wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
7459 Commits
197 Branches
346 MB
573 Download
Tree: 07bcccf9ce
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '07bcccf9ce'
${ noResults }
aiforge/models/migrations/v85.go

v85.go 4.4 kB
Raw Normal View History

Hash App token (#6724)
6 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
6 years ago
Hash App token (#6724)
6 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
6 years ago
Hash App token (#6724)
6 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
6 years ago
Hash App token (#6724)
6 years ago
Fix v85.go: Set UNIQUE constraint later (#6851) Signed-off-by: Andrew Thornton <art27@cantab.net>
6 years ago
Hash App token (#6724)
6 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package migrations

  6. 

  7. import (

  8. 	"fmt"

  9. 

  10. 	"github.com/go-xorm/core"

  11. 	"github.com/go-xorm/xorm"

  12. 

  13. 	"code.gitea.io/gitea/models"

  14. 	"code.gitea.io/gitea/modules/generate"

  15. 	"code.gitea.io/gitea/modules/log"

  16. 	"code.gitea.io/gitea/modules/util"

  17. )

  18. 

  19. func hashAppToken(x *xorm.Engine) error {

  20. 	// AccessToken see models/token.go

  21. 	type AccessToken struct {

  22. 		ID             int64 `xorm:"pk autoincr"`

  23. 		UID            int64 `xorm:"INDEX"`

  24. 		Name           string

  25. 		Sha1           string

  26. 		Token          string `xorm:"-"`

  27. 		TokenHash      string // sha256 of token - we will ensure UNIQUE later

  28. 		TokenSalt      string

  29. 		TokenLastEight string `xorm:"token_last_eight"`

  30. 

  31. 		CreatedUnix       util.TimeStamp `xorm:"INDEX created"`

  32. 		UpdatedUnix       util.TimeStamp `xorm:"INDEX updated"`

  33. 		HasRecentActivity bool           `xorm:"-"`

  34. 		HasUsed           bool           `xorm:"-"`

  35. 	}

  36. 

  37. 	// First remove the index

  38. 	sess := x.NewSession()

  39. 	defer sess.Close()

  40. 	if err := sess.Begin(); err != nil {

  41. 		return err

  42. 	}

  43. 

  44. 	var err error

  45. 	if models.DbCfg.Type == core.POSTGRES || models.DbCfg.Type == core.SQLITE {

  46. 		_, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1")

  47. 	} else if models.DbCfg.Type == core.MSSQL {

  48. 		_, err = sess.Exec(`DECLARE @ConstraintName VARCHAR(256)

  49. 		DECLARE @SQL NVARCHAR(256)

  50. 		SELECT @ConstraintName = obj.name FROM sys.columns col LEFT OUTER JOIN sys.objects obj ON obj.object_id = col.default_object_id AND obj.type = 'D' WHERE col.object_id = OBJECT_ID('access_token') AND obj.name IS NOT NULL AND col.name = 'sha1'

  51. 		SET @SQL = N'ALTER TABLE [access_token] DROP CONSTRAINT [' + @ConstraintName + N']'

  52. 		EXEC sp_executesql @SQL`)

  53. 	} else if models.DbCfg.Type == core.MYSQL {

  54. 		indexes, err := sess.QueryString(`SHOW INDEX FROM access_token WHERE KEY_NAME = 'UQE_access_token_sha1'`)

  55. 		if err != nil {

  56. 			return err

  57. 		}

  58. 

  59. 		if len(indexes) >= 1 {

  60. 			_, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")

  61. 		}

  62. 	} else {

  63. 		_, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")

  64. 	}

  65. 	if err != nil {

  66. 		return fmt.Errorf("Drop index failed: %v", err)

  67. 	}

  68. 

  69. 	if err = sess.Commit(); err != nil {

  70. 		return err

  71. 	}

  72. 

  73. 	if err := sess.Begin(); err != nil {

  74. 		return err

  75. 	}

  76. 

  77. 	if err := sess.Sync2(new(AccessToken)); err != nil {

  78. 		return fmt.Errorf("Sync2: %v", err)

  79. 	}

  80. 

  81. 	if err = sess.Commit(); err != nil {

  82. 		return err

  83. 	}

  84. 

  85. 	if err := sess.Begin(); err != nil {

  86. 		return err

  87. 	}

  88. 

  89. 	// transform all tokens to hashes

  90. 	const batchSize = 100

  91. 	for start := 0; ; start += batchSize {

  92. 		tokens := make([]*AccessToken, 0, batchSize)

  93. 		if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {

  94. 			return err

  95. 		}

  96. 		if len(tokens) == 0 {

  97. 			break

  98. 		}

  99. 

  100. 		for _, token := range tokens {

  101. 			// generate salt

  102. 			salt, err := generate.GetRandomString(10)

  103. 			if err != nil {

  104. 				return err

  105. 			}

  106. 			token.TokenSalt = salt

  107. 			token.TokenHash = hashToken(token.Sha1, salt)

  108. 			if len(token.Sha1) < 8 {

  109. 				log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)

  110. 				continue

  111. 			}

  112. 			token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]

  113. 			token.Sha1 = "" // ensure to blank out column in case drop column doesn't work

  114. 

  115. 			if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {

  116. 				return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err)

  117. 			}

  118. 

  119. 		}

  120. 	}

  121. 

  122. 	// Commit and begin new transaction for dropping columns

  123. 	if err := sess.Commit(); err != nil {

  124. 		return err

  125. 	}

  126. 	if err := sess.Begin(); err != nil {

  127. 		return err

  128. 	}

  129. 

  130. 	if err := dropTableColumns(sess, "access_token", "sha1"); err != nil {

  131. 		return err

  132. 	}

  133. 	if err := sess.Commit(); err != nil {

  134. 		return err

  135. 	}

  136. 	return resyncHashAppTokenWithUniqueHash(x)

  137. }

  138. 

  139. func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {

  140. 	// AccessToken see models/token.go

  141. 	type AccessToken struct {

  142. 		TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later

  143. 	}

  144. 	sess := x.NewSession()

  145. 	defer sess.Close()

  146. 	if err := sess.Begin(); err != nil {

  147. 		return err

  148. 	}

  149. 	if err := sess.Sync2(new(AccessToken)); err != nil {

  150. 		return fmt.Errorf("Sync2: %v", err)

  151. 	}

  152. 	return sess.Commit()

  153. }

No Description