本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
3.0KB

  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Copyright 2019 The Gitea Authors. All rights reserved.
  3. // Use of this source code is governed by a MIT-style
  4. // license that can be found in the LICENSE file.
  5. package models
  6. import (
  7. "crypto/subtle"
  8. "time"
  9. "code.gitea.io/gitea/modules/base"
  10. "code.gitea.io/gitea/modules/generate"
  11. "code.gitea.io/gitea/modules/timeutil"
  12. gouuid "github.com/satori/go.uuid"
  13. )
  14. // AccessToken represents a personal access token.
  15. type AccessToken struct {
  16. ID int64 `xorm:"pk autoincr"`
  17. UID int64 `xorm:"INDEX"`
  18. Name string
  19. Token string `xorm:"-"`
  20. TokenHash string `xorm:"UNIQUE"` // sha256 of token
  21. TokenSalt string
  22. TokenLastEight string `xorm:"token_last_eight"`
  23. CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
  24. UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
  25. HasRecentActivity bool `xorm:"-"`
  26. HasUsed bool `xorm:"-"`
  27. }
  28. // AfterLoad is invoked from XORM after setting the values of all fields of this object.
  29. func (t *AccessToken) AfterLoad() {
  30. t.HasUsed = t.UpdatedUnix > t.CreatedUnix
  31. t.HasRecentActivity = t.UpdatedUnix.AddDuration(7*24*time.Hour) > timeutil.TimeStampNow()
  32. }
  33. // NewAccessToken creates new access token.
  34. func NewAccessToken(t *AccessToken) error {
  35. salt, err := generate.GetRandomString(10)
  36. if err != nil {
  37. return err
  38. }
  39. t.TokenSalt = salt
  40. t.Token = base.EncodeSha1(gouuid.NewV4().String())
  41. t.TokenHash = hashToken(t.Token, t.TokenSalt)
  42. t.TokenLastEight = t.Token[len(t.Token)-8:]
  43. _, err = x.Insert(t)
  44. return err
  45. }
  46. // GetAccessTokenBySHA returns access token by given token value
  47. func GetAccessTokenBySHA(token string) (*AccessToken, error) {
  48. if token == "" {
  49. return nil, ErrAccessTokenEmpty{}
  50. }
  51. if len(token) < 8 {
  52. return nil, ErrAccessTokenNotExist{token}
  53. }
  54. var tokens []AccessToken
  55. lastEight := token[len(token)-8:]
  56. err := x.Table(&AccessToken{}).Where("token_last_eight = ?", lastEight).Find(&tokens)
  57. if err != nil {
  58. return nil, err
  59. } else if len(tokens) == 0 {
  60. return nil, ErrAccessTokenNotExist{token}
  61. }
  62. for _, t := range tokens {
  63. tempHash := hashToken(token, t.TokenSalt)
  64. if subtle.ConstantTimeCompare([]byte(t.TokenHash), []byte(tempHash)) == 1 {
  65. return &t, nil
  66. }
  67. }
  68. return nil, ErrAccessTokenNotExist{token}
  69. }
  70. // ListAccessTokens returns a list of access tokens belongs to given user.
  71. func ListAccessTokens(uid int64) ([]*AccessToken, error) {
  72. tokens := make([]*AccessToken, 0, 5)
  73. return tokens, x.
  74. Where("uid=?", uid).
  75. Desc("id").
  76. Find(&tokens)
  77. }
  78. // UpdateAccessToken updates information of access token.
  79. func UpdateAccessToken(t *AccessToken) error {
  80. _, err := x.ID(t.ID).AllCols().Update(t)
  81. return err
  82. }
  83. // DeleteAccessTokenByID deletes access token by given ID.
  84. func DeleteAccessTokenByID(id, userID int64) error {
  85. cnt, err := x.ID(id).Delete(&AccessToken{
  86. UID: userID,
  87. })
  88. if err != nil {
  89. return err
  90. } else if cnt != 1 {
  91. return ErrAccessTokenNotExist{}
  92. }
  93. return nil
  94. }
上海开阖软件有限公司 沪ICP备12045867号-1