owncast/core/user/user.go

package user

import (
	"database/sql"
	"fmt"
	"sort"
	"strings"
	"time"

	"github.com/owncast/owncast/core/data"
	"github.com/owncast/owncast/utils"
	"github.com/teris-io/shortid"

	log "github.com/sirupsen/logrus"
)

var _datastore *data.Datastore

type User struct {
	Id            string     `json:"id"`
	AccessToken   string     `json:"-"`
	DisplayName   string     `json:"displayName"`
	DisplayColor  int        `json:"displayColor"`
	CreatedAt     time.Time  `json:"createdAt"`
	DisabledAt    *time.Time `json:"disabledAt,omitempty"`
	PreviousNames []string   `json:"previousNames"`
	NameChangedAt *time.Time `json:"nameChangedAt,omitempty"`
}

func (u *User) IsEnabled() bool {
	return u.DisabledAt == nil
}

func SetupUsers() {
	_datastore = data.GetDatastore()
}

func CreateAnonymousUser(username string) (*User, error) {
	id := shortid.MustGenerate()
	accessToken, err := utils.GenerateAccessToken()
	if err != nil {
		log.Errorln("Unable to create access token for new user")
		return nil, err
	}

	var displayName = username
	if displayName == "" {
		displayName = utils.GeneratePhrase()
	}

	displayColor := utils.GenerateRandomDisplayColor()

	user := &User{
		Id:           id,
		AccessToken:  accessToken,
		DisplayName:  displayName,
		DisplayColor: displayColor,
		CreatedAt:    time.Now(),
	}

	if err := create(user); err != nil {
		return nil, err
	}

	return user, nil
}

func ChangeUsername(userId string, username string) {
	_datastore.DbLock.Lock()
	defer _datastore.DbLock.Unlock()

	tx, err := _datastore.DB.Begin()

	if err != nil {
		log.Debugln(err)
	}
	defer func() {
		if err := tx.Rollback(); err != nil {
			log.Debugln(err)
		}
	}()

	stmt, err := tx.Prepare("UPDATE users SET display_name = ?, previous_names = previous_names || ?, namechanged_at = ? WHERE id = ?")

	if err != nil {
		log.Debugln(err)
	}
	defer stmt.Close()

	_, err = stmt.Exec(username, fmt.Sprintf(",%s", username), time.Now(), userId)
	if err != nil {
		log.Errorln(err)
	}

	if err := tx.Commit(); err != nil {
		log.Errorln("error changing display name of user", userId, err)
	}
}

func create(user *User) error {
	_datastore.DbLock.Lock()
	defer _datastore.DbLock.Unlock()

	tx, err := _datastore.DB.Begin()
	if err != nil {
		log.Debugln(err)
	}
	defer func() {
		_ = tx.Rollback()
	}()

	stmt, err := tx.Prepare("INSERT INTO users(id, access_token, display_name, display_color, previous_names, created_at) values(?, ?, ?, ?, ?, ?)")

	if err != nil {
		log.Debugln(err)
	}
	defer stmt.Close()

	_, err = stmt.Exec(user.Id, user.AccessToken, user.DisplayName, user.DisplayColor, user.DisplayName, user.CreatedAt)
	if err != nil {
		log.Errorln("error creating new user", err)
	}

	return tx.Commit()
}

func SetEnabled(userID string, enabled bool) error {
	_datastore.DbLock.Lock()
	defer _datastore.DbLock.Unlock()

	tx, err := _datastore.DB.Begin()
	if err != nil {
		return err
	}

	defer tx.Rollback() //nolint

	var stmt *sql.Stmt
	if !enabled {
		stmt, err = tx.Prepare("UPDATE users SET disabled_at=DATETIME('now', 'localtime') WHERE id IS ?")
	} else {
		stmt, err = tx.Prepare("UPDATE users SET disabled_at=null WHERE id IS ?")
	}

	if err != nil {
		return err
	}

	defer stmt.Close()

	if _, err := stmt.Exec(userID); err != nil {
		return err
	}

	return tx.Commit()
}

// GetUserByToken will return a user by an access token.
func GetUserByToken(token string) *User {
	_datastore.DbLock.Lock()
	defer _datastore.DbLock.Unlock()

	query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE access_token = ?"
	row := _datastore.DB.QueryRow(query, token)

	return getUserFromRow(row)
}

// GetUserById will return a user by a user ID.
func GetUserById(id string) *User {
	_datastore.DbLock.Lock()
	defer _datastore.DbLock.Unlock()

	query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE id = ?"
	row := _datastore.DB.QueryRow(query, id)
	if row == nil {
		log.Errorln(row)
		return nil
	}
	return getUserFromRow(row)
}

// GetDisabledUsers will return back all the currently disabled users that are not API users.
func GetDisabledUsers() []*User {
	query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE disabled_at IS NOT NULL AND type IS NOT 'API'"

	rows, err := _datastore.DB.Query(query)
	if err != nil {
		log.Errorln(err)
		return nil
	}
	defer rows.Close()

	users := getUsersFromRows(rows)

	sort.Slice(users, func(i, j int) bool {
		return users[i].DisabledAt.Before(*users[j].DisabledAt)
	})

	return users
}

func getUsersFromRows(rows *sql.Rows) []*User {
	users := make([]*User, 0)

	for rows.Next() {
		var id string
		var displayName string
		var displayColor int
		var createdAt time.Time
		var disabledAt *time.Time
		var previousUsernames string
		var userNameChangedAt *time.Time

		if err := rows.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {
			log.Errorln("error creating collection of users from results", err)
			return nil
		}

		user := &User{
			Id:            id,
			DisplayName:   displayName,
			DisplayColor:  displayColor,
			CreatedAt:     createdAt,
			DisabledAt:    disabledAt,
			PreviousNames: strings.Split(previousUsernames, ","),
			NameChangedAt: userNameChangedAt,
		}
		users = append(users, user)
	}

	sort.Slice(users, func(i, j int) bool {
		return users[i].CreatedAt.Before(users[j].CreatedAt)
	})

	return users
}

func getUserFromRow(row *sql.Row) *User {
	var id string
	var displayName string
	var displayColor int
	var createdAt time.Time
	var disabledAt *time.Time
	var previousUsernames string
	var userNameChangedAt *time.Time

	if err := row.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {
		return nil
	}

	return &User{
		Id:            id,
		DisplayName:   displayName,
		DisplayColor:  displayColor,
		CreatedAt:     createdAt,
		DisabledAt:    disabledAt,
		PreviousNames: strings.Split(previousUsernames, ","),
		NameChangedAt: userNameChangedAt,
	}
}
Chat refactor + persistent backing chat users (#1163) * First pass at chat user registration and validation * Disable chat if the user is disabled/blocked or the server hits max connections * Handle dropping sockets if chat is disabled * Fix origin in automated chat test * Work for updated chat moderation * Chat message markdown rendering and fix tests * Put /api/chat behind a chat user access token. Closes #1085 * Reject blocked username changes * More WIP moderation * Defer configuring chat until we know if it is enabled. Closes #1135 * chat user blocking. Closes #1096 * Add tests around user access for #1096 * Add external integration chat message API + update integration auth middleware to pass along integration name. Closes #1092 * Delete old chat messages from db as to not hold on to excessive data. Closes #1152 * Add schema migration for messages. Closes #1155 * Commit updated API documentation * Add chat load test * Shared db mutex and db optimizations * Simplify past display name handling * Use a new test db for each test run * Wire up the external messages actions + add tests for them * Move access tokens to be actual users * Run message pruning at launch + fix comparison * Do not return API users in disabled users response * Fix incorrect highlighting. Closes #1160 * Consolidate user table statements * Set the max process connection limit to 70% of maximum * Fix wrong old display name being returned in name change event * Delete the old chat server files * Wire back up the webhooks * Remove unused * Invalidate user cache on changes * Do not send rendered body as RawBody * Some cleanup * Standardize names for external API users to ExternalAPIUser * Do not log token * Checkout branch when building admin for testing * Bundle in dev admin for testing * Some cleanup * Cleanup js logs * Cleanup and standardize event names * Clean up some logging * Update API spec. Closes #1133 * Commit updated API documentation * Change paths to be better named * Commit updated API documentation * Update admin bundle * Fix duplicate event name * Rename scope var * Update admin bundle * Move connected clients controller into admin package * Fix collecting usernames for autocomplete purposes * No longer generate username when it is empty * Sort clients and users by timestamp * Move file to admin controller package * Swap, so the comments stay correct Co-authored-by: Jannik <jannik@outlook.com> * Use explicit type alias Co-authored-by: Jannik <jannik@outlook.com> * Remove commented code. Co-authored-by: Jannik <jannik@outlook.com> * Cleanup test * Remove some extra logging * Add some clarity * Update dev instance of admin for testing * Consolidate lines Co-authored-by: Jannik <jannik@outlook.com> * Remove commented unused vars Co-authored-by: Jannik <jannik@outlook.com> * Until needed do not return IP address with client list * Fix typo of wrong var * Typo led to a bad test. Fix typo and fix test. * Guard against the socket reconnecting on error if previously set to shutdown * Do not log access tokens * Return success message on enable/disable user * Clean up some inactionable error messages. Sent ban message. Sort banned users. * fix styling for when chat is completely disabled * Unused * guard against nil clients * Update dev admin bundle * Do not unhide messages when unblocking user just to be safe. Send removal action from the controller * Add convinience function for getting active connections for a single user * Lock db on these mutations * Cleanup force disconnect using GetClientsForUser and capture client reference explicitly * No longer re-showing banned user messages for safety. Removing this test. * Remove no longer needed comment * Tweaks to forbidden username handling. - Standardize naming to not use "block" but "forbidden" instead. - Pass array over the wire instead of string. - Add API test - Fix default list incorrectly being appended to custom list. * Logging cleanup * Update dev admin bundle * Add an artificial delay in order to visually see message being hidden when testing * Remove the user cache as it is a premature optimization * When connected to chat let the user know their current user details to sync the username in the UI * On connected send current display name back to client. - Move name change out of chat component. - Add additional event type constants. * Fix broken workflow due to typo * Troubleshoot workflow * Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181) * Bump htm from 3.0.4 to 3.1.0 in /build/javascript Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0. - [Release notes](https://github.com/developit/htm/releases) - [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0) --- updated-dependencies: - dependency-name: htm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Run npm run build and update libraries Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabe Kangas <gabek@real-ity.com> * Commit updated Javascript packages * Re-send current user info when a rejected name change takes place * All socket writes should be through the send chan and not directly * Seed the random generator * Add keys and indexes to users table * a util to generate consistent emoji markup * console clean up * mod tidy * Commit updated API documentation * Handle the max payload size of a socket message. - Only close socket if x2 greater than the max size. - Send the user a message if a message is too large. - Surface the max size in bytes in the config. * Update admin bundle * Force all events to be sent in their own socket message and do not concatinate in a single message * Update chat embed to register for access token * Use a different access token for embed chat * Update the chat message bubble background color to be bolder * add base tag to open links in new window, closes #1220 * Support text input of :emoji: in chat (#1190) * Initial implementation of emoji injection * fix bookkeeping with multiple emoji * make the emoji lookup case-insensitive * try another solution for Caretposition * add title to emojis minor refactoring * bind moji injection to InputKeyUp * simplify the code replace all found emojis * inject emoji if the modifer is released earlier * more efficient emoji tag search * use json emoji.emoji as url * use createEmojiMarkup() * move emojify() to chat.js * emojify on paste * cleanup emoji titles in paste * update inputText in InputKeyup * mark emoji titles with 2zwnj this way paste cleanup will not interfere with text which include zwnj emoji should not change the inputText * Do not show join messages when chat is offline. Closes #1224 - Show stream starting/ending messages in chat. - When stream starts show everyone the welcome message. * Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222 * use maxSocketPayloadSize to calculate total bytes of message payload (#1221) * utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting * add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count Co-authored-by: Gabe Kangas <gabek@real-ity.com> Co-authored-by: Owncast <owncast@owncast.online> Co-authored-by: Jannik <jannik@outlook.com> Co-authored-by: Ginger Wong <omqmail@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com> 2021-07-20 04:22:29 +02:00			`package user`

			`import (`
			`"database/sql"`
			`"fmt"`
			`"sort"`
			`"strings"`
			`"time"`

			`"github.com/owncast/owncast/core/data"`
			`"github.com/owncast/owncast/utils"`
			`"github.com/teris-io/shortid"`

			`log "github.com/sirupsen/logrus"`
			`)`

			`var _datastore *data.Datastore`

			`type User struct {`
			Id string `json:"id"`
			AccessToken string `json:"-"`
			DisplayName string `json:"displayName"`
			DisplayColor int `json:"displayColor"`
			CreatedAt time.Time `json:"createdAt"`
			DisabledAt *time.Time `json:"disabledAt,omitempty"`
			PreviousNames []string `json:"previousNames"`
			NameChangedAt *time.Time `json:"nameChangedAt,omitempty"`
			`}`

			`func (u *User) IsEnabled() bool {`
			`return u.DisabledAt == nil`
			`}`

			`func SetupUsers() {`
			`_datastore = data.GetDatastore()`
			`}`

			`func CreateAnonymousUser(username string) (*User, error) {`
			`id := shortid.MustGenerate()`
			`accessToken, err := utils.GenerateAccessToken()`
			`if err != nil {`
			`log.Errorln("Unable to create access token for new user")`
			`return nil, err`
			`}`

			`var displayName = username`
			`if displayName == "" {`
			`displayName = utils.GeneratePhrase()`
			`}`

			`displayColor := utils.GenerateRandomDisplayColor()`

			`user := &User{`
			`Id: id,`
			`AccessToken: accessToken,`
			`DisplayName: displayName,`
			`DisplayColor: displayColor,`
			`CreatedAt: time.Now(),`
			`}`

			`if err := create(user); err != nil {`
			`return nil, err`
			`}`

			`return user, nil`
			`}`

			`func ChangeUsername(userId string, username string) {`
			`_datastore.DbLock.Lock()`
			`defer _datastore.DbLock.Unlock()`

			`tx, err := _datastore.DB.Begin()`

			`if err != nil {`
			`log.Debugln(err)`
			`}`
			`defer func() {`
			`if err := tx.Rollback(); err != nil {`
			`log.Debugln(err)`
			`}`
			`}()`

			`stmt, err := tx.Prepare("UPDATE users SET display_name = ?, previous_names = previous_names \|\| ?, namechanged_at = ? WHERE id = ?")`

			`if err != nil {`
			`log.Debugln(err)`
			`}`
			`defer stmt.Close()`

			`_, err = stmt.Exec(username, fmt.Sprintf(",%s", username), time.Now(), userId)`
			`if err != nil {`
			`log.Errorln(err)`
			`}`

			`if err := tx.Commit(); err != nil {`
			`log.Errorln("error changing display name of user", userId, err)`
			`}`
			`}`

			`func create(user *User) error {`
			`_datastore.DbLock.Lock()`
			`defer _datastore.DbLock.Unlock()`

			`tx, err := _datastore.DB.Begin()`
			`if err != nil {`
			`log.Debugln(err)`
			`}`
			`defer func() {`
			`_ = tx.Rollback()`
			`}()`

			`stmt, err := tx.Prepare("INSERT INTO users(id, access_token, display_name, display_color, previous_names, created_at) values(?, ?, ?, ?, ?, ?)")`

			`if err != nil {`
			`log.Debugln(err)`
			`}`
			`defer stmt.Close()`

			`_, err = stmt.Exec(user.Id, user.AccessToken, user.DisplayName, user.DisplayColor, user.DisplayName, user.CreatedAt)`
			`if err != nil {`
			`log.Errorln("error creating new user", err)`
			`}`

			`return tx.Commit()`
			`}`

			`func SetEnabled(userID string, enabled bool) error {`
			`_datastore.DbLock.Lock()`
			`defer _datastore.DbLock.Unlock()`

			`tx, err := _datastore.DB.Begin()`
			`if err != nil {`
			`return err`
			`}`

			`defer tx.Rollback() //nolint`

			`var stmt *sql.Stmt`
			`if !enabled {`
			`stmt, err = tx.Prepare("UPDATE users SET disabled_at=DATETIME('now', 'localtime') WHERE id IS ?")`
			`} else {`
			`stmt, err = tx.Prepare("UPDATE users SET disabled_at=null WHERE id IS ?")`
			`}`

			`if err != nil {`
			`return err`
			`}`

			`defer stmt.Close()`

			`if _, err := stmt.Exec(userID); err != nil {`
			`return err`
			`}`

			`return tx.Commit()`
			`}`

			`// GetUserByToken will return a user by an access token.`
			`func GetUserByToken(token string) *User {`
			`_datastore.DbLock.Lock()`
			`defer _datastore.DbLock.Unlock()`

			`query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE access_token = ?"`
			`row := _datastore.DB.QueryRow(query, token)`

			`return getUserFromRow(row)`
			`}`

			`// GetUserById will return a user by a user ID.`
			`func GetUserById(id string) *User {`
			`_datastore.DbLock.Lock()`
			`defer _datastore.DbLock.Unlock()`

			`query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE id = ?"`
			`row := _datastore.DB.QueryRow(query, id)`
			`if row == nil {`
			`log.Errorln(row)`
			`return nil`
			`}`
			`return getUserFromRow(row)`
			`}`

			`// GetDisabledUsers will return back all the currently disabled users that are not API users.`
			`func GetDisabledUsers() []*User {`
			`query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE disabled_at IS NOT NULL AND type IS NOT 'API'"`

			`rows, err := _datastore.DB.Query(query)`
			`if err != nil {`
			`log.Errorln(err)`
			`return nil`
			`}`
			`defer rows.Close()`

			`users := getUsersFromRows(rows)`

			`sort.Slice(users, func(i, j int) bool {`
			`return users[i].DisabledAt.Before(*users[j].DisabledAt)`
			`})`

			`return users`
			`}`

			`func getUsersFromRows(rows sql.Rows) []User {`
			`users := make([]*User, 0)`

			`for rows.Next() {`
			`var id string`
			`var displayName string`
			`var displayColor int`
			`var createdAt time.Time`
			`var disabledAt *time.Time`
			`var previousUsernames string`
			`var userNameChangedAt *time.Time`

			`if err := rows.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {`
			`log.Errorln("error creating collection of users from results", err)`
			`return nil`
			`}`

			`user := &User{`
			`Id: id,`
			`DisplayName: displayName,`
			`DisplayColor: displayColor,`
			`CreatedAt: createdAt,`
			`DisabledAt: disabledAt,`
			`PreviousNames: strings.Split(previousUsernames, ","),`
			`NameChangedAt: userNameChangedAt,`
			`}`
			`users = append(users, user)`
			`}`

			`sort.Slice(users, func(i, j int) bool {`
			`return users[i].CreatedAt.Before(users[j].CreatedAt)`
			`})`

			`return users`
			`}`

			`func getUserFromRow(row sql.Row) User {`
			`var id string`
			`var displayName string`
			`var displayColor int`
			`var createdAt time.Time`
			`var disabledAt *time.Time`
			`var previousUsernames string`
			`var userNameChangedAt *time.Time`

			`if err := row.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {`
			`return nil`
			`}`

			`return &User{`
			`Id: id,`
			`DisplayName: displayName,`
			`DisplayColor: displayColor,`
			`CreatedAt: createdAt,`
			`DisabledAt: disabledAt,`
			`PreviousNames: strings.Split(previousUsernames, ","),`
			`NameChangedAt: userNameChangedAt,`
			`}`
			`}`