1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package storage
import (
"database/sql"
"fmt"
"github.com/miniflux/miniflux/helper"
"github.com/miniflux/miniflux/model"
)
// UserSessions returns the list of sessions for the given user.
func (s *Storage) UserSessions(userID int64) (model.UserSessions, error) {
query := `SELECT
id, user_id, token, created_at, user_agent, ip
FROM user_sessions
WHERE user_id=$1 ORDER BY id DESC`
rows, err := s.db.Query(query, userID)
if err != nil {
return nil, fmt.Errorf("unable to fetch user sessions: %v", err)
}
defer rows.Close()
var sessions model.UserSessions
for rows.Next() {
var session model.UserSession
err := rows.Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
if err != nil {
return nil, fmt.Errorf("unable to fetch user session row: %v", err)
}
sessions = append(sessions, &session)
}
return sessions, nil
}
// CreateUserSession creates a new sessions.
func (s *Storage) CreateUserSession(username, userAgent, ip string) (sessionID string, err error) {
var userID int64
err = s.db.QueryRow("SELECT id FROM users WHERE username = $1", username).Scan(&userID)
if err != nil {
return "", fmt.Errorf("unable to fetch UserID: %v", err)
}
token := helper.GenerateRandomString(64)
query := "INSERT INTO user_sessions (token, user_id, user_agent, ip) VALUES ($1, $2, $3, $4)"
_, err = s.db.Exec(query, token, userID, userAgent, ip)
if err != nil {
return "", fmt.Errorf("unable to create user session: %v", err)
}
s.SetLastLogin(userID)
return token, nil
}
// UserSessionByToken finds a session by the token.
func (s *Storage) UserSessionByToken(token string) (*model.UserSession, error) {
var session model.UserSession
query := "SELECT id, user_id, token, created_at, user_agent, ip FROM user_sessions WHERE token = $1"
err := s.db.QueryRow(query, token).Scan(
&session.ID,
&session.UserID,
&session.Token,
&session.CreatedAt,
&session.UserAgent,
&session.IP,
)
if err == sql.ErrNoRows {
return nil, fmt.Errorf("user session not found: %s", token)
} else if err != nil {
return nil, fmt.Errorf("unable to fetch user session: %v", err)
}
return &session, nil
}
// RemoveUserSessionByToken remove a session by using the token.
func (s *Storage) RemoveUserSessionByToken(userID int64, token string) error {
result, err := s.db.Exec(`DELETE FROM user_sessions WHERE user_id=$1 AND token=$2`, userID, token)
if err != nil {
return fmt.Errorf("unable to remove this user session: %v", err)
}
count, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("unable to remove this user session: %v", err)
}
if count != 1 {
return fmt.Errorf("nothing has been removed")
}
return nil
}
// RemoveUserSessionByID remove a session by using the ID.
func (s *Storage) RemoveUserSessionByID(userID, sessionID int64) error {
result, err := s.db.Exec(`DELETE FROM user_sessions WHERE user_id=$1 AND id=$2`, userID, sessionID)
if err != nil {
return fmt.Errorf("unable to remove this user session: %v", err)
}
count, err := result.RowsAffected()
if err != nil {
return fmt.Errorf("unable to remove this user session: %v", err)
}
if count != 1 {
return fmt.Errorf("nothing has been removed")
}
return nil
}
|
