resyncHashAppTokenWithUniqueHash(x)`
			`}`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net> 2019-05-05 16:47:42 +03:00			`func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {`
			`// AccessToken see models/token.go`
			`type AccessToken struct {`
			TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later
			`}`
			`sess := x.NewSession()`
			`defer sess.Close()`
			`if err := sess.Begin(); err != nil {`
			`return err`
			`}`
			`if err := sess.Sync2(new(AccessToken)); err != nil {`
			`return fmt.Errorf("Sync2: %v", err)`
			`}`
			`return sess.Commit()`
Hash App token (#6724) 2019-05-04 18:45:34 +03:00			`}`