forks/miniflux
1
0
Fork 0
Code Releases Activity

Fix regression in integration page and simplify SQL query

Browse source
This commit is contained in:
Frédéric Guillot 2023-07-10 20:59:49 -07:00
parent 309e6d1084
commit 7988241e11
4 changed files with 72 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
crypto/crypto.go
View file

@ -9,6 +9,8 @@ import (
"encoding/base64" "encoding/base64"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"golang.org/x/crypto/bcrypt"
) )
// HashFromBytes returns a SHA-256 checksum of the input. // HashFromBytes returns a SHA-256 checksum of the input.
@ -41,3 +43,8 @@ func GenerateRandomString(size int) string {
func GenerateRandomStringHex(size int) string { func GenerateRandomStringHex(size int) string {
return hex.EncodeToString(GenerateRandomBytes(size)) return hex.EncodeToString(GenerateRandomBytes(size))
} }
func HashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(bytes), err
}

221
storage/integration.go
View file

@ -223,13 +223,7 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
// UpdateIntegration saves user integration settings. // UpdateIntegration saves user integration settings.
func (s *Storage) UpdateIntegration(integration *model.Integration) error { func (s *Storage) UpdateIntegration(integration *model.Integration) error {
var err error query := `
if integration.GoogleReaderPassword != "" {
integration.GoogleReaderPassword, err = hashPassword(integration.GoogleReaderPassword)
if err != nil {
return err
}
query := `
UPDATE UPDATE
integrations integrations
SET SET
@ -276,167 +270,62 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
matrix_bot_password=$41, matrix_bot_password=$41,
matrix_bot_url=$42, matrix_bot_url=$42,
matrix_bot_chat_id=$43, matrix_bot_chat_id=$43,
notion_enabled=$45, notion_enabled=$44,
notion_token=$46, notion_token=$45,
notion_page_id=$47 notion_page_id=$46
WHERE WHERE
user_id=$44 user_id=$47
` `
_, err = s.db.Exec( _, err := s.db.Exec(
query, query,
integration.PinboardEnabled, integration.PinboardEnabled,
integration.PinboardToken, integration.PinboardToken,
integration.PinboardTags, integration.PinboardTags,
integration.PinboardMarkAsUnread, integration.PinboardMarkAsUnread,
integration.InstapaperEnabled, integration.InstapaperEnabled,
integration.InstapaperUsername, integration.InstapaperUsername,
integration.InstapaperPassword, integration.InstapaperPassword,
integration.FeverEnabled, integration.FeverEnabled,
integration.FeverUsername, integration.FeverUsername,
integration.FeverToken, integration.FeverToken,
integration.WallabagEnabled, integration.WallabagEnabled,
integration.WallabagOnlyURL, integration.WallabagOnlyURL,
integration.WallabagURL, integration.WallabagURL,
integration.WallabagClientID, integration.WallabagClientID,
integration.WallabagClientSecret, integration.WallabagClientSecret,
integration.WallabagUsername, integration.WallabagUsername,
integration.WallabagPassword, integration.WallabagPassword,
integration.NunuxKeeperEnabled, integration.NunuxKeeperEnabled,
integration.NunuxKeeperURL, integration.NunuxKeeperURL,
integration.NunuxKeeperAPIKey, integration.NunuxKeeperAPIKey,
integration.PocketEnabled, integration.PocketEnabled,
integration.PocketAccessToken, integration.PocketAccessToken,
integration.PocketConsumerKey, integration.PocketConsumerKey,
integration.GoogleReaderEnabled, integration.GoogleReaderEnabled,
integration.GoogleReaderUsername, integration.GoogleReaderUsername,
integration.GoogleReaderPassword, integration.GoogleReaderPassword,
integration.TelegramBotEnabled, integration.TelegramBotEnabled,
integration.TelegramBotToken, integration.TelegramBotToken,
integration.TelegramBotChatID, integration.TelegramBotChatID,
integration.EspialEnabled, integration.EspialEnabled,
integration.EspialURL, integration.EspialURL,
integration.EspialAPIKey, integration.EspialAPIKey,
integration.EspialTags, integration.EspialTags,
integration.LinkdingEnabled, integration.LinkdingEnabled,
integration.LinkdingURL, integration.LinkdingURL,
integration.LinkdingAPIKey, integration.LinkdingAPIKey,
integration.LinkdingTags, integration.LinkdingTags,
integration.LinkdingMarkAsUnread, integration.LinkdingMarkAsUnread,
integration.MatrixBotEnabled, integration.MatrixBotEnabled,
integration.MatrixBotUser, integration.MatrixBotUser,
integration.MatrixBotPassword, integration.MatrixBotPassword,
integration.MatrixBotURL, integration.MatrixBotURL,
integration.MatrixBotChatID, integration.MatrixBotChatID,
integration.NotionEnabled, integration.NotionEnabled,
integration.NotionToken, integration.NotionToken,
integration.NotionPageID, integration.NotionPageID,
integration.UserID, integration.UserID,
) )
} else {
query := `
UPDATE
integrations
SET
pinboard_enabled=$1,
pinboard_token=$2,
pinboard_tags=$3,
pinboard_mark_as_unread=$4,
instapaper_enabled=$5,
instapaper_username=$6,
instapaper_password=$7,
fever_enabled=$8,
fever_username=$9,
fever_token=$10,
wallabag_enabled=$11,
wallabag_only_url=$12,
wallabag_url=$13,
wallabag_client_id=$14,
wallabag_client_secret=$15,
wallabag_username=$16,
wallabag_password=$17,
nunux_keeper_enabled=$18,
nunux_keeper_url=$19,
nunux_keeper_api_key=$20,
pocket_enabled=$21,
pocket_access_token=$22,
pocket_consumer_key=$23,
googlereader_enabled=$24,
googlereader_username=$25,
googlereader_password=$26,
telegram_bot_enabled=$27,
telegram_bot_token=$28,
telegram_bot_chat_id=$29,
espial_enabled=$30,
espial_url=$31,
espial_api_key=$32,
espial_tags=$33,
linkding_enabled=$34,
linkding_url=$35,
linkding_api_key=$36,
linkding_tags=$37,
linkding_mark_as_unread=$38,
matrix_bot_enabled=$39,
matrix_bot_user=$40,
matrix_bot_password=$41,
matrix_bot_url=$42,
matrix_bot_chat_id=$43,
notion_enabled=$45,
notion_token=$46,
notion_page_id=$47
WHERE
user_id=$44
`
_, err = s.db.Exec(
query,
integration.PinboardEnabled,
integration.PinboardToken,
integration.PinboardTags,
integration.PinboardMarkAsUnread,
integration.InstapaperEnabled,
integration.InstapaperUsername,
integration.InstapaperPassword,
integration.FeverEnabled,
integration.FeverUsername,
integration.FeverToken,
integration.WallabagEnabled,
integration.WallabagOnlyURL,
integration.WallabagURL,
integration.WallabagClientID,
integration.WallabagClientSecret,
integration.WallabagUsername,
integration.WallabagPassword,
integration.NunuxKeeperEnabled,
integration.NunuxKeeperURL,
integration.NunuxKeeperAPIKey,
integration.PocketEnabled,
integration.PocketAccessToken,
integration.PocketConsumerKey,
integration.GoogleReaderEnabled,
integration.GoogleReaderUsername,
integration.GoogleReaderPassword,
integration.TelegramBotEnabled,
integration.TelegramBotToken,
integration.TelegramBotChatID,
integration.EspialEnabled,
integration.EspialURL,
integration.EspialAPIKey,
integration.EspialTags,
integration.LinkdingEnabled,
integration.LinkdingURL,
integration.LinkdingAPIKey,
integration.LinkdingTags,
integration.LinkdingMarkAsUnread,
integration.MatrixBotEnabled,
integration.MatrixBotUser,
integration.MatrixBotPassword,
integration.MatrixBotURL,
integration.MatrixBotChatID,
integration.UserID,
integration.NotionEnabled,
integration.NotionToken,
integration.NotionPageID,
)
}
if err != nil { if err != nil {
return fmt.Errorf(`store: unable to update integration row: %v`, err) return fmt.Errorf(`store: unable to update integration row: %v`, err)

10
storage/user.go
View file

@ -9,6 +9,7 @@ import (
"runtime" "runtime"
"strings" "strings"
"miniflux.app/crypto"
"miniflux.app/logger" "miniflux.app/logger"
"miniflux.app/model" "miniflux.app/model"
@ -57,7 +58,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m
var hashedPassword string var hashedPassword string
if userCreationRequest.Password != "" { if userCreationRequest.Password != "" {
var err error var err error
hashedPassword, err = hashPassword(userCreationRequest.Password) hashedPassword, err = crypto.HashPassword(userCreationRequest.Password)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -157,7 +158,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m
// UpdateUser updates a user. // UpdateUser updates a user.
func (s *Storage) UpdateUser(user *model.User) error { func (s *Storage) UpdateUser(user *model.User) error {
if user.Password != "" { if user.Password != "" {
hashedPassword, err := hashPassword(user.Password) hashedPassword, err := crypto.HashPassword(user.Password)
if err != nil { if err != nil {
return err return err
} }
@ -649,8 +650,3 @@ func (s *Storage) HasPassword(userID int64) (bool, error) {
} }
return false, nil return false, nil
} }
func hashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(bytes), err
}

8
ui/integration_update.go
View file

@ -8,6 +8,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"miniflux.app/crypto"
"miniflux.app/http/request" "miniflux.app/http/request"
"miniflux.app/http/response/html" "miniflux.app/http/response/html"
"miniflux.app/http/route" "miniflux.app/http/route"
@ -56,11 +57,16 @@ func (h *handler) updateIntegration(w http.ResponseWriter, r *http.Request) {
if integration.GoogleReaderEnabled { if integration.GoogleReaderEnabled {
if integrationForm.GoogleReaderPassword != "" { if integrationForm.GoogleReaderPassword != "" {
integration.GoogleReaderPassword = integrationForm.GoogleReaderPassword integration.GoogleReaderPassword, err = crypto.HashPassword(integrationForm.GoogleReaderPassword)
if err != nil {
html.ServerError(w, r, err)
return
}
} }
} else { } else {
integration.GoogleReaderPassword = "" integration.GoogleReaderPassword = ""
} }
err = h.store.UpdateIntegration(integration) err = h.store.UpdateIntegration(integration)
if err != nil { if err != nil {
html.ServerError(w, r, err) html.ServerError(w, r, err)