lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: sql casing

Browse source
This commit is contained in:
Sérgio Salgado 2021-01-27 17:24:35 +00:00 committed by Josh Harvey
parent 850c2a2219
commit 6396eb8247
8 changed files with 193 additions and 201 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/new-admin/admin-server.js
View file

@ -44,7 +44,7 @@ app.use(bodyParser.json())
app.use(bodyParser.urlencoded({ extended: true })) // support encoded bodies
app.use(express.static(path.resolve(__dirname, '..', '..', 'public')))
app.use(['*'], session({
app.use('*', session({
store: new pgSession({
pgPromise: db,
tableName: 'user_sessions'

6
lib/new-admin/services/login.js
View file

@ -1,13 +1,13 @@
const db = require('../../db')
function checkUser (username) {
const sql = 'select * from users where username=$1'
const sql = 'SELECT * FROM users WHERE username=$1'
return db.oneOrNone(sql, [username]).then(value => { return value.password }).catch(() => false)
}
function validateUser (username, password) {
const sql = 'select id, username from users where username=$1 and password=$2'
const sqlUpdateLastAccessed = 'update users set last_accessed = now() where username=$1'
const sql = 'SELECT id, username FROM users WHERE username=$1 AND password=$2'
const sqlUpdateLastAccessed = 'UPDATE users SET last_accessed = now() WHERE username=$1'
return db.oneOrNone(sql, [username, password])
.then(user => { db.none(sqlUpdateLastAccessed, [user.username]); return user })

28
lib/session-manager.js
View file

@ -1,41 +1,41 @@
const db = require('./db')
function getSessionList () {
const sql = `select * from user_sessions order by sess -> 'user' ->> 'username'`
const sql = `SELECT * FROM user_sessions ORDER BY sess -> 'user' ->> 'username'`
return db.any(sql)
}
function getLastSessionByUser () {
const sql = `select b.username, a.user_agent, a.ip_address, a.last_used, b.role from (
select sess -> 'user' ->> 'username' as username,
sess ->> 'ua' as user_agent,
sess ->> 'ipAddress' as ip_address,
sess ->> 'lastUsed' as last_used
from user_sessions
) a right join (
select distinct on (username)
const sql = `SELECT b.username, a.user_agent, a.ip_address, a.last_used, b.role FROM (
SELECT sess -> 'user' ->> 'username' AS username,
sess ->> 'ua' AS user_agent,
sess ->> 'ipAddress' AS ip_address,
sess ->> 'lastUsed' AS last_used
FROM user_sessions
) a RIGHT JOIN (
SELECT DISTINCT ON (username)
username, role
from users) b on a.username = b.username`
FROM users) b ON a.username = b.username`
return db.any(sql)
}
function getUserSessions (username) {
const sql = `select * from user_sessions where sess -> 'user' ->> 'username'=$1`
const sql = `SELECT * FROM user_sessions WHERE sess -> 'user' ->> 'username'=$1`
return db.any(sql, [username])
}
function getSession (sessionID) {
const sql = `select * from user_sessions where sid=$1`
const sql = `SELECT * FROM user_sessions WHERE sid=$1`
return db.any(sql, [sessionID])
}
function deleteUserSessions (username) {
const sql = `delete from user_sessions where sess -> 'user' ->> 'username'=$1`
const sql = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'username'=$1`
return db.none(sql, [username])
}
function deleteSession (sessionID) {
const sql = `delete from user_sessions where sid=$1`
const sql = `DELETE FROM user_sessions WHERE sid=$1`
return db.none(sql, [sessionID])
}

58
lib/users.js
View file

@ -17,7 +17,7 @@ const db = require('./db')
* @returns {user object} User object (containing name)
*/
function get (token) {
const sql = 'select * from user_tokens where token=$1'
const sql = 'SELECT * FROM user_tokens WHERE token=$1'
return db.oneOrNone(sql, [token])
}
@ -32,27 +32,27 @@ function get (token) {
* @returns {array} Array of users found
*/
function getByIds (tokens) {
const sql = 'select * from user_tokens where token in ($1^)'
const sql = 'SELECT * FROM user_tokens WHERE token IN ($1^)'
const tokensClause = _.map(pgp.as.text, tokens).join(',')
return db.any(sql, [tokensClause])
}
function getUsers () {
const sql = `select id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address from users order by username`
const sql = `SELECT id, username, role, enabled, last_accessed, last_accessed_from, last_accessed_address FROM users ORDER BY username`
return db.any(sql)
}
function getByName (username) {
const sql = `select id, username, role, last_accessed from users where username=$1 limit 1`
const sql = `SELECT id, username, role, last_accessed FROM users WHERE username=$1 limit 1`
return db.oneOrNone(sql, [username])
}
function verifyAndUpdateUser (id, ua, ip) {
const sql = `select id, username, role, enabled from users where id=$1 limit 1`
const sql = `SELECT id, username, role, enabled FROM users WHERE id=$1 limit 1`
return db.oneOrNone(sql, [id]).then(user => {
if (!user) return null
const sql2 = `update users set last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 where id=$3 returning id, role, enabled`
const sql2 = `UPDATE users SET last_accessed=now(), last_accessed_from=$1, last_accessed_address=$2 WHERE id=$3 RETURNING id, role, enabled`
return db.one(sql2, [ua, ip, id]).then(user => {
return user
})
@ -60,39 +60,39 @@ function verifyAndUpdateUser (id, ua, ip) {
}
function createUser (username, password, role) {
const sql = `insert into users (id, username, password, role) values ($1, $2, $3, $4)`
const sql = `INSERT INTO users (id, username, password, role) VALUES ($1, $2, $3, $4)`
bcrypt.hash(password, 12).then(function (hash) {
return db.none(sql, [uuid.v4(), username, hash, role])
})
}
function deleteUser (id) {
const sql = `delete from users where id=$1`
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
const sql = `DELETE FROM users WHERE id=$1`
const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`
return db.none(sql, [id]).then(() => db.none(sql2, [id]))
}
function findById (id) {
const sql = 'select id, username from users where id=$1'
const sql = 'SELECT id, username FROM users WHERE id=$1'
return db.oneOrNone(sql, [id])
}
function get2FASecret (id) {
const sql = 'select id, username, twofa_code, role from users where id=$1'
const sql = 'SELECT id, username, twofa_code, role FROM users WHERE id=$1'
return db.oneOrNone(sql, [id])
}
function save2FASecret (id, secret) {
const sql = 'update users set twofa_code=$1 where id=$2'
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
const sql = 'UPDATE users SET twofa_code=$1 WHERE id=$2'
const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`
return db.none(sql, [secret, id]).then(() => db.none(sql2, [id]))
}
function validate2FAResetToken (token) {
const sql = `delete from reset_twofa
where token=$1
returning user_id, now() < expire as success`
const sql = `DELETE FROM reset_twofa
WHERE token=$1
RETURNING user_id, now() < expire AS success`
return db.one(sql, [token])
.then(res => ({ userID: res.user_id, success: res.success }))
@ -100,23 +100,23 @@ function validate2FAResetToken (token) {
function createReset2FAToken (userID) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into reset_twofa (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *`
const sql = `INSERT INTO reset_twofa (token, user_id) VALUES ($1, $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID])
}
function updatePassword (id, password) {
bcrypt.hash(password, 12).then(function (hash) {
const sql = `update users set password=$1 where id=$2`
const sql2 = `delete from user_sessions where sess -> 'user' ->> 'id'=$1`
const sql = `UPDATE users SET password=$1 WHERE id=$2`
const sql2 = `DELETE FROM user_sessions WHERE sess -> 'user' ->> 'id'=$1`
return db.none(sql, [hash, id]).then(() => db.none(sql2, [id]))
})
}
function validatePasswordResetToken (token) {
const sql = `delete from reset_password
where token=$1
returning user_id, now() < expire as success`
const sql = `DELETE FROM reset_password
WHERE token=$1
RETURNING user_id, now() < expire AS success`
return db.one(sql, [token])
.then(res => ({ userID: res.user_id, success: res.success }))
@ -124,34 +124,34 @@ function validatePasswordResetToken (token) {
function createResetPasswordToken (userID) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into reset_password (token, user_id) values ($1, $2) on conflict (user_id) do update set token=$1, expire=now() + interval '30 minutes' returning *`
const sql = `INSERT INTO reset_password (token, user_id) VALUES ($1, $2) ON CONFLICT (user_id) DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, userID])
}
function createUserRegistrationToken (username, role) {
const token = crypto.randomBytes(32).toString('hex')
const sql = `insert into user_register_tokens (token, username, role) values ($1, $2, $3) on conflict (username)
do update set token=$1, expire=now() + interval '30 minutes' returning *`
const sql = `INSERT INTO user_register_tokens (token, username, role) VALUES ($1, $2, $3) ON CONFLICT (username)
DO UPDATE SET token=$1, expire=now() + interval '30 minutes' RETURNING *`
return db.one(sql, [token, username, role])
}
function validateUserRegistrationToken (token) {
const sql = `delete from user_register_tokens where token=$1
returning username, role, now() < expire as success`
const sql = `DELETE FROM user_register_tokens WHERE token=$1
RETURNING username, role, now() < expire AS success`
return db.one(sql, [token])
.then(res => ({ username: res.username, role: res.role, success: res.success }))
}
function changeUserRole (id, newRole) {
const sql = `update users set role=$1 where id=$2`
const sql = `UPDATE users SET role=$1 WHERE id=$2`
return db.none(sql, [newRole, id])
}
function toggleUserEnable (id) {
const sql = `update users set enabled=not enabled where id=$1`
const sql = `UPDATE users SET enabled=not enabled WHERE id=$1`
return db.none(sql, [id])
}