authelia/internal/storage/sql_provider_queries.go

package storage

const (
	queryFmtSelectMigrations = `
		SELECT id, applied, version_before, version_after, application_version
		FROM %s;`

	queryFmtSelectLatestMigration = `
		SELECT id, applied, version_before, version_after, application_version
		FROM %s
		ORDER BY id DESC
		LIMIT 1;`

	queryFmtInsertMigration = `
		INSERT INTO %s (applied, version_before, version_after, application_version)
		VALUES (?, ?, ?, ?);`
)

const (
	queryMySQLSelectExistingTables = `
		SELECT table_name
		FROM information_schema.tables
		WHERE table_type = 'BASE TABLE' AND table_schema = database();`

	queryPostgreSelectExistingTables = `
		SELECT table_name
		FROM information_schema.tables
		WHERE table_type = 'BASE TABLE' AND table_schema = 'public';`

	querySQLiteSelectExistingTables = `
		SELECT name
		FROM sqlite_master
		WHERE type = 'table';`
)

const (
	queryFmtSelectUserInfo = `
		SELECT second_factor_method, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_totp, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_u2f
		FROM %s
		WHERE username = ?;`

	queryFmtSelectPreferred2FAMethod = `
		SELECT second_factor_method
		FROM %s
		WHERE username = ?;`

	queryFmtUpsertPreferred2FAMethod = `
		REPLACE INTO %s (username, second_factor_method)
		VALUES (?, ?);`

	queryFmtPostgresUpsertPreferred2FAMethod = `
		INSERT INTO %s (username, second_factor_method)
		VALUES ($1, $2)
			ON CONFLICT (username)
			DO UPDATE SET second_factor_method = $2;`
)

const (
	queryFmtSelectExistsIdentityVerification = `
		SELECT EXISTS (
			SELECT id
			FROM %s
			WHERE token = ?
		);`

	queryFmtInsertIdentityVerification = `
		INSERT INTO %s (token)
		VALUES (?);`

	queryFmtDeleteIdentityVerification = `
		DELETE FROM %s
		WHERE token = ?;`
)

const (
	queryFmtSelectTOTPConfiguration = `
		SELECT id, username, algorithm, digits, totp_period, secret
		FROM %s
		WHERE username = ?;`

	queryFmtSelectTOTPConfigurations = `
		SELECT id, username, algorithm, digits, totp_period, secret
		FROM %s
		LIMIT ?
		OFFSET ?;`

	//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.
	queryFmtUpdateTOTPConfigurationSecret = `
		UPDATE %s
		SET secret = ?
		WHERE id = ?;`

	//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.
	queryFmtUpdateTOTPConfigurationSecretByUsername = `
		UPDATE %s
		SET secret = ?
		WHERE username = ?;`

	queryFmtUpsertTOTPConfiguration = `
		REPLACE INTO %s (username, algorithm, digits, totp_period, secret)
		VALUES (?, ?, ?, ?, ?);`

	queryFmtPostgresUpsertTOTPConfiguration = `
		INSERT INTO %s (username, algorithm, digits, totp_period, secret)
		VALUES ($1, $2, $3, $4, $5)
			ON CONFLICT (username)
			DO UPDATE SET algorithm = $2, digits = $3, totp_period = $4, secret = $5;`

	queryFmtDeleteTOTPConfiguration = `
		DELETE FROM %s
		WHERE username = ?;`
)

const (
	queryFmtSelectU2FDevice = `
		SELECT key_handle, public_key
		FROM %s
		WHERE username = ?;`

	queryFmtUpsertU2FDevice = `
		REPLACE INTO %s (username, key_handle, public_key)
		VALUES (?, ?, ?);`

	queryFmtPostgresUpsertU2FDevice = `
		INSERT INTO %s (username, key_handle, public_key)
		VALUES ($1, $2, $3)
			ON CONFLICT (username)
			DO UPDATE SET key_handle=$2, public_key=$3;`
)

const (
	queryFmtInsertAuthenticationLogEntry = `
		INSERT INTO %s (time, successful, banned, username, auth_type, remote_ip, request_uri, request_method)
		VALUES (?, ?, ?, ?, ?, ?, ?, ?);`

	queryFmtSelect1FAAuthenticationLogEntryByUsername = `
		SELECT time, successful, username
		FROM %s
		WHERE time > ? AND username = ? AND auth_type = '1FA' AND banned = 0
		ORDER BY time DESC
		LIMIT ?
		OFFSET ?;`
)

const (
	queryFmtSelectEncryptionValue = `
		SELECT (value)
        FROM %s
        WHERE name = ?`

	queryFmtUpsertEncryptionValue = `
		REPLACE INTO %s (name, value)
		VALUES (?, ?);`

	queryFmtPostgresUpsertEncryptionValue = `
		INSERT INTO %s (name, value)
		VALUES ($1, $2)
			ON CONFLICT (name)
			DO UPDATE SET value=$2;`
)
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`package storage`

			`const (`
			queryFmtSelectMigrations = `
			`SELECT id, applied, version_before, version_after, application_version`
			FROM %s;`

			queryFmtSelectLatestMigration = `
			`SELECT id, applied, version_before, version_after, application_version`
			`FROM %s`
			`ORDER BY id DESC`
			LIMIT 1;`

			queryFmtInsertMigration = `
			`INSERT INTO %s (applied, version_before, version_after, application_version)`
			VALUES (?, ?, ?, ?);`
			`)`

			`const (`
			queryMySQLSelectExistingTables = `
			`SELECT table_name`
			`FROM information_schema.tables`
			WHERE table_type = 'BASE TABLE' AND table_schema = database();`

			queryPostgreSelectExistingTables = `
			`SELECT table_name`
			`FROM information_schema.tables`
			WHERE table_type = 'BASE TABLE' AND table_schema = 'public';`

			querySQLiteSelectExistingTables = `
			`SELECT name`
			`FROM sqlite_master`
			WHERE type = 'table';`
			`)`

			`const (`
			queryFmtSelectUserInfo = `
			`SELECT second_factor_method, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_totp, (SELECT EXISTS (SELECT id FROM %s WHERE username = ?)) AS has_u2f`
			`FROM %s`
			WHERE username = ?;`

			queryFmtSelectPreferred2FAMethod = `
			`SELECT second_factor_method`
			`FROM %s`
			WHERE username = ?;`

			queryFmtUpsertPreferred2FAMethod = `
			`REPLACE INTO %s (username, second_factor_method)`
			VALUES (?, ?);`

			queryFmtPostgresUpsertPreferred2FAMethod = `
			`INSERT INTO %s (username, second_factor_method)`
			`VALUES ($1, $2)`
			`ON CONFLICT (username)`
			DO UPDATE SET second_factor_method = $2;`
			`)`

			`const (`
			queryFmtSelectExistsIdentityVerification = `
			`SELECT EXISTS (`
			`SELECT id`
			`FROM %s`
			`WHERE token = ?`
			);`

			queryFmtInsertIdentityVerification = `
			`INSERT INTO %s (token)`
			VALUES (?);`

			queryFmtDeleteIdentityVerification = `
			`DELETE FROM %s`
			WHERE token = ?;`
			`)`

			`const (`
			queryFmtSelectTOTPConfiguration = `
			`SELECT id, username, algorithm, digits, totp_period, secret`
			`FROM %s`
			WHERE username = ?;`

feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00			queryFmtSelectTOTPConfigurations = `
			`SELECT id, username, algorithm, digits, totp_period, secret`
			`FROM %s`
			`LIMIT ?`
			OFFSET ?;`

			`//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.`
			queryFmtUpdateTOTPConfigurationSecret = `
			`UPDATE %s`
			`SET secret = ?`
			WHERE id = ?;`

			`//nolint:gosec // These are not hardcoded credentials it's a query to obtain credentials.`
			queryFmtUpdateTOTPConfigurationSecretByUsername = `
			`UPDATE %s`
			`SET secret = ?`
			WHERE username = ?;`

feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			queryFmtUpsertTOTPConfiguration = `
			`REPLACE INTO %s (username, algorithm, digits, totp_period, secret)`
			VALUES (?, ?, ?, ?, ?);`

			queryFmtPostgresUpsertTOTPConfiguration = `
			`INSERT INTO %s (username, algorithm, digits, totp_period, secret)`
			`VALUES ($1, $2, $3, $4, $5)`
			`ON CONFLICT (username)`
			DO UPDATE SET algorithm = $2, digits = $3, totp_period = $4, secret = $5;`

			queryFmtDeleteTOTPConfiguration = `
			`DELETE FROM %s`
			WHERE username = ?;`
			`)`

			`const (`
			queryFmtSelectU2FDevice = `
			`SELECT key_handle, public_key`
			`FROM %s`
			WHERE username = ?;`

			queryFmtUpsertU2FDevice = `
			`REPLACE INTO %s (username, key_handle, public_key)`
			VALUES (?, ?, ?);`

			queryFmtPostgresUpsertU2FDevice = `
			`INSERT INTO %s (username, key_handle, public_key)`
			`VALUES ($1, $2, $3)`
			`ON CONFLICT (username)`
			DO UPDATE SET key_handle=$2, public_key=$3;`
			`)`

			`const (`
			queryFmtInsertAuthenticationLogEntry = `
feat(regulator): enhance authentication logs (#2622) This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors. Fixes #116, Fixes #1293. 2021-11-29 03:09:14 +00:00			`INSERT INTO %s (time, successful, banned, username, auth_type, remote_ip, request_uri, request_method)`
			VALUES (?, ?, ?, ?, ?, ?, ?, ?);`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00
			queryFmtSelect1FAAuthenticationLogEntryByUsername = `
			`SELECT time, successful, username`
			`FROM %s`
feat(regulator): enhance authentication logs (#2622) This adds additional logging to the authentication logs such as type, remote IP, request method, redirect URL, and if the attempt was done during a ban. This also means we log attempts that occur when the attempt was blocked by the regulator for record keeping purposes, as well as record 2FA attempts which can be used to inform admins and later to regulate based on other factors. Fixes #116, Fixes #1293. 2021-11-29 03:09:14 +00:00			`WHERE time > ? AND username = ? AND auth_type = '1FA' AND banned = 0`
feat(storage): primary key for all tables and general qol refactoring (#2431) This is a massive overhaul to the SQL Storage for Authelia. It facilitates a whole heap of utility commands to help manage the database, primary keys, ensures all database requests use a context for cancellations, and paves the way for a few other PR's which improve the database. Fixes #1337 2021-11-23 09:45:38 +00:00			`ORDER BY time DESC`
			`LIMIT ?`
			OFFSET ?;`
			`)`
feat(storage): encrypted secret values (#2588) This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682 2021-11-25 01:56:58 +00:00
			`const (`
			queryFmtSelectEncryptionValue = `
			`SELECT (value)`
			`FROM %s`
			WHERE name = ?`

			queryFmtUpsertEncryptionValue = `
			`REPLACE INTO %s (name, value)`
			VALUES (?, ?);`

			queryFmtPostgresUpsertEncryptionValue = `
			`INSERT INTO %s (name, value)`
			`VALUES ($1, $2)`
			`ON CONFLICT (name)`
			DO UPDATE SET value=$2;`
			`)`