diff options
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/basic_auth/middleware.go | 5 | ||||
| -rw-r--r-- | pkg/database/accounts.go | 66 |
2 files changed, 39 insertions, 32 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go index 0e22ad3..cb2dcf0 100644 --- a/pkg/basic_auth/middleware.go +++ b/pkg/basic_auth/middleware.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "net/http" - "time" "git.adyxax.org/adyxax/tfstated/pkg/database" "git.adyxax.org/adyxax/tfstated/pkg/helpers" @@ -29,9 +28,7 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler { helpers.ErrorResponse(w, http.StatusForbidden, fmt.Errorf("Forbidden")) return } - now := time.Now().UTC() - _, err = db.Exec(`UPDATE accounts SET last_login = ? WHERE id = ?`, now.Unix(), account.Id) - if err != nil { + if err := db.TouchAccount(account); err != nil { helpers.ErrorResponse(w, http.StatusInternalServerError, err) return } diff --git a/pkg/database/accounts.go b/pkg/database/accounts.go index e1c7109..d73fe27 100644 --- a/pkg/database/accounts.go +++ b/pkg/database/accounts.go @@ -17,6 +17,36 @@ var AdvertiseAdminPassword = func(password string) { slog.Info("Generated an initial admin password, please change it or delete the admin account after your first login", "password", password) } +func (db *DB) InitAdminAccount() error { + return db.WithTransaction(func(tx *sql.Tx) error { + var hasAdminAccount bool + if err := tx.QueryRowContext(db.ctx, `SELECT EXISTS (SELECT 1 FROM accounts WHERE is_admin);`).Scan(&hasAdminAccount); err != nil { + return fmt.Errorf("failed to select if there is an admin account in the database: %w", err) + } + if !hasAdminAccount { + var password uuid.UUID + if err := password.Generate(uuid.V4); err != nil { + return fmt.Errorf("failed to generate initial admin password: %w", err) + } + salt := helpers.GenerateSalt() + hash := helpers.HashPassword(password.String(), salt) + if _, err := tx.ExecContext(db.ctx, + `INSERT INTO accounts(username, salt, password_hash, is_admin) + VALUES ("admin", :salt, :hash, TRUE) + ON CONFLICT DO UPDATE SET password_hash = :hash + WHERE username = "admin";`, + sql.Named("salt", salt), + sql.Named("hash", hash), + ); err == nil { + AdvertiseAdminPassword(password.String()) + } else { + return fmt.Errorf("failed to set initial admin password: %w", err) + } + } + return nil + }) +} + func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) { account := model.Account{ Username: username, @@ -49,32 +79,12 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) { return &account, nil } -func (db *DB) InitAdminAccount() error { - return db.WithTransaction(func(tx *sql.Tx) error { - var hasAdminAccount bool - if err := tx.QueryRowContext(db.ctx, `SELECT EXISTS (SELECT 1 FROM accounts WHERE is_admin);`).Scan(&hasAdminAccount); err != nil { - return fmt.Errorf("failed to select if there is an admin account in the database: %w", err) - } - if !hasAdminAccount { - var password uuid.UUID - if err := password.Generate(uuid.V4); err != nil { - return fmt.Errorf("failed to generate initial admin password: %w", err) - } - salt := helpers.GenerateSalt() - hash := helpers.HashPassword(password.String(), salt) - if _, err := tx.ExecContext(db.ctx, - `INSERT INTO accounts(username, salt, password_hash, is_admin) - VALUES ("admin", :salt, :hash, TRUE) - ON CONFLICT DO UPDATE SET password_hash = :hash - WHERE username = "admin";`, - sql.Named("salt", salt), - sql.Named("hash", hash), - ); err == nil { - AdvertiseAdminPassword(password.String()) - } else { - return fmt.Errorf("failed to set initial admin password: %w", err) - } - } - return nil - }) +func (db *DB) TouchAccount(account *model.Account) error { + now := time.Now().UTC() + _, err := db.Exec(`UPDATE accounts SET last_login = ? WHERE id = ?`, now.Unix(), account.Id) + if err != nil { + return fmt.Errorf("failed to update last_login for user %s: %w", account.Username, err) + } + account.LastLogin = now + return nil } |