2019-05-04 18:45:34 +03:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
2019-05-04 18:45:34 +03:00
2022-11-02 11:54:36 +03:00
package v1_9 //nolint
2019-05-04 18:45:34 +03:00
import (
"fmt"
2022-11-02 11:54:36 +03:00
"code.gitea.io/gitea/models/migrations/base"
2019-05-04 18:45:34 +03:00
"code.gitea.io/gitea/modules/log"
2019-08-15 17:46:21 +03:00
"code.gitea.io/gitea/modules/timeutil"
2021-05-10 09:45:17 +03:00
"code.gitea.io/gitea/modules/util"
2019-08-15 17:46:21 +03:00
2019-10-17 12:26:49 +03:00
"xorm.io/xorm"
2019-05-04 18:45:34 +03:00
)
2022-11-02 11:54:36 +03:00
func HashAppToken ( x * xorm . Engine ) error {
2019-05-04 18:45:34 +03:00
// AccessToken see models/token.go
type AccessToken struct {
ID int64 ` xorm:"pk autoincr" `
UID int64 ` xorm:"INDEX" `
Name string
Sha1 string
Token string ` xorm:"-" `
2019-05-05 16:47:42 +03:00
TokenHash string // sha256 of token - we will ensure UNIQUE later
2019-05-04 18:45:34 +03:00
TokenSalt string
TokenLastEight string ` xorm:"token_last_eight" `
2019-08-15 17:46:21 +03:00
CreatedUnix timeutil . TimeStamp ` xorm:"INDEX created" `
UpdatedUnix timeutil . TimeStamp ` xorm:"INDEX updated" `
HasRecentActivity bool ` xorm:"-" `
HasUsed bool ` xorm:"-" `
2019-05-04 18:45:34 +03:00
}
// First remove the index
sess := x . NewSession ( )
defer sess . Close ( )
if err := sess . Begin ( ) ; err != nil {
return err
}
2019-05-05 16:47:42 +03:00
if err := sess . Sync2 ( new ( AccessToken ) ) ; err != nil {
2022-10-24 22:29:17 +03:00
return fmt . Errorf ( "Sync2: %w" , err )
2019-05-04 18:45:34 +03:00
}
2019-08-06 00:49:49 +03:00
if err := sess . Commit ( ) ; err != nil {
2019-05-04 18:45:34 +03:00
return err
}
if err := sess . Begin ( ) ; err != nil {
return err
}
// transform all tokens to hashes
const batchSize = 100
for start := 0 ; ; start += batchSize {
tokens := make ( [ ] * AccessToken , 0 , batchSize )
if err := sess . Limit ( batchSize , start ) . Find ( & tokens ) ; err != nil {
return err
}
if len ( tokens ) == 0 {
break
}
for _ , token := range tokens {
// generate salt
2022-01-26 07:10:10 +03:00
salt , err := util . CryptoRandomString ( 10 )
2019-05-04 18:45:34 +03:00
if err != nil {
return err
}
token . TokenSalt = salt
2022-11-02 11:54:36 +03:00
token . TokenHash = base . HashToken ( token . Sha1 , salt )
2019-05-04 18:45:34 +03:00
if len ( token . Sha1 ) < 8 {
log . Warn ( "Unable to transform token %s with name %s belonging to user ID %d, skipping transformation" , token . Sha1 , token . Name , token . UID )
continue
}
token . TokenLastEight = token . Sha1 [ len ( token . Sha1 ) - 8 : ]
token . Sha1 = "" // ensure to blank out column in case drop column doesn't work
if _ , err := sess . ID ( token . ID ) . Cols ( "token_hash, token_salt, token_last_eight, sha1" ) . Update ( token ) ; err != nil {
2022-10-24 22:29:17 +03:00
return fmt . Errorf ( "couldn't add in sha1, token_hash, token_salt and token_last_eight: %w" , err )
2019-05-04 18:45:34 +03:00
}
}
}
// Commit and begin new transaction for dropping columns
if err := sess . Commit ( ) ; err != nil {
return err
}
if err := sess . Begin ( ) ; err != nil {
return err
}
2022-11-02 11:54:36 +03:00
if err := base . DropTableColumns ( sess , "access_token" , "sha1" ) ; err != nil {
2019-05-04 18:45:34 +03:00
return err
}
2019-05-05 16:47:42 +03:00
if err := sess . Commit ( ) ; err != nil {
return err
}
return resyncHashAppTokenWithUniqueHash ( x )
}
2019-05-04 18:45:34 +03:00
2019-05-05 16:47:42 +03:00
func resyncHashAppTokenWithUniqueHash ( x * xorm . Engine ) error {
// AccessToken see models/token.go
type AccessToken struct {
TokenHash string ` xorm:"UNIQUE" ` // sha256 of token - we will ensure UNIQUE later
}
sess := x . NewSession ( )
defer sess . Close ( )
if err := sess . Begin ( ) ; err != nil {
return err
}
if err := sess . Sync2 ( new ( AccessToken ) ) ; err != nil {
2022-10-24 22:29:17 +03:00
return fmt . Errorf ( "Sync2: %w" , err )
2019-05-05 16:47:42 +03:00
}
return sess . Commit ( )
2019-05-04 18:45:34 +03:00
}