1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package storage
import (
"database/sql"
"fmt"
"github.com/miniflux/miniflux2/helper"
"github.com/miniflux/miniflux2/model"
)
// Sessions returns the list of sessions for the given user.
func (s *Storage) Sessions(userID int64) (model.Sessions, error) {
query := `SELECT id, user_id, token, created_at, user_agent, ip FROM sessions WHERE user_id=$1 ORDER BY id DESC`
rows, err := s.db.Query(query, userID)
if err != nil {
return nil, fmt.Errorf("unable to fetch sessions: %v", err)
}
defer rows.Close()
var sessions model.Sessions
for rows.Next() {
var session model.Session
err := rows.Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
if err != nil {
return nil, fmt.Errorf("unable to fetch session row: %v", err)
}
sessions = append(sessions, &session)
}
return sessions, nil
}
// CreateSession creates a new sessions.
func (s *Storage) CreateSession(username, userAgent, ip string) (sessionID string, err error) {
var userID int64
err = s.db.QueryRow("SELECT id FROM users WHERE username = $1", username).Scan(&userID)
if err != nil {
return "", fmt.Errorf("unable to fetch UserID: %v", err)
}
token := helper.GenerateRandomString(64)
query := "INSERT INTO sessions (token, user_id, user_agent, ip) VALUES ($1, $2, $3, $4)"
_, err = s.db.Exec(query, token, userID, userAgent, ip)
if err != nil {
return "", fmt.Errorf("unable to create session: %v", err)
}
s.SetLastLogin(userID)
return token, nil
}
// SessionByToken finds a session by the token.
func (s *Storage) SessionByToken(token string) (*model.Session, error) {
var session model.Session
query := "SELECT id, user_id, token, created_at, user_agent, ip FROM sessions WHERE token = $1"
err := s.db.QueryRow(query, token).Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
if err == sql.ErrNoRows {
return nil, fmt.Errorf("session not found: %s", token)
} else if err != nil {
return nil, fmt.Errorf("unable to fetch session: %v", err)
}
return &session, nil
}
// RemoveSessionByToken remove a session by using the token.
func (s *Storage) RemoveSessionByToken(userID int64, token string) error {
result, err := s.db.Exec(`DELETE FROM sessions WHERE user_id=$1 AND token=$2`, userID, token)
if err != nil {
return fmt.Errorf("unable to remove this session: %v", err)
}
count, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("unable to remove this session: %v", err)
}
if count != 1 {
return fmt.Errorf("nothing has been removed")
}
return nil
}
// RemoveSessionByID remove a session by using the ID.
func (s *Storage) RemoveSessionByID(userID, sessionID int64) error {
result, err := s.db.Exec(`DELETE FROM sessions WHERE user_id=$1 AND id=$2`, userID, sessionID)
if err != nil {
return fmt.Errorf("unable to remove this session: %v", err)
}
count, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("unable to remove this session: %v", err)
}
if count != 1 {
return fmt.Errorf("nothing has been removed")
}
return nil
}
// FlushAllSessions removes all sessions from the database.
func (s *Storage) FlushAllSessions() (err error) {
_, err = s.db.Exec(`DELETE FROM sessions`)
return
}
|
