2019-05-04 11:45:34 -04:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2022-11-02 04:54:36 -04:00
|
|
|
package v1_9 //nolint
|
2019-05-04 11:45:34 -04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
2022-11-02 04:54:36 -04:00
|
|
|
"code.gitea.io/gitea/models/migrations/base"
|
2019-05-04 11:45:34 -04:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2019-08-15 10:46:21 -04:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2021-05-10 02:45:17 -04:00
|
|
|
"code.gitea.io/gitea/modules/util"
|
2019-08-15 10:46:21 -04:00
|
|
|
|
2019-10-17 05:26:49 -04:00
|
|
|
"xorm.io/xorm"
|
2019-05-04 11:45:34 -04:00
|
|
|
)
|
|
|
|
|
2022-11-02 04:54:36 -04:00
|
|
|
func HashAppToken(x *xorm.Engine) error {
|
2019-05-04 11:45:34 -04:00
|
|
|
// AccessToken see models/token.go
|
|
|
|
type AccessToken struct {
|
|
|
|
ID int64 `xorm:"pk autoincr"`
|
|
|
|
UID int64 `xorm:"INDEX"`
|
|
|
|
Name string
|
|
|
|
Sha1 string
|
|
|
|
Token string `xorm:"-"`
|
2019-05-05 09:47:42 -04:00
|
|
|
TokenHash string // sha256 of token - we will ensure UNIQUE later
|
2019-05-04 11:45:34 -04:00
|
|
|
TokenSalt string
|
|
|
|
TokenLastEight string `xorm:"token_last_eight"`
|
|
|
|
|
2019-08-15 10:46:21 -04:00
|
|
|
CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
|
|
|
|
UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
|
|
|
|
HasRecentActivity bool `xorm:"-"`
|
|
|
|
HasUsed bool `xorm:"-"`
|
2019-05-04 11:45:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// First remove the index
|
|
|
|
sess := x.NewSession()
|
|
|
|
defer sess.Close()
|
|
|
|
|
|
|
|
if err := sess.Begin(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-05-05 09:47:42 -04:00
|
|
|
if err := sess.Sync2(new(AccessToken)); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("Sync2: %w", err)
|
2019-05-04 11:45:34 -04:00
|
|
|
}
|
|
|
|
|
2019-08-05 17:49:49 -04:00
|
|
|
if err := sess.Commit(); err != nil {
|
2019-05-04 11:45:34 -04:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := sess.Begin(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// transform all tokens to hashes
|
|
|
|
const batchSize = 100
|
|
|
|
for start := 0; ; start += batchSize {
|
|
|
|
tokens := make([]*AccessToken, 0, batchSize)
|
|
|
|
if err := sess.Limit(batchSize, start).Find(&tokens); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if len(tokens) == 0 {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, token := range tokens {
|
|
|
|
// generate salt
|
2022-01-25 23:10:10 -05:00
|
|
|
salt, err := util.CryptoRandomString(10)
|
2019-05-04 11:45:34 -04:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
token.TokenSalt = salt
|
2022-11-02 04:54:36 -04:00
|
|
|
token.TokenHash = base.HashToken(token.Sha1, salt)
|
2019-05-04 11:45:34 -04:00
|
|
|
if len(token.Sha1) < 8 {
|
|
|
|
log.Warn("Unable to transform token %s with name %s belonging to user ID %d, skipping transformation", token.Sha1, token.Name, token.UID)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
token.TokenLastEight = token.Sha1[len(token.Sha1)-8:]
|
|
|
|
token.Sha1 = "" // ensure to blank out column in case drop column doesn't work
|
|
|
|
|
|
|
|
if _, err := sess.ID(token.ID).Cols("token_hash, token_salt, token_last_eight, sha1").Update(token); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("couldn't add in sha1, token_hash, token_salt and token_last_eight: %w", err)
|
2019-05-04 11:45:34 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Commit and begin new transaction for dropping columns
|
|
|
|
if err := sess.Commit(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := sess.Begin(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-11-02 04:54:36 -04:00
|
|
|
if err := base.DropTableColumns(sess, "access_token", "sha1"); err != nil {
|
2019-05-04 11:45:34 -04:00
|
|
|
return err
|
|
|
|
}
|
2019-05-05 09:47:42 -04:00
|
|
|
if err := sess.Commit(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return resyncHashAppTokenWithUniqueHash(x)
|
|
|
|
}
|
2019-05-04 11:45:34 -04:00
|
|
|
|
2019-05-05 09:47:42 -04:00
|
|
|
func resyncHashAppTokenWithUniqueHash(x *xorm.Engine) error {
|
|
|
|
// AccessToken see models/token.go
|
|
|
|
type AccessToken struct {
|
|
|
|
TokenHash string `xorm:"UNIQUE"` // sha256 of token - we will ensure UNIQUE later
|
|
|
|
}
|
|
|
|
sess := x.NewSession()
|
|
|
|
defer sess.Close()
|
|
|
|
if err := sess.Begin(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := sess.Sync2(new(AccessToken)); err != nil {
|
2022-10-24 15:29:17 -04:00
|
|
|
return fmt.Errorf("Sync2: %w", err)
|
2019-05-05 09:47:42 -04:00
|
|
|
}
|
|
|
|
return sess.Commit()
|
2019-05-04 11:45:34 -04:00
|
|
|
}
|