mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11885 Commits
17 Branches
Tree: 2289580bb7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2289580bb7'
${ noResults }
gitea/models/token.go

token.go 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package models

  7. 

  8. import (

  9. 	"crypto/subtle"

  10. 	"time"

  11. 

  12. 	"code.gitea.io/gitea/modules/base"

  13. 	"code.gitea.io/gitea/modules/timeutil"

  14. 	"code.gitea.io/gitea/modules/util"

  15. 

  16. 	gouuid "github.com/google/uuid"

  17. )

  18. 

  19. // AccessToken represents a personal access token.

  20. type AccessToken struct {

  21. 	ID             int64 `xorm:"pk autoincr"`

  22. 	UID            int64 `xorm:"INDEX"`

  23. 	Name           string

  24. 	Token          string `xorm:"-"`

  25. 	TokenHash      string `xorm:"UNIQUE"` // sha256 of token

  26. 	TokenSalt      string

  27. 	TokenLastEight string `xorm:"token_last_eight"`

  28. 

  29. 	CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`

  30. 	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`

  31. 	HasRecentActivity bool               `xorm:"-"`

  32. 	HasUsed           bool               `xorm:"-"`

  33. }

  34. 

  35. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  36. func (t *AccessToken) AfterLoad() {

  37. 	t.HasUsed = t.UpdatedUnix > t.CreatedUnix

  38. 	t.HasRecentActivity = t.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()

  39. }

  40. 

  41. // NewAccessToken creates new access token.

  42. func NewAccessToken(t *AccessToken) error {

  43. 	salt, err := util.RandomString(10)

  44. 	if err != nil {

  45. 		return err

  46. 	}

  47. 	t.TokenSalt = salt

  48. 	t.Token = base.EncodeSha1(gouuid.New().String())

  49. 	t.TokenHash = hashToken(t.Token, t.TokenSalt)

  50. 	t.TokenLastEight = t.Token[len(t.Token)-8:]

  51. 	_, err = x.Insert(t)

  52. 	return err

  53. }

  54. 

  55. // GetAccessTokenBySHA returns access token by given token value

  56. func GetAccessTokenBySHA(token string) (*AccessToken, error) {

  57. 	if token == "" {

  58. 		return nil, ErrAccessTokenEmpty{}

  59. 	}

  60. 	// A token is defined as being SHA1 sum these are 40 hexadecimal bytes long

  61. 	if len(token) != 40 {

  62. 		return nil, ErrAccessTokenNotExist{token}

  63. 	}

  64. 	for _, x := range []byte(token) {

  65. 		if x < '0' || (x > '9' && x < 'a') || x > 'f' {

  66. 			return nil, ErrAccessTokenNotExist{token}

  67. 		}

  68. 	}

  69. 	var tokens []AccessToken

  70. 	lastEight := token[len(token)-8:]

  71. 	err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)

  72. 	if err != nil {

  73. 		return nil, err

  74. 	} else if len(tokens) == 0 {

  75. 		return nil, ErrAccessTokenNotExist{token}

  76. 	}

  77. 	for _, t := range tokens {

  78. 		tempHash := hashToken(token, t.TokenSalt)

  79. 		if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {

  80. 			return &t, nil

  81. 		}

  82. 	}

  83. 	return nil, ErrAccessTokenNotExist{token}

  84. }

  85. 

  86. // AccessTokenByNameExists checks if a token name has been used already by a user.

  87. func AccessTokenByNameExists(token *AccessToken) (bool, error) {

  88. 	return x.Table("access_token").Where("name = ?", token.Name).And("uid = ?", token.UID).Exist()

  89. }

  90. 

  91. // ListAccessTokensOptions contain filter options

  92. type ListAccessTokensOptions struct {

  93. 	ListOptions

  94. 	Name   string

  95. 	UserID int64

  96. }

  97. 

  98. // ListAccessTokens returns a list of access tokens belongs to given user.

  99. func ListAccessTokens(opts ListAccessTokensOptions) ([]*AccessToken, error) {

  100. 	sess := x.Where("uid=?", opts.UserID)

  101. 

  102. 	if len(opts.Name) != 0 {

  103. 		sess = sess.Where("name=?", opts.Name)

  104. 	}

  105. 

  106. 	sess = sess.Desc("id")

  107. 

  108. 	if opts.Page != 0 {

  109. 		sess = opts.setSessionPagination(sess)

  110. 

  111. 		tokens := make([]*AccessToken, 0, opts.PageSize)

  112. 		return tokens, sess.Find(&tokens)

  113. 	}

  114. 

  115. 	tokens := make([]*AccessToken, 0, 5)

  116. 	return tokens, sess.Find(&tokens)

  117. }

  118. 

  119. // UpdateAccessToken updates information of access token.

  120. func UpdateAccessToken(t *AccessToken) error {

  121. 	_, err := x.ID(t.ID).AllCols().Update(t)

  122. 	return err

  123. }

  124. 

  125. // CountAccessTokens count access tokens belongs to given user by options

  126. func CountAccessTokens(opts ListAccessTokensOptions) (int64, error) {

  127. 	sess := x.Where("uid=?", opts.UserID)

  128. 	if len(opts.Name) != 0 {

  129. 		sess = sess.Where("name=?", opts.Name)

  130. 	}

  131. 	return sess.Count(&AccessToken{})

  132. }

  133. 

  134. // DeleteAccessTokenByID deletes access token by given ID.

  135. func DeleteAccessTokenByID(id, userID int64) error {

  136. 	cnt, err := x.ID(id).Delete(&AccessToken{

  137. 		UID: userID,

  138. 	})

  139. 	if err != nil {

  140. 		return err

  141. 	} else if cnt != 1 {

  142. 		return ErrAccessTokenNotExist{}

  143. 	}

  144. 	return nil

  145. }