gitea/models/token.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package models

import (
	"crypto/subtle"
	"time"

	gouuid "github.com/satori/go.uuid"

	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/generate"
	"code.gitea.io/gitea/modules/util"
)

// AccessToken represents a personal access token.
type AccessToken struct {
	ID             int64 `xorm:"pk autoincr"`
	UID            int64 `xorm:"INDEX"`
	Name           string
	Token          string `xorm:"-"`
	TokenHash      string `xorm:"UNIQUE"` // sha256 of token
	TokenSalt      string
	TokenLastEight string `xorm:"token_last_eight"`

	CreatedUnix       util.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix       util.TimeStamp `xorm:"INDEX updated"`
	HasRecentActivity bool           `xorm:"-"`
	HasUsed           bool           `xorm:"-"`
}

// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (t *AccessToken) AfterLoad() {
	t.HasUsed = t.UpdatedUnix > t.CreatedUnix
	t.HasRecentActivity = t.UpdatedUnix.AddDuration(7*24*time.Hour) > util.TimeStampNow()
}

// NewAccessToken creates new access token.
func NewAccessToken(t *AccessToken) error {
	salt, err := generate.GetRandomString(10)
	if err != nil {
		return err
	}
	t.TokenSalt = salt
	t.Token = base.EncodeSha1(gouuid.NewV4().String())
	t.TokenHash = hashToken(t.Token, t.TokenSalt)
	t.TokenLastEight = t.Token[len(t.Token)-8:]
	_, err = x.Insert(t)
	return err
}

// GetAccessTokenBySHA returns access token by given token value
func GetAccessTokenBySHA(token string) (*AccessToken, error) {
	if token == "" {
		return nil, ErrAccessTokenEmpty{}
	}
	if len(token) < 8 {
		return nil, ErrAccessTokenNotExist{token}
	}
	var tokens []AccessToken
	lastEight := token[len(token)-8:]
	err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)
	if err != nil {
		return nil, err
	} else if len(tokens) == 0 {
		return nil, ErrAccessTokenNotExist{token}
	}
	for _, t := range tokens {
		tempHash := hashToken(token, t.TokenSalt)
		if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {
			return &t, nil
		}
	}
	return nil, ErrAccessTokenNotExist{token}
}

// ListAccessTokens returns a list of access tokens belongs to given user.
func ListAccessTokens(uid int64) ([]*AccessToken, error) {
	tokens := make([]*AccessToken, 0, 5)
	return tokens, x.
		Where("uid=?", uid).
		Desc("id").
		Find(&tokens)
}

// UpdateAccessToken updates information of access token.
func UpdateAccessToken(t *AccessToken) error {
	_, err := x.ID(t.ID).AllCols().Update(t)
	return err
}

// DeleteAccessTokenByID deletes access token by given ID.
func DeleteAccessTokenByID(id, userID int64) error {
	cnt, err := x.ID(id).Delete(&AccessToken{
		UID: userID,
	})
	if err != nil {
		return err
	} else if cnt != 1 {
		return ErrAccessTokenNotExist{}
	}
	return nil
}
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package models`

			`import (`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`"crypto/subtle"`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`"time"`

Replace uuid module with original package 2016-02-21 00:13:12 +01:00			`gouuid "github.com/satori/go.uuid"`

Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path 2016-11-10 17:24:48 +01:00			`"code.gitea.io/gitea/modules/base"`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`"code.gitea.io/gitea/modules/generate"`
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add 2017-12-11 05:37:04 +01:00			`"code.gitea.io/gitea/modules/util"`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`)`

			`// AccessToken represents a personal access token.`
			`type AccessToken struct {`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			ID int64 `xorm:"pk autoincr"`
			UID int64 `xorm:"INDEX"`
			`Name string`
			Token string `xorm:"-"`
			TokenHash string `xorm:"UNIQUE"` // sha256 of token
			`TokenSalt string`
			TokenLastEight string `xorm:"token_last_eight"`
#2302 Replace time.Time with Unix Timestamp (int64) 2016-03-10 01:53:30 +01:00
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add 2017-12-11 05:37:04 +01:00			CreatedUnix util.TimeStamp `xorm:"INDEX created"`
			UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`
			HasRecentActivity bool `xorm:"-"`
			HasUsed bool `xorm:"-"`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`}`

Use AfterLoad instead of AfterSet on Structs (#2628) * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad 2017-10-01 18:52:35 +02:00			`// AfterLoad is invoked from XORM after setting the values of all fields of this object.`
			`func (t *AccessToken) AfterLoad() {`
Refactor struct's time to remove unnecessary memory usage (#3142) * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add 2017-12-11 05:37:04 +01:00			`t.HasUsed = t.UpdatedUnix > t.CreatedUnix`
			`t.HasRecentActivity = t.UpdatedUnix.AddDuration(724time.Hour) > util.TimeStampNow()`
#2302 Replace time.Time with Unix Timestamp (int64) 2016-03-10 01:53:30 +01:00			`}`

add personal access token panel #12 2014-11-12 12:48:50 +01:00			`// NewAccessToken creates new access token.`
			`func NewAccessToken(t *AccessToken) error {`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`salt, err := generate.GetRandomString(10)`
			`if err != nil {`
			`return err`
			`}`
			`t.TokenSalt = salt`
			`t.Token = base.EncodeSha1(gouuid.NewV4().String())`
			`t.TokenHash = hashToken(t.Token, t.TokenSalt)`
			`t.TokenLastEight = t.Token[len(t.Token)-8:]`
			`_, err = x.Insert(t)`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`return err`
			`}`

Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`// GetAccessTokenBySHA returns access token by given token value`
			`func GetAccessTokenBySHA(token string) (*AccessToken, error) {`
			`if token == "" {`
Fixes #3110 (#3136) 2016-06-27 11:02:39 +02:00			`return nil, ErrAccessTokenEmpty{}`
			`}`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`if len(token) < 8 {`
			`return nil, ErrAccessTokenNotExist{token}`
			`}`
			`var tokens []AccessToken`
			`lastEight := token[len(token)-8:]`
			`err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`if err != nil {`
			`return nil, err`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`} else if len(tokens) == 0 {`
			`return nil, ErrAccessTokenNotExist{token}`
			`}`
			`for _, t := range tokens {`
			`tempHash := hashToken(token, t.TokenSalt)`
			`if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {`
			`return &t, nil`
			`}`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`}`
Hash App token (#6724) 2019-05-04 17:45:34 +02:00			`return nil, ErrAccessTokenNotExist{token}`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`}`

			`// ListAccessTokens returns a list of access tokens belongs to given user.`
			`func ListAccessTokens(uid int64) ([]*AccessToken, error) {`
			`tokens := make([]*AccessToken, 0, 5)`
Rewrite XORM queries 2016-11-10 16:16:32 +01:00			`return tokens, x.`
			`Where("uid=?", uid).`
			`Desc("id").`
			`Find(&tokens)`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`}`

typo fix 2016-01-06 20:41:42 +01:00			`// UpdateAccessToken updates information of access token.`
			`func UpdateAccessToken(t *AccessToken) error {`
Replace deprecated Id method with ID (#2655) 2017-10-05 06:43:04 +02:00			`_, err := x.ID(t.ID).AllCols().Update(t)`
token recent activity 2015-08-19 00:22:33 +02:00			`return err`
			`}`

new access token UI 2015-08-18 21:36:16 +02:00			`// DeleteAccessTokenByID deletes access token by given ID.`
fixed vulnerabilities (#392) 2016-12-15 09:49:06 +01:00			`func DeleteAccessTokenByID(id, userID int64) error {`
Replace deprecated Id method with ID (#2655) 2017-10-05 06:43:04 +02:00			`cnt, err := x.ID(id).Delete(&AccessToken{`
fixed vulnerabilities (#392) 2016-12-15 09:49:06 +01:00			`UID: userID,`
			`})`
			`if err != nil {`
			`return err`
			`} else if cnt != 1 {`
			`return ErrAccessTokenNotExist{}`
			`}`
			`return nil`
add personal access token panel #12 2014-11-12 12:48:50 +01:00			`}`