2023-01-02 15:11:32 +01:00
|
|
|
package sqlite
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
|
|
|
"encoding/json"
|
2023-09-19 18:08:40 +02:00
|
|
|
"fmt"
|
2023-01-02 15:11:32 +01:00
|
|
|
"path/filepath"
|
|
|
|
"time"
|
2023-09-04 17:03:44 +02:00
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
_ "github.com/mattn/go-sqlite3"
|
2023-09-19 18:08:40 +02:00
|
|
|
log "github.com/sirupsen/logrus"
|
|
|
|
|
|
|
|
"github.com/netbirdio/netbird/management/server/activity"
|
2023-01-02 15:11:32 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2023-11-14 17:40:14 +01:00
|
|
|
// eventSinkDB is the default name of the events database
|
2023-01-02 15:11:32 +01:00
|
|
|
eventSinkDB = "events.db"
|
|
|
|
createTableQuery = "CREATE TABLE IF NOT EXISTS events " +
|
|
|
|
"(id INTEGER PRIMARY KEY AUTOINCREMENT, " +
|
|
|
|
"activity INTEGER, " +
|
|
|
|
"timestamp DATETIME, " +
|
|
|
|
"initiator_id TEXT," +
|
|
|
|
"account_id TEXT," +
|
|
|
|
"meta TEXT," +
|
|
|
|
" target_id TEXT);"
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
creatTableDeletedUsersQuery = `CREATE TABLE IF NOT EXISTS deleted_users (id TEXT NOT NULL, email TEXT NOT NULL, name TEXT);`
|
2023-09-19 18:08:40 +02:00
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
selectDescQuery = `SELECT events.id, activity, timestamp, initiator_id, i.name as "initiator_name", i.email as "initiator_email", target_id, t.name as "target_name", t.email as "target_email", account_id, meta
|
2023-11-14 17:40:14 +01:00
|
|
|
FROM events
|
|
|
|
LEFT JOIN (
|
|
|
|
SELECT id, MAX(name) as name, MAX(email) as email
|
|
|
|
FROM deleted_users
|
|
|
|
GROUP BY id
|
|
|
|
) i ON events.initiator_id = i.id
|
|
|
|
LEFT JOIN (
|
|
|
|
SELECT id, MAX(name) as name, MAX(email) as email
|
|
|
|
FROM deleted_users
|
|
|
|
GROUP BY id
|
|
|
|
) t ON events.target_id = t.id
|
2023-09-19 18:08:40 +02:00
|
|
|
WHERE account_id = ?
|
|
|
|
ORDER BY timestamp DESC LIMIT ? OFFSET ?;`
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
selectAscQuery = `SELECT events.id, activity, timestamp, initiator_id, i.name as "initiator_name", i.email as "initiator_email", target_id, t.name as "target_name", t.email as "target_email", account_id, meta
|
2023-11-14 17:40:14 +01:00
|
|
|
FROM events
|
|
|
|
LEFT JOIN (
|
|
|
|
SELECT id, MAX(name) as name, MAX(email) as email
|
|
|
|
FROM deleted_users
|
|
|
|
GROUP BY id
|
|
|
|
) i ON events.initiator_id = i.id
|
|
|
|
LEFT JOIN (
|
|
|
|
SELECT id, MAX(name) as name, MAX(email) as email
|
|
|
|
FROM deleted_users
|
|
|
|
GROUP BY id
|
|
|
|
) t ON events.target_id = t.id
|
2023-09-19 18:08:40 +02:00
|
|
|
WHERE account_id = ?
|
|
|
|
ORDER BY timestamp ASC LIMIT ? OFFSET ?;`
|
|
|
|
|
2023-09-04 17:03:44 +02:00
|
|
|
insertQuery = "INSERT INTO events(activity, timestamp, initiator_id, target_id, account_id, meta) " +
|
2023-01-02 15:11:32 +01:00
|
|
|
"VALUES(?, ?, ?, ?, ?, ?)"
|
2023-09-19 18:08:40 +02:00
|
|
|
|
2023-11-15 11:21:59 +01:00
|
|
|
/*
|
|
|
|
TODO:
|
|
|
|
The insert should avoid duplicated IDs in the table. So the query should be changes to something like:
|
|
|
|
`INSERT INTO deleted_users(id, email, name) VALUES(?, ?, ?) ON CONFLICT (id) DO UPDATE SET email = EXCLUDED.email, name = EXCLUDED.name;`
|
|
|
|
For this to work we have to set the id column as primary key. But this is not possible because the id column is not unique
|
|
|
|
and some selfhosted deployments might have duplicates already so we need to clean the table first.
|
|
|
|
*/
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
insertDeleteUserQuery = `INSERT INTO deleted_users(id, email, name) VALUES(?, ?, ?)`
|
2023-10-11 23:01:49 +02:00
|
|
|
|
|
|
|
fallbackName = "unknown"
|
|
|
|
fallbackEmail = "unknown@unknown.com"
|
2023-01-02 15:11:32 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// Store is the implementation of the activity.Store interface backed by SQLite
|
|
|
|
type Store struct {
|
2023-09-19 18:08:40 +02:00
|
|
|
db *sql.DB
|
2023-09-23 10:47:49 +02:00
|
|
|
fieldEncrypt *FieldEncrypt
|
2023-09-19 18:08:40 +02:00
|
|
|
|
2023-09-04 17:03:44 +02:00
|
|
|
insertStatement *sql.Stmt
|
|
|
|
selectAscStatement *sql.Stmt
|
|
|
|
selectDescStatement *sql.Stmt
|
2023-09-19 18:08:40 +02:00
|
|
|
deleteUserStmt *sql.Stmt
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewSQLiteStore creates a new Store with an event table if not exists.
|
2023-09-19 18:08:40 +02:00
|
|
|
func NewSQLiteStore(dataDir string, encryptionKey string) (*Store, error) {
|
2023-01-02 15:11:32 +01:00
|
|
|
dbFile := filepath.Join(dataDir, eventSinkDB)
|
|
|
|
db, err := sql.Open("sqlite3", dbFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
crypt, err := NewFieldEncrypt(encryptionKey)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-09-19 18:08:40 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
_, err = db.Exec(createTableQuery)
|
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-01-02 15:11:32 +01:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
_, err = db.Exec(creatTableDeletedUsersQuery)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = updateDeletedUsersTable(db)
|
|
|
|
if err != nil {
|
|
|
|
_ = db.Close()
|
2023-09-19 18:08:40 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-04 17:03:44 +02:00
|
|
|
insertStmt, err := db.Prepare(insertQuery)
|
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-09-04 17:03:44 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
selectDescStmt, err := db.Prepare(selectDescQuery)
|
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-09-04 17:03:44 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
selectAscStmt, err := db.Prepare(selectAscQuery)
|
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-09-04 17:03:44 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
deleteUserStmt, err := db.Prepare(insertDeleteUserQuery)
|
|
|
|
if err != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
_ = db.Close()
|
2023-09-19 18:08:40 +02:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
s := &Store{
|
2023-09-04 17:03:44 +02:00
|
|
|
db: db,
|
2023-09-23 10:47:49 +02:00
|
|
|
fieldEncrypt: crypt,
|
2023-09-04 17:03:44 +02:00
|
|
|
insertStatement: insertStmt,
|
|
|
|
selectDescStatement: selectDescStmt,
|
|
|
|
selectAscStatement: selectAscStmt,
|
2023-09-19 18:08:40 +02:00
|
|
|
deleteUserStmt: deleteUserStmt,
|
|
|
|
}
|
2023-09-23 10:47:49 +02:00
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
return s, nil
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
func (store *Store) processResult(result *sql.Rows) ([]*activity.Event, error) {
|
2023-01-02 15:11:32 +01:00
|
|
|
events := make([]*activity.Event, 0)
|
2023-10-11 23:01:49 +02:00
|
|
|
var cryptErr error
|
2023-01-02 15:11:32 +01:00
|
|
|
for result.Next() {
|
|
|
|
var id int64
|
|
|
|
var operation activity.Activity
|
|
|
|
var timestamp time.Time
|
|
|
|
var initiator string
|
2023-09-23 10:47:49 +02:00
|
|
|
var initiatorName *string
|
2023-09-19 18:08:40 +02:00
|
|
|
var initiatorEmail *string
|
2023-01-02 15:11:32 +01:00
|
|
|
var target string
|
2023-09-23 10:47:49 +02:00
|
|
|
var targetUserName *string
|
2023-09-19 18:08:40 +02:00
|
|
|
var targetEmail *string
|
2023-01-02 15:11:32 +01:00
|
|
|
var account string
|
|
|
|
var jsonMeta string
|
2023-09-23 10:47:49 +02:00
|
|
|
err := result.Scan(&id, &operation, ×tamp, &initiator, &initiatorName, &initiatorEmail, &target, &targetUserName, &targetEmail, &account, &jsonMeta)
|
2023-01-02 15:11:32 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
meta := make(map[string]any)
|
|
|
|
if jsonMeta != "" {
|
|
|
|
err = json.Unmarshal([]byte(jsonMeta), &meta)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
if targetUserName != nil {
|
|
|
|
name, err := store.fieldEncrypt.Decrypt(*targetUserName)
|
|
|
|
if err != nil {
|
2023-10-11 23:01:49 +02:00
|
|
|
cryptErr = fmt.Errorf("failed to decrypt username for target id: %s", target)
|
|
|
|
meta["username"] = fallbackName
|
2023-09-23 10:47:49 +02:00
|
|
|
} else {
|
|
|
|
meta["username"] = name
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
if targetEmail != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
email, err := store.fieldEncrypt.Decrypt(*targetEmail)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
2023-10-11 23:01:49 +02:00
|
|
|
cryptErr = fmt.Errorf("failed to decrypt email address for target id: %s", target)
|
|
|
|
meta["email"] = fallbackEmail
|
2023-09-19 18:08:40 +02:00
|
|
|
} else {
|
|
|
|
meta["email"] = email
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
event := &activity.Event{
|
2023-01-02 15:11:32 +01:00
|
|
|
Timestamp: timestamp,
|
|
|
|
Activity: operation,
|
|
|
|
ID: uint64(id),
|
|
|
|
InitiatorID: initiator,
|
|
|
|
TargetID: target,
|
|
|
|
AccountID: account,
|
|
|
|
Meta: meta,
|
2023-09-19 18:08:40 +02:00
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
if initiatorName != nil {
|
|
|
|
name, err := store.fieldEncrypt.Decrypt(*initiatorName)
|
|
|
|
if err != nil {
|
2023-10-11 23:01:49 +02:00
|
|
|
cryptErr = fmt.Errorf("failed to decrypt username of initiator: %s", initiator)
|
|
|
|
event.InitiatorName = fallbackName
|
2023-09-23 10:47:49 +02:00
|
|
|
} else {
|
|
|
|
event.InitiatorName = name
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
if initiatorEmail != nil {
|
2023-09-23 10:47:49 +02:00
|
|
|
email, err := store.fieldEncrypt.Decrypt(*initiatorEmail)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
2023-10-11 23:01:49 +02:00
|
|
|
cryptErr = fmt.Errorf("failed to decrypt email address of initiator: %s", initiator)
|
|
|
|
event.InitiatorEmail = fallbackEmail
|
2023-09-19 18:08:40 +02:00
|
|
|
} else {
|
|
|
|
event.InitiatorEmail = email
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
events = append(events, event)
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
|
|
|
|
2023-10-11 23:01:49 +02:00
|
|
|
if cryptErr != nil {
|
|
|
|
log.Warnf("%s", cryptErr)
|
|
|
|
}
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
return events, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get returns "limit" number of events from index ordered descending or ascending by a timestamp
|
|
|
|
func (store *Store) Get(accountID string, offset, limit int, descending bool) ([]*activity.Event, error) {
|
2023-09-04 17:03:44 +02:00
|
|
|
stmt := store.selectDescStatement
|
2023-01-02 15:11:32 +01:00
|
|
|
if !descending {
|
2023-09-04 17:03:44 +02:00
|
|
|
stmt = store.selectAscStatement
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
result, err := stmt.Query(accountID, limit, offset)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
defer result.Close() //nolint
|
2023-09-19 18:08:40 +02:00
|
|
|
return store.processResult(result)
|
2023-01-02 15:11:32 +01:00
|
|
|
}
|
|
|
|
|
2023-09-19 18:08:40 +02:00
|
|
|
// Save an event in the SQLite events table end encrypt the "email" element in meta map
|
2023-01-02 15:11:32 +01:00
|
|
|
func (store *Store) Save(event *activity.Event) (*activity.Event, error) {
|
|
|
|
var jsonMeta string
|
2023-09-23 10:47:49 +02:00
|
|
|
meta, err := store.saveDeletedUserEmailAndNameInEncrypted(event)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if meta != nil {
|
2023-01-02 15:11:32 +01:00
|
|
|
metaBytes, err := json.Marshal(event.Meta)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
jsonMeta = string(metaBytes)
|
|
|
|
}
|
|
|
|
|
2023-09-04 17:03:44 +02:00
|
|
|
result, err := store.insertStatement.Exec(event.Activity, event.Timestamp, event.InitiatorID, event.TargetID, event.AccountID, jsonMeta)
|
2023-01-02 15:11:32 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
id, err := result.LastInsertId()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
eventCopy := event.Copy()
|
|
|
|
eventCopy.ID = uint64(id)
|
|
|
|
return eventCopy, nil
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
// saveDeletedUserEmailAndNameInEncrypted if the meta contains email and name then store it in encrypted way and delete
|
|
|
|
// this item from meta map
|
|
|
|
func (store *Store) saveDeletedUserEmailAndNameInEncrypted(event *activity.Event) (map[string]any, error) {
|
2023-09-19 18:08:40 +02:00
|
|
|
email, ok := event.Meta["email"]
|
|
|
|
if !ok {
|
|
|
|
return event.Meta, nil
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
name, ok := event.Meta["name"]
|
|
|
|
if !ok {
|
|
|
|
return event.Meta, nil
|
|
|
|
}
|
2023-09-19 18:08:40 +02:00
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
encryptedEmail := store.fieldEncrypt.Encrypt(fmt.Sprintf("%s", email))
|
|
|
|
encryptedName := store.fieldEncrypt.Encrypt(fmt.Sprintf("%s", name))
|
|
|
|
_, err := store.deleteUserStmt.Exec(event.TargetID, encryptedEmail, encryptedName)
|
2023-09-19 18:08:40 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2023-09-23 10:47:49 +02:00
|
|
|
if len(event.Meta) == 2 {
|
2023-09-19 18:08:40 +02:00
|
|
|
return nil, nil // nolint
|
|
|
|
}
|
|
|
|
delete(event.Meta, "email")
|
2023-09-23 10:47:49 +02:00
|
|
|
delete(event.Meta, "name")
|
2023-09-19 18:08:40 +02:00
|
|
|
return event.Meta, nil
|
|
|
|
}
|
|
|
|
|
2023-01-02 15:11:32 +01:00
|
|
|
// Close the Store
|
|
|
|
func (store *Store) Close() error {
|
|
|
|
if store.db != nil {
|
|
|
|
return store.db.Close()
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
2023-09-23 10:47:49 +02:00
|
|
|
|
|
|
|
func updateDeletedUsersTable(db *sql.DB) error {
|
|
|
|
log.Debugf("check deleted_users table version")
|
|
|
|
rows, err := db.Query(`PRAGMA table_info(deleted_users);`)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer rows.Close()
|
|
|
|
found := false
|
|
|
|
for rows.Next() {
|
|
|
|
var (
|
|
|
|
cid int
|
|
|
|
name string
|
|
|
|
dataType string
|
|
|
|
notNull int
|
|
|
|
dfltVal sql.NullString
|
|
|
|
pk int
|
|
|
|
)
|
|
|
|
err := rows.Scan(&cid, &name, &dataType, ¬Null, &dfltVal, &pk)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if name == "name" {
|
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
err = rows.Err()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if found {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Debugf("update delted_users table")
|
|
|
|
_, err = db.Exec(`ALTER TABLE deleted_users ADD COLUMN name TEXT;`)
|
|
|
|
return err
|
|
|
|
}
|