You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

v85.go 4.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package migrations
  5. import (
  6. "fmt"
  7. "github.com/go-xorm/core"
  8. "github.com/go-xorm/xorm"
  9. "code.gitea.io/gitea/models"
  10. "code.gitea.io/gitea/modules/generate"
  11. "code.gitea.io/gitea/modules/log"
  12. "code.gitea.io/gitea/modules/util"
  13. )
  14. func hashAppToken(x *xorm.Engine) error {
  15. // AccessToken see models/token.go
  16. type AccessToken struct {
  17. ID int64 `xorm:"pk autoincr"`
  18. UID int64 `xorm:"INDEX"`
  19. Name string
  20. Sha1 string
  21. Token string `xorm:"-"`
  22. TokenHash string // sha256 of token - we will ensure UNIQUE later
  23. TokenSalt string
  24. TokenLastEight string `xorm:"token_last_eight"`
  25. CreatedUnix util.TimeStamp `xorm:"INDEX created"`
  26. UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`
  27. HasRecentActivity bool `xorm:"-"`
  28. HasUsed bool `xorm:"-"`
  29. }
  30. // First remove the index
  31. sess := x.NewSession()
  32. defer sess.Close()
  33. if err := sess.Begin(); err != nil {
  34. return err
  35. }
  36. var err error
  37. if models.DbCfg.Type == core.POSTGRES || models.DbCfg.Type == core.SQLITE {
  38. _, err = sess.Exec("DROP INDEX IF EXISTS UQE_access_token_sha1")
  39. } else if models.DbCfg.Type == core.MSSQL {
  40. _, err = sess.Exec(`DECLARE @ConstraintName VARCHAR(256)
  41. DECLARE @SQL NVARCHAR(256)
  42. SELECT @ConstraintName = obj.name FROM sys.columns col LEFT OUTER JOIN sys.objects obj ON obj.object_id = col.default_object_id AND obj.type = 'D' WHERE col.object_id = OBJECT_ID('access_token') AND obj.name IS NOT NULL AND col.name = 'sha1'
  43. SET @SQL = N'ALTER TABLE [access_token] DROP CONSTRAINT [' + @ConstraintName + N']'
  44. EXEC sp_executesql @SQL`)
  45. } else if models.DbCfg.Type == core.MYSQL {
  46. indexes, err := sess.QueryString(`SHOW INDEX FROM access_token WHERE KEY_NAME = 'UQE_access_token_sha1'`)
  47. if err != nil {
  48. return err
  49. }
  50. if len(indexes) >= 1 {
  51. _, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")
  52. if err != nil {
  53. return err
  54. }
  55. }
  56. } else {
  57. _, err = sess.Exec("DROP INDEX UQE_access_token_sha1 ON access_token")
  58. }
  59. if err != nil {
  60. return fmt.Errorf("Drop index failed: %v", err)
  61. }
  62. if err = sess.Commit(); err != nil {
  63. return err
  64. }
  65. if err := sess.Begin(); err != nil {
  66. return err
  67. }
  68. if err := sess.Sync2(new(AccessToken)); err != nil {
  69. return fmt.Errorf("Sync2: %v", err)
  70. }
  71. if err = sess.Commit(); err != nil {
  72. return err
  73. }
  74. if err := sess.Begin(); err != nil {
  75. return err
  76. }
  77. // transform all tokens to hashes
  78. const batchSize = 100
  79. for start := 0; ; start += batchSize {
  80. tokens := make([]*AccessToken, 0, batchSize)
  81. if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {
  82. return err
  83. }
  84. if len(tokens) == 0 {
  85. break
  86. }
  87. for _, token := range tokens {
  88. // generate salt
  89. salt, err := generate.GetRandomString(10)
  90. if err != nil {
  91. return err
  92. }
  93. token.TokenSalt = salt
  94. token.TokenHash = hashToken(token.Sha1, salt)
  95. if len(token.Sha1) < 8 {
  96. log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)
  97. continue
  98. }
  99. token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]
  100. token.Sha1 = "" // ensure to blank out column in case drop column doesn't work
  101. if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {
  102. return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %v", err)
  103. }
  104. }
  105. }
  106. // Commit and begin new transaction for dropping columns
  107. if err := sess.Commit(); err != nil {
  108. return err
  109. }
  110. if err := sess.Begin(); err != nil {
  111. return err
  112. }
  113. if err := dropTableColumns(sess, "access_token", "sha1"); err != nil {
  114. return err
  115. }
  116. if err := sess.Commit(); err != nil {
  117. return err
  118. }
  119. return resyncHashAppTokenWithUniqueHash(x)
  120. }
  121. func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {
  122. // AccessToken see models/token.go
  123. type AccessToken struct {
  124. TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later
  125. }
  126. sess := x.NewSession()
  127. defer sess.Close()
  128. if err := sess.Begin(); err != nil {
  129. return err
  130. }
  131. if err := sess.Sync2(new(AccessToken)); err != nil {
  132. return fmt.Errorf("Sync2: %v", err)
  133. }
  134. return sess.Commit()
  135. }