feat(restore): rotate auth hash on restore
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Evan Reichard 2024-01-28 11:38:44 -05:00
parent 015ca30ac5
commit b1cfd16627
2 changed files with 56 additions and 2 deletions

View File

@ -1457,6 +1457,11 @@ func (api *API) processRestoreFile(rAdminAction requestAdminAction, c *gin.Conte
if err := api.db.Reload(); err != nil { if err := api.db.Reload(); err != nil {
log.Panicf("Unable to reload DB: %v", err) log.Panicf("Unable to reload DB: %v", err)
} }
// Rotate Auth Hashes
if err := api.rotateAllAuthHashes(); err != nil {
log.Panicf("Unable to rotate auth hashes: %v", err)
}
} }
func (api *API) restoreData(zipReader *zip.Reader) error { func (api *API) restoreData(zipReader *zip.Reader) error {

View File

@ -340,13 +340,62 @@ func (api *API) rotateUserAuthHash(username string) error {
} }
// Update User // Update User
_, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{ if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
UserID: username, UserID: username,
AuthHash: fmt.Sprintf("%x", rawAuthHash), AuthHash: fmt.Sprintf("%x", rawAuthHash),
}) }); err != nil {
log.Error("UpdateUser DB Error: ", err)
return err
}
// Update Cache // Update Cache
api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash) api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
return nil return nil
} }
func (api *API) rotateAllAuthHashes() error {
// Do Transaction
tx, err := api.db.DB.Begin()
if err != nil {
log.Error("Transaction Begin DB Error: ", err)
return err
}
// Defer & Start Transaction
defer tx.Rollback()
qtx := api.db.Queries.WithTx(tx)
users, err := qtx.GetUsers(api.db.Ctx)
if err != nil {
return err
}
// Update users
for _, user := range users {
// Generate Auth Hash
rawAuthHash, err := utils.GenerateToken(64)
if err != nil {
return err
}
// Update User
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
UserID: user.ID,
AuthHash: fmt.Sprintf("%x", rawAuthHash),
}); err != nil {
return err
}
// Update Cache
api.userAuthCache[user.ID] = fmt.Sprintf("%x", rawAuthHash)
}
// Commit Transaction
if err := tx.Commit(); err != nil {
log.Error("Transaction Commit DB Error: ", err)
return err
}
return nil
}