2014-11-12 06:48:50 -05:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2019-05-04 11:45:34 -04:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2014-11-12 06:48:50 -05:00
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package models
import (
2019-05-04 11:45:34 -04:00
"crypto/subtle"
2014-11-12 06:48:50 -05:00
"time"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/modules/base"
2019-05-04 11:45:34 -04:00
"code.gitea.io/gitea/modules/generate"
2019-08-15 22:46:21 +08:00
"code.gitea.io/gitea/modules/timeutil"
2020-06-18 17:18:44 +08:00
gouuid "github.com/google/uuid"
2014-11-12 06:48:50 -05:00
)
// AccessToken represents a personal access token.
type AccessToken struct {
2019-05-04 11:45:34 -04:00
ID int64 ` xorm:"pk autoincr" `
UID int64 ` xorm:"INDEX" `
Name string
Token string ` xorm:"-" `
TokenHash string ` xorm:"UNIQUE" ` // sha256 of token
TokenSalt string
TokenLastEight string ` xorm:"token_last_eight" `
2016-03-09 19:53:30 -05:00
2019-08-15 22:46:21 +08:00
CreatedUnix timeutil . TimeStamp ` xorm:"INDEX created" `
UpdatedUnix timeutil . TimeStamp ` xorm:"INDEX updated" `
HasRecentActivity bool ` xorm:"-" `
HasUsed bool ` xorm:"-" `
2014-11-12 06:48:50 -05:00
}
2017-10-02 00:52:35 +08:00
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func ( t * AccessToken ) AfterLoad ( ) {
2017-12-11 12:37:04 +08:00
t . HasUsed = t . UpdatedUnix > t . CreatedUnix
2019-08-15 22:46:21 +08:00
t . HasRecentActivity = t . UpdatedUnix . AddDuration ( 7 * 24 * time . Hour ) > timeutil . TimeStampNow ( )
2016-03-09 19:53:30 -05:00
}
2014-11-12 06:48:50 -05:00
// NewAccessToken creates new access token.
func NewAccessToken ( t * AccessToken ) error {
2019-05-04 11:45:34 -04:00
salt , err := generate . GetRandomString ( 10 )
if err != nil {
return err
}
t . TokenSalt = salt
2020-06-18 17:18:44 +08:00
t . Token = base . EncodeSha1 ( gouuid . New ( ) . String ( ) )
2019-05-04 11:45:34 -04:00
t . TokenHash = hashToken ( t . Token , t . TokenSalt )
t . TokenLastEight = t . Token [ len ( t . Token ) - 8 : ]
_ , err = x . Insert ( t )
2014-11-12 06:48:50 -05:00
return err
}
2019-05-04 11:45:34 -04:00
// GetAccessTokenBySHA returns access token by given token value
func GetAccessTokenBySHA ( token string ) ( * AccessToken , error ) {
if token == "" {
2016-06-27 11:02:39 +02:00
return nil , ErrAccessTokenEmpty { }
}
2019-05-04 11:45:34 -04:00
if len ( token ) < 8 {
return nil , ErrAccessTokenNotExist { token }
}
var tokens [ ] AccessToken
lastEight := token [ len ( token ) - 8 : ]
err := x . Table ( & AccessToken { } ) . Where ( "token_last_eight = ?" , lastEight ) . Find ( & tokens )
2014-11-12 06:48:50 -05:00
if err != nil {
return nil , err
2019-05-04 11:45:34 -04:00
} else if len ( tokens ) == 0 {
return nil , ErrAccessTokenNotExist { token }
}
for _ , t := range tokens {
tempHash := hashToken ( token , t . TokenSalt )
if subtle . ConstantTimeCompare ( [ ] byte ( t . TokenHash ) , [ ] byte ( tempHash ) ) == 1 {
return & t , nil
}
2014-11-12 06:48:50 -05:00
}
2019-05-04 11:45:34 -04:00
return nil , ErrAccessTokenNotExist { token }
2014-11-12 06:48:50 -05:00
}
2020-04-13 21:02:48 +02:00
// AccessTokenByNameExists checks if a token name has been used already by a user.
func AccessTokenByNameExists ( token * AccessToken ) ( bool , error ) {
return x . Table ( "access_token" ) . Where ( "name = ?" , token . Name ) . And ( "uid = ?" , token . UID ) . Exist ( )
}
2020-08-28 10:09:33 +02:00
// ListAccessTokensOptions contain filter options
type ListAccessTokensOptions struct {
ListOptions
Name string
UserID int64
}
2014-11-12 06:48:50 -05:00
// ListAccessTokens returns a list of access tokens belongs to given user.
2020-08-28 10:09:33 +02:00
func ListAccessTokens ( opts ListAccessTokensOptions ) ( [ ] * AccessToken , error ) {
sess := x . Where ( "uid=?" , opts . UserID )
if len ( opts . Name ) != 0 {
sess = sess . Where ( "name=?" , opts . Name )
}
sess = sess . Desc ( "id" )
2020-01-24 19:00:29 +00:00
2020-08-28 10:09:33 +02:00
if opts . Page != 0 {
sess = opts . setSessionPagination ( sess )
2020-01-24 19:00:29 +00:00
2020-08-28 10:09:33 +02:00
tokens := make ( [ ] * AccessToken , 0 , opts . PageSize )
2020-01-24 19:00:29 +00:00
return tokens , sess . Find ( & tokens )
}
tokens := make ( [ ] * AccessToken , 0 , 5 )
return tokens , sess . Find ( & tokens )
2014-11-12 06:48:50 -05:00
}
2016-01-06 22:41:42 +03:00
// UpdateAccessToken updates information of access token.
func UpdateAccessToken ( t * AccessToken ) error {
2017-10-04 21:43:04 -07:00
_ , err := x . ID ( t . ID ) . AllCols ( ) . Update ( t )
2015-08-19 06:22:33 +08:00
return err
}
2015-08-19 03:36:16 +08:00
// DeleteAccessTokenByID deletes access token by given ID.
2016-12-15 16:49:06 +08:00
func DeleteAccessTokenByID ( id , userID int64 ) error {
2017-10-04 21:43:04 -07:00
cnt , err := x . ID ( id ) . Delete ( & AccessToken {
2016-12-15 16:49:06 +08:00
UID : userID ,
} )
if err != nil {
return err
} else if cnt != 1 {
return ErrAccessTokenNotExist { }
}
return nil
2014-11-12 06:48:50 -05:00
}