closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7675 Commits
2 Branches
178 MiB
Tree: b5aa7f7ceb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b5aa7f7ceb'
${ noResults }
gitea/models/migrations/v85.go

156 lines
4.3 KiB
Raw Normal View History

Hash App token (#6724)
5 years ago
Fix error log when loading issues caused by a xorm bug (#7271) * fix error log when loading issues caused by a xorm bug * upgrade packages * fix fmt * fix Consistency * fix tests
5 years ago
Hash App token (#6724)
5 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
5 years ago
Hash App token (#6724)
5 years ago
Add golangci (#6418)
5 years ago
Hash App token (#6724)
5 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
5 years ago
Hash App token (#6724)
5 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
5 years ago
Hash App token (#6724)
5 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
5 years ago
Hash App token (#6724)
5 years ago
 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package migrations
  6. 

  7. import (
  8. 	"fmt"
  9. 

  10. 	"github.com/go-xorm/xorm"
  11. 	"xorm.io/core"
  12. 

  13. 	"code.gitea.io/gitea/models"
  14. 	"code.gitea.io/gitea/modules/generate"
  15. 	"code.gitea.io/gitea/modules/log"
  16. 	"code.gitea.io/gitea/modules/util"
  17. )
  18. 

  19. func hashAppToken(x *xorm.Engine) error {
  20. 	// AccessToken see models/token.go

  21. 	type AccessToken struct {
  22. 		ID             int64 `xorm:"pk autoincr"`
  23. 		UID            int64 `xorm:"INDEX"`
  24. 		Name           string
  25. 		Sha1           string
  26. 		Token          string `xorm:"-"`
  27. 		TokenHash      string // sha256 of token - we will ensure UNIQUE later

  28. 		TokenSalt      string
  29. 		TokenLastEight string `xorm:"token_last_eight"`
  30. 

  31. 		CreatedUnix       util.TimeStamp `xorm:"INDEX created"`
  32. 		UpdatedUnix       util.TimeStamp `xorm:"INDEX updated"`
  33. 		HasRecentActivity bool           `xorm:"-"`
  34. 		HasUsed           bool           `xorm:"-"`
  35. 	}
  36. 

  37. 	// First remove the index

  38. 	sess := x.NewSession()
  39. 	defer sess.Close()
  40. 	if err := sess.Begin(); err != nil {
  41. 		return err
  42. 	}
  43. 

  44. 	var err error
  45. 	if models.DbCfg.Type == core.POSTGRES || models.DbCfg.Type == core.SQLITE {
  46. 		_, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1")
  47. 	} else if models.DbCfg.Type == core.MSSQL {
  48. 		_, err = sess.Exec(`DECLARE @ConstraintName VARCHAR(256)
  49. 		DECLARE @SQL NVARCHAR(256)
  50. 		SELECT @ConstraintName = obj.name FROM sys.columns col LEFT OUTER JOIN sys.objects obj ON obj.object_id = col.default_object_id AND obj.type = 'D' WHERE col.object_id = OBJECT_ID('access_token') AND obj.name IS NOT NULL AND col.name = 'sha1'
  51. 		SET @SQL = N'ALTER TABLE [access_token] DROP CONSTRAINT [' + @ConstraintName + N']'
  52. 		EXEC sp_executesql @SQL`)
  53. 	} else if models.DbCfg.Type == core.MYSQL {
  54. 		indexes, err := sess.QueryString(`SHOW INDEX FROM access_token WHERE KEY_NAME = 'UQE_access_token_sha1'`)
  55. 		if err != nil {
  56. 			return err
  57. 		}
  58. 

  59. 		if len(indexes) >= 1 {
  60. 			_, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")
  61. 			if err != nil {
  62. 				return err
  63. 			}
  64. 		}
  65. 	} else {
  66. 		_, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")
  67. 	}
  68. 	if err != nil {
  69. 		return fmt.Errorf("Drop index failed: %v", err)
  70. 	}
  71. 

  72. 	if err = sess.Commit(); err != nil {
  73. 		return err
  74. 	}
  75. 

  76. 	if err := sess.Begin(); err != nil {
  77. 		return err
  78. 	}
  79. 

  80. 	if err := sess.Sync2(new(AccessToken)); err != nil {
  81. 		return fmt.Errorf("Sync2: %v", err)
  82. 	}
  83. 

  84. 	if err = sess.Commit(); err != nil {
  85. 		return err
  86. 	}
  87. 

  88. 	if err := sess.Begin(); err != nil {
  89. 		return err
  90. 	}
  91. 

  92. 	// transform all tokens to hashes

  93. 	const batchSize = 100
  94. 	for start := 0; ; start += batchSize {
  95. 		tokens := make([]*AccessToken, 0, batchSize)
  96. 		if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {
  97. 			return err
  98. 		}
  99. 		if len(tokens) == 0 {
  100. 			break
  101. 		}
  102. 

  103. 		for _, token := range tokens {
  104. 			// generate salt

  105. 			salt, err := generate.GetRandomString(10)
  106. 			if err != nil {
  107. 				return err
  108. 			}
  109. 			token.TokenSalt = salt
  110. 			token.TokenHash = hashToken(token.Sha1, salt)
  111. 			if len(token.Sha1) < 8 {
  112. 				log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)
  113. 				continue
  114. 			}
  115. 			token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]
  116. 			token.Sha1 = "" // ensure to blank out column in case drop column doesn't work

  117. 

  118. 			if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {
  119. 				return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err)
  120. 			}
  121. 

  122. 		}
  123. 	}
  124. 

  125. 	// Commit and begin new transaction for dropping columns

  126. 	if err := sess.Commit(); err != nil {
  127. 		return err
  128. 	}
  129. 	if err := sess.Begin(); err != nil {
  130. 		return err
  131. 	}
  132. 

  133. 	if err := dropTableColumns(sess, "access_token", "sha1"); err != nil {
  134. 		return err
  135. 	}
  136. 	if err := sess.Commit(); err != nil {
  137. 		return err
  138. 	}
  139. 	return resyncHashAppTokenWithUniqueHash(x)
  140. }
  141. 

  142. func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {
  143. 	// AccessToken see models/token.go

  144. 	type AccessToken struct {
  145. 		TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later

  146. 	}
  147. 	sess := x.NewSession()
  148. 	defer sess.Close()
  149. 	if err := sess.Begin(); err != nil {
  150. 		return err
  151. 	}
  152. 	if err := sess.Sync2(new(AccessToken)); err != nil {
  153. 		return fmt.Errorf("Sync2: %v", err)
  154. 	}
  155. 	return sess.Commit()
  156. }