2022-06-16 08:06:10 +00:00
|
|
|
package model
|
|
|
|
|
|
2022-06-25 14:05:02 +00:00
|
|
|
import (
|
2023-08-14 14:54:38 +00:00
|
|
|
"encoding/binary"
|
|
|
|
|
"encoding/json"
|
2023-08-06 14:09:17 +00:00
|
|
|
"fmt"
|
2023-11-13 07:22:42 +00:00
|
|
|
"time"
|
2023-08-06 14:09:17 +00:00
|
|
|
|
2022-06-25 14:05:02 +00:00
|
|
|
"github.com/alist-org/alist/v3/internal/errs"
|
2022-11-30 13:38:00 +00:00
|
|
|
"github.com/alist-org/alist/v3/pkg/utils"
|
2023-08-07 07:46:19 +00:00
|
|
|
"github.com/alist-org/alist/v3/pkg/utils/random"
|
2023-08-14 14:54:38 +00:00
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
2022-06-25 14:05:02 +00:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
)
|
2022-06-25 13:34:44 +00:00
|
|
|
|
2022-06-16 08:06:10 +00:00
|
|
|
const (
|
|
|
|
|
GENERAL = iota
|
|
|
|
|
GUEST // only one exists
|
|
|
|
|
ADMIN
|
|
|
|
|
)
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
const StaticHashSalt = "https://github.com/alist-org/alist"
|
2023-08-06 14:09:17 +00:00
|
|
|
|
2022-06-16 08:06:10 +00:00
|
|
|
type User struct {
|
2022-06-29 10:03:12 +00:00
|
|
|
ID uint `json:"id" gorm:"primaryKey"` // unique key
|
|
|
|
|
Username string `json:"username" gorm:"unique" binding:"required"` // username
|
2023-08-06 14:09:17 +00:00
|
|
|
PwdHash string `json:"-"` // password hash
|
2023-11-13 07:22:42 +00:00
|
|
|
PwdTS int64 `json:"-"` // password timestamp
|
2023-08-16 05:31:15 +00:00
|
|
|
Salt string `json:"-"` // unique salt
|
|
|
|
|
Password string `json:"password"` // password
|
|
|
|
|
BasePath string `json:"base_path"` // base path
|
|
|
|
|
Role int `json:"role"` // user's role
|
2023-02-04 03:44:17 +00:00
|
|
|
Disabled bool `json:"disabled"`
|
2022-06-29 10:03:12 +00:00
|
|
|
// Determine permissions by bit
|
2023-02-14 07:20:45 +00:00
|
|
|
// 0: can see hidden files
|
|
|
|
|
// 1: can access without password
|
2023-11-06 08:56:55 +00:00
|
|
|
// 2: can add offline download tasks
|
2023-02-14 07:20:45 +00:00
|
|
|
// 3: can mkdir and upload
|
|
|
|
|
// 4: can rename
|
|
|
|
|
// 5: can move
|
|
|
|
|
// 6: can copy
|
|
|
|
|
// 7: can remove
|
|
|
|
|
// 8: webdav read
|
|
|
|
|
// 9: webdav write
|
2022-08-08 08:29:56 +00:00
|
|
|
Permission int32 `json:"permission"`
|
|
|
|
|
OtpSecret string `json:"-"`
|
2023-07-20 08:30:30 +00:00
|
|
|
SsoID string `json:"sso_id"` // unique by sso platform
|
2023-08-14 14:54:38 +00:00
|
|
|
Authn string `gorm:"type:text" json:"-"`
|
2022-06-16 08:06:10 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) IsGuest() bool {
|
2022-06-16 08:06:10 +00:00
|
|
|
return u.Role == GUEST
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) IsAdmin() bool {
|
2022-06-16 08:06:10 +00:00
|
|
|
return u.Role == ADMIN
|
|
|
|
|
}
|
2022-06-25 13:34:44 +00:00
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) ValidateRawPassword(password string) error {
|
|
|
|
|
return u.ValidatePwdStaticHash(StaticHash(password))
|
2023-08-06 14:09:17 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) ValidatePwdStaticHash(pwdStaticHash string) error {
|
|
|
|
|
if pwdStaticHash == "" {
|
2022-06-25 14:05:02 +00:00
|
|
|
return errors.WithStack(errs.EmptyPassword)
|
2022-06-25 13:34:44 +00:00
|
|
|
}
|
2023-08-07 07:46:19 +00:00
|
|
|
if u.PwdHash != HashPwd(pwdStaticHash, u.Salt) {
|
2022-06-25 14:05:02 +00:00
|
|
|
return errors.WithStack(errs.WrongPassword)
|
2022-06-25 13:34:44 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2022-06-29 09:08:31 +00:00
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) SetPassword(pwd string) *User {
|
|
|
|
|
u.Salt = random.String(16)
|
|
|
|
|
u.PwdHash = TwoHashPwd(pwd, u.Salt)
|
2023-11-13 07:22:42 +00:00
|
|
|
u.PwdTS = time.Now().Unix()
|
2023-08-07 07:46:19 +00:00
|
|
|
return u
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *User) CanSeeHides() bool {
|
2022-06-29 10:03:12 +00:00
|
|
|
return u.IsAdmin() || u.Permission&1 == 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanAccessWithoutPassword() bool {
|
2022-06-29 10:03:12 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>1)&1 == 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-06 08:56:55 +00:00
|
|
|
func (u *User) CanAddOfflineDownloadTasks() bool {
|
2022-06-29 10:03:12 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>2)&1 == 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanWrite() bool {
|
2022-06-29 10:03:12 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>3)&1 == 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanRename() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>4)&1 == 1
|
2022-06-29 10:03:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanMove() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>5)&1 == 1
|
2022-06-29 10:03:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanCopy() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>6)&1 == 1
|
2022-06-29 10:03:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanRemove() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>7)&1 == 1
|
2022-06-29 10:03:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanWebdavRead() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>8)&1 == 1
|
2022-06-29 10:03:12 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) CanWebdavManage() bool {
|
2022-06-30 07:53:57 +00:00
|
|
|
return u.IsAdmin() || (u.Permission>>9)&1 == 1
|
2022-06-29 09:08:31 +00:00
|
|
|
}
|
2022-11-30 13:38:00 +00:00
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func (u *User) JoinPath(reqPath string) (string, error) {
|
2022-11-30 13:38:00 +00:00
|
|
|
return utils.JoinBasePath(u.BasePath, reqPath)
|
|
|
|
|
}
|
2023-08-06 14:09:17 +00:00
|
|
|
|
2023-08-07 07:46:19 +00:00
|
|
|
func StaticHash(password string) string {
|
2023-08-27 13:14:23 +00:00
|
|
|
return utils.HashData(utils.SHA256, []byte(fmt.Sprintf("%s-%s", password, StaticHashSalt)))
|
2023-08-07 07:46:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func HashPwd(static string, salt string) string {
|
2023-08-27 13:14:23 +00:00
|
|
|
return utils.HashData(utils.SHA256, []byte(fmt.Sprintf("%s-%s", static, salt)))
|
2023-08-07 07:46:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TwoHashPwd(password string, salt string) string {
|
|
|
|
|
return HashPwd(StaticHash(password), salt)
|
2023-08-06 14:09:17 +00:00
|
|
|
}
|
2023-08-14 14:54:38 +00:00
|
|
|
|
|
|
|
|
func (u *User) WebAuthnID() []byte {
|
|
|
|
|
bs := make([]byte, 8)
|
|
|
|
|
binary.LittleEndian.PutUint64(bs, uint64(u.ID))
|
|
|
|
|
return bs
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *User) WebAuthnName() string {
|
|
|
|
|
return u.Username
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *User) WebAuthnDisplayName() string {
|
|
|
|
|
return u.Username
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *User) WebAuthnCredentials() []webauthn.Credential {
|
|
|
|
|
var res []webauthn.Credential
|
|
|
|
|
err := json.Unmarshal([]byte(u.Authn), &res)
|
|
|
|
|
if err != nil {
|
|
|
|
|
fmt.Println(err)
|
|
|
|
|
}
|
|
|
|
|
return res
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (u *User) WebAuthnIcon() string {
|
|
|
|
|
return "https://alist.nn.ci/logo.svg"
|
|
|
|
|
}
|
