mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11956 Commits
17 Branches
Tree: 360d8e7c23
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '360d8e7c23'
${ noResults }
gitea/models/token.go

token.go 4.9KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package models

  7. 

  8. import (

  9. 	"crypto/subtle"

  10. 	"time"

  11. 

  12. 	"code.gitea.io/gitea/modules/base"

  13. 	"code.gitea.io/gitea/modules/timeutil"

  14. 	"code.gitea.io/gitea/modules/util"

  15. 

  16. 	gouuid "github.com/google/uuid"

  17. 	lru "github.com/hashicorp/golang-lru"

  18. )

  19. 

  20. var successfulAccessTokenCache *lru.Cache

  21. 

  22. // AccessToken represents a personal access token.

  23. type AccessToken struct {

  24. 	ID             int64 `xorm:"pk autoincr"`

  25. 	UID            int64 `xorm:"INDEX"`

  26. 	Name           string

  27. 	Token          string `xorm:"-"`

  28. 	TokenHash      string `xorm:"UNIQUE"` // sha256 of token

  29. 	TokenSalt      string

  30. 	TokenLastEight string `xorm:"token_last_eight"`

  31. 

  32. 	CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`

  33. 	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`

  34. 	HasRecentActivity bool               `xorm:"-"`

  35. 	HasUsed           bool               `xorm:"-"`

  36. }

  37. 

  38. // AfterLoad is invoked from XORM after setting the values of all fields of this object.

  39. func (t *AccessToken) AfterLoad() {

  40. 	t.HasUsed = t.UpdatedUnix > t.CreatedUnix

  41. 	t.HasRecentActivity = t.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()

  42. }

  43. 

  44. // NewAccessToken creates new access token.

  45. func NewAccessToken(t *AccessToken) error {

  46. 	salt, err := util.RandomString(10)

  47. 	if err != nil {

  48. 		return err

  49. 	}

  50. 	t.TokenSalt = salt

  51. 	t.Token = base.EncodeSha1(gouuid.New().String())

  52. 	t.TokenHash = hashToken(t.Token, t.TokenSalt)

  53. 	t.TokenLastEight = t.Token[len(t.Token)-8:]

  54. 	_, err = x.Insert(t)

  55. 	return err

  56. }

  57. 

  58. func getAccessTokenIDFromCache(token string) int64 {

  59. 	if successfulAccessTokenCache == nil {

  60. 		return 0

  61. 	}

  62. 	tInterface, ok := successfulAccessTokenCache.Get(token)

  63. 	if !ok {

  64. 		return 0

  65. 	}

  66. 	t, ok := tInterface.(int64)

  67. 	if !ok {

  68. 		return 0

  69. 	}

  70. 	return t

  71. }

  72. 

  73. // GetAccessTokenBySHA returns access token by given token value

  74. func GetAccessTokenBySHA(token string) (*AccessToken, error) {

  75. 	if token == "" {

  76. 		return nil, ErrAccessTokenEmpty{}

  77. 	}

  78. 	// A token is defined as being SHA1 sum these are 40 hexadecimal bytes long

  79. 	if len(token) != 40 {

  80. 		return nil, ErrAccessTokenNotExist{token}

  81. 	}

  82. 	for _, x := range []byte(token) {

  83. 		if x < '0' || (x > '9' && x < 'a') || x > 'f' {

  84. 			return nil, ErrAccessTokenNotExist{token}

  85. 		}

  86. 	}

  87. 

  88. 	lastEight := token[len(token)-8:]

  89. 

  90. 	if id := getAccessTokenIDFromCache(token); id > 0 {

  91. 		token := &AccessToken{

  92. 			TokenLastEight: lastEight,

  93. 		}

  94. 		// Re-get the token from the db in case it has been deleted in the intervening period

  95. 		has, err := x.ID(id).Get(token)

  96. 		if err != nil {

  97. 			return nil, err

  98. 		}

  99. 		if has {

  100. 			return token, nil

  101. 		}

  102. 		successfulAccessTokenCache.Remove(token)

  103. 	}

  104. 

  105. 	var tokens []AccessToken

  106. 	err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)

  107. 	if err != nil {

  108. 		return nil, err

  109. 	} else if len(tokens) == 0 {

  110. 		return nil, ErrAccessTokenNotExist{token}

  111. 	}

  112. 

  113. 	for _, t := range tokens {

  114. 		tempHash := hashToken(token, t.TokenSalt)

  115. 		if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {

  116. 			if successfulAccessTokenCache != nil {

  117. 				successfulAccessTokenCache.Add(token, t.ID)

  118. 			}

  119. 			return &t, nil

  120. 		}

  121. 	}

  122. 	return nil, ErrAccessTokenNotExist{token}

  123. }

  124. 

  125. // AccessTokenByNameExists checks if a token name has been used already by a user.

  126. func AccessTokenByNameExists(token *AccessToken) (bool, error) {

  127. 	return x.Table("access_token").Where("name = ?", token.Name).And("uid = ?", token.UID).Exist()

  128. }

  129. 

  130. // ListAccessTokensOptions contain filter options

  131. type ListAccessTokensOptions struct {

  132. 	ListOptions

  133. 	Name   string

  134. 	UserID int64

  135. }

  136. 

  137. // ListAccessTokens returns a list of access tokens belongs to given user.

  138. func ListAccessTokens(opts ListAccessTokensOptions) ([]*AccessToken, error) {

  139. 	sess := x.Where("uid=?", opts.UserID)

  140. 

  141. 	if len(opts.Name) != 0 {

  142. 		sess = sess.Where("name=?", opts.Name)

  143. 	}

  144. 

  145. 	sess = sess.Desc("id")

  146. 

  147. 	if opts.Page != 0 {

  148. 		sess = opts.setSessionPagination(sess)

  149. 

  150. 		tokens := make([]*AccessToken, 0, opts.PageSize)

  151. 		return tokens, sess.Find(&tokens)

  152. 	}

  153. 

  154. 	tokens := make([]*AccessToken, 0, 5)

  155. 	return tokens, sess.Find(&tokens)

  156. }

  157. 

  158. // UpdateAccessToken updates information of access token.

  159. func UpdateAccessToken(t *AccessToken) error {

  160. 	_, err := x.ID(t.ID).AllCols().Update(t)

  161. 	return err

  162. }

  163. 

  164. // CountAccessTokens count access tokens belongs to given user by options

  165. func CountAccessTokens(opts ListAccessTokensOptions) (int64, error) {

  166. 	sess := x.Where("uid=?", opts.UserID)

  167. 	if len(opts.Name) != 0 {

  168. 		sess = sess.Where("name=?", opts.Name)

  169. 	}

  170. 	return sess.Count(&AccessToken{})

  171. }

  172. 

  173. // DeleteAccessTokenByID deletes access token by given ID.

  174. func DeleteAccessTokenByID(id, userID int64) error {

  175. 	cnt, err := x.ID(id).Delete(&AccessToken{

  176. 		UID: userID,

  177. 	})

  178. 	if err != nil {

  179. 		return err

  180. 	} else if cnt != 1 {

  181. 		return ErrAccessTokenNotExist{}

  182. 	}

  183. 	return nil

  184. }