authelia/internal/storage/sql_provider_backend_postgr...

package storage

import (
	"fmt"
	"strings"
	"time"

	_ "github.com/jackc/pgx/v4/stdlib" // Load the PostgreSQL Driver used in the connection string.

	"github.com/authelia/authelia/v4/internal/configuration/schema"
)

// PostgreSQLProvider is a PostgreSQL provider.
type PostgreSQLProvider struct {
	SQLProvider
}

// NewPostgreSQLProvider a PostgreSQL provider.
func NewPostgreSQLProvider(config *schema.Configuration) (provider *PostgreSQLProvider) {
	provider = &PostgreSQLProvider{
		SQLProvider: NewSQLProvider(config, providerPostgres, "pgx", dataSourceNamePostgreSQL(*config.Storage.PostgreSQL)),
	}

	// All providers have differing SELECT existing table statements.
	provider.sqlSelectExistingTables = queryPostgreSelectExistingTables

	// Specific alterations to this provider.
	// PostgreSQL doesn't have a UPSERT statement but has an ON CONFLICT operation instead.
	provider.sqlUpsertU2FDevice = fmt.Sprintf(queryFmtPostgresUpsertU2FDevice, tableU2FDevices)
	provider.sqlUpsertDuoDevice = fmt.Sprintf(queryFmtPostgresUpsertDuoDevice, tableDuoDevices)
	provider.sqlUpsertTOTPConfig = fmt.Sprintf(queryFmtPostgresUpsertTOTPConfiguration, tableTOTPConfigurations)
	provider.sqlUpsertPreferred2FAMethod = fmt.Sprintf(queryFmtPostgresUpsertPreferred2FAMethod, tableUserPreferences)
	provider.sqlUpsertEncryptionValue = fmt.Sprintf(queryFmtPostgresUpsertEncryptionValue, tableEncryption)

	// PostgreSQL requires rebinding of any query that contains a '?' placeholder to use the '$#' notation placeholders.
	provider.sqlFmtRenameTable = provider.db.Rebind(provider.sqlFmtRenameTable)
	provider.sqlSelectPreferred2FAMethod = provider.db.Rebind(provider.sqlSelectPreferred2FAMethod)
	provider.sqlSelectUserInfo = provider.db.Rebind(provider.sqlSelectUserInfo)
	provider.sqlSelectExistsIdentityVerification = provider.db.Rebind(provider.sqlSelectExistsIdentityVerification)
	provider.sqlInsertIdentityVerification = provider.db.Rebind(provider.sqlInsertIdentityVerification)
	provider.sqlDeleteIdentityVerification = provider.db.Rebind(provider.sqlDeleteIdentityVerification)
	provider.sqlSelectTOTPConfig = provider.db.Rebind(provider.sqlSelectTOTPConfig)
	provider.sqlDeleteTOTPConfig = provider.db.Rebind(provider.sqlDeleteTOTPConfig)
	provider.sqlSelectTOTPConfigs = provider.db.Rebind(provider.sqlSelectTOTPConfigs)
	provider.sqlUpdateTOTPConfigSecret = provider.db.Rebind(provider.sqlUpdateTOTPConfigSecret)
	provider.sqlUpdateTOTPConfigSecretByUsername = provider.db.Rebind(provider.sqlUpdateTOTPConfigSecretByUsername)
	provider.sqlSelectU2FDevice = provider.db.Rebind(provider.sqlSelectU2FDevice)
	provider.sqlSelectDuoDevice = provider.db.Rebind(provider.sqlSelectDuoDevice)
	provider.sqlDeleteDuoDevice = provider.db.Rebind(provider.sqlDeleteDuoDevice)
	provider.sqlInsertAuthenticationAttempt = provider.db.Rebind(provider.sqlInsertAuthenticationAttempt)
	provider.sqlSelectAuthenticationAttemptsByUsername = provider.db.Rebind(provider.sqlSelectAuthenticationAttemptsByUsername)
	provider.sqlInsertMigration = provider.db.Rebind(provider.sqlInsertMigration)
	provider.sqlSelectMigrations = provider.db.Rebind(provider.sqlSelectMigrations)
	provider.sqlSelectLatestMigration = provider.db.Rebind(provider.sqlSelectLatestMigration)
	provider.sqlSelectEncryptionValue = provider.db.Rebind(provider.sqlSelectEncryptionValue)

	return provider
}

func dataSourceNamePostgreSQL(config schema.PostgreSQLStorageConfiguration) (dataSourceName string) {
	args := []string{
		fmt.Sprintf("host=%s", config.Host),
		fmt.Sprintf("user='%s'", config.Username),
		fmt.Sprintf("password='%s'", config.Password),
		fmt.Sprintf("dbname=%s", config.Database),
	}

	if config.Port > 0 {
		args = append(args, fmt.Sprintf("port=%d", config.Port))
	}

	if config.Schema != "" {
		args = append(args, fmt.Sprintf("search_path=%s", config.Schema))
	}

	if config.SSL.Mode != "" {
		args = append(args, fmt.Sprintf("sslmode=%s", config.SSL.Mode))
	}

	if config.SSL.RootCertificate != "" {
		args = append(args, fmt.Sprintf("sslrootcert=%s", config.SSL.RootCertificate))
	}

	if config.SSL.Certificate != "" {
		args = append(args, fmt.Sprintf("sslcert=%s", config.SSL.Certificate))
	}

	if config.SSL.Key != "" {
		args = append(args, fmt.Sprintf("sslkey=%s", config.SSL.Key))
	}

	args = append(args, fmt.Sprintf("connect_timeout=%d", int32(config.Timeout/time.Second)))

	return strings.Join(args, " ")
}
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`package storage`

			`import (`
			`"fmt"`
			`"strings"`
			`"time"`

			`_ "github.com/jackc/pgx/v4/stdlib" // Load the PostgreSQL Driver used in the connection string.`

			`"github.com/authelia/authelia/v4/internal/configuration/schema"`
			`)`

			`// PostgreSQLProvider is a PostgreSQL provider.`
			`type PostgreSQLProvider struct {`
			`SQLProvider`
			`}`

			`// NewPostgreSQLProvider a PostgreSQL provider.`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`func NewPostgreSQLProvider(config schema.Configuration) (provider PostgreSQLProvider) {`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`provider = &PostgreSQLProvider{`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`SQLProvider: NewSQLProvider(config, providerPostgres, "pgx", dataSourceNamePostgreSQL(*config.Storage.PostgreSQL)),`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`}`

			`// All providers have differing SELECT existing table statements.`
			`provider.sqlSelectExistingTables = queryPostgreSelectExistingTables`

			`// Specific alterations to this provider.`
			`// PostgreSQL doesn't have a UPSERT statement but has an ON CONFLICT operation instead.`
			`provider.sqlUpsertU2FDevice = fmt.Sprintf(queryFmtPostgresUpsertU2FDevice, tableU2FDevices)`
fix(storage): duo/u2f upsert failure on postgresql (#2658) This replaces the standard duo_devices upsert with a PostgreSQL specific one and ensures the u2f_devices upsert uses the new unique key for the ON CONFLICT check. 2021-12-02 04:16:45 +00:00			`provider.sqlUpsertDuoDevice = fmt.Sprintf(queryFmtPostgresUpsertDuoDevice, tableDuoDevices)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`provider.sqlUpsertTOTPConfig = fmt.Sprintf(queryFmtPostgresUpsertTOTPConfiguration, tableTOTPConfigurations)`
			`provider.sqlUpsertPreferred2FAMethod = fmt.Sprintf(queryFmtPostgresUpsertPreferred2FAMethod, tableUserPreferences)`
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00			`provider.sqlUpsertEncryptionValue = fmt.Sprintf(queryFmtPostgresUpsertEncryptionValue, tableEncryption)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00
			`// PostgreSQL requires rebinding of any query that contains a '?' placeholder to use the '$#' notation placeholders.`
			`provider.sqlFmtRenameTable = provider.db.Rebind(provider.sqlFmtRenameTable)`
			`provider.sqlSelectPreferred2FAMethod = provider.db.Rebind(provider.sqlSelectPreferred2FAMethod)`
			`provider.sqlSelectUserInfo = provider.db.Rebind(provider.sqlSelectUserInfo)`
			`provider.sqlSelectExistsIdentityVerification = provider.db.Rebind(provider.sqlSelectExistsIdentityVerification)`
			`provider.sqlInsertIdentityVerification = provider.db.Rebind(provider.sqlInsertIdentityVerification)`
			`provider.sqlDeleteIdentityVerification = provider.db.Rebind(provider.sqlDeleteIdentityVerification)`
			`provider.sqlSelectTOTPConfig = provider.db.Rebind(provider.sqlSelectTOTPConfig)`
			`provider.sqlDeleteTOTPConfig = provider.db.Rebind(provider.sqlDeleteTOTPConfig)`
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00			`provider.sqlSelectTOTPConfigs = provider.db.Rebind(provider.sqlSelectTOTPConfigs)`
			`provider.sqlUpdateTOTPConfigSecret = provider.db.Rebind(provider.sqlUpdateTOTPConfigSecret)`
			`provider.sqlUpdateTOTPConfigSecretByUsername = provider.db.Rebind(provider.sqlUpdateTOTPConfigSecretByUsername)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`provider.sqlSelectU2FDevice = provider.db.Rebind(provider.sqlSelectU2FDevice)`
fix(storage): rebind all queries (#2662) Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format. 2021-12-02 06:06:04 +00:00			`provider.sqlSelectDuoDevice = provider.db.Rebind(provider.sqlSelectDuoDevice)`
			`provider.sqlDeleteDuoDevice = provider.db.Rebind(provider.sqlDeleteDuoDevice)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`provider.sqlInsertAuthenticationAttempt = provider.db.Rebind(provider.sqlInsertAuthenticationAttempt)`
			`provider.sqlSelectAuthenticationAttemptsByUsername = provider.db.Rebind(provider.sqlSelectAuthenticationAttemptsByUsername)`
			`provider.sqlInsertMigration = provider.db.Rebind(provider.sqlInsertMigration)`
fix(storage): rebind all queries (#2662) Fixes an issue in the new storage system. We forgot to rebind a few queries to the PostgreSQL compatible format. 2021-12-02 06:06:04 +00:00			`provider.sqlSelectMigrations = provider.db.Rebind(provider.sqlSelectMigrations)`
			`provider.sqlSelectLatestMigration = provider.db.Rebind(provider.sqlSelectLatestMigration)`
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00			`provider.sqlSelectEncryptionValue = provider.db.Rebind(provider.sqlSelectEncryptionValue)`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00
			`return provider`
			`}`

			`func dataSourceNamePostgreSQL(config schema.PostgreSQLStorageConfiguration) (dataSourceName string) {`
			`args := []string{`
feat(storage): postgresql schema and ssl options (#2659) Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process. 2021-12-02 05:36:03 +00:00			`fmt.Sprintf("host=%s", config.Host),`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`fmt.Sprintf("user='%s'", config.Username),`
			`fmt.Sprintf("password='%s'", config.Password),`
feat(storage): postgresql schema and ssl options (#2659) Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process. 2021-12-02 05:36:03 +00:00			`fmt.Sprintf("dbname=%s", config.Database),`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`}`

			`if config.Port > 0 {`
			`args = append(args, fmt.Sprintf("port=%d", config.Port))`
			`}`

feat(storage): postgresql schema and ssl options (#2659) Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process. 2021-12-02 05:36:03 +00:00			`if config.Schema != "" {`
			`args = append(args, fmt.Sprintf("search_path=%s", config.Schema))`
			`}`

			`if config.SSL.Mode != "" {`
			`args = append(args, fmt.Sprintf("sslmode=%s", config.SSL.Mode))`
			`}`

			`if config.SSL.RootCertificate != "" {`
			`args = append(args, fmt.Sprintf("sslrootcert=%s", config.SSL.RootCertificate))`
			`}`

			`if config.SSL.Certificate != "" {`
			`args = append(args, fmt.Sprintf("sslcert=%s", config.SSL.Certificate))`
			`}`

			`if config.SSL.Key != "" {`
			`args = append(args, fmt.Sprintf("sslkey=%s", config.SSL.Key))`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`}`

			`args = append(args, fmt.Sprintf("connect_timeout=%d", int32(config.Timeout/time.Second)))`

			`return strings.Join(args, " ")`
			`}`