diff --git a/admin/accounthttp.go b/admin/accounthttp.go index fc701e7..fc4fed1 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -17,7 +17,6 @@ func accountHandler(app *model.AppState) http.Handler { mux.Handle("/password", changePasswordHandler(app)) mux.Handle("/delete", deleteAccountHandler(app)) - mux.Handle("/", accountIndexHandler(app)) return mux } @@ -37,6 +36,13 @@ func accountIndexHandler(app *model.AppState) http.Handler { TOTPs []model.TOTP } + sessionMessage := session.Message + sessionError := session.Error + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + session.Message = sessionMessage + session.Error = sessionError + err = pages["account"].Execute(w, accountResponse{ Session: session, TOTPs: totps, @@ -57,18 +63,39 @@ func changePasswordHandler(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + r.ParseForm() currentPassword := r.Form.Get("current-password") if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil { - controller.SetSessionMessage(app.DB, session, "Incorrect password.") + controller.SetSessionError(app.DB, session, "Incorrect password.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } newPassword := r.Form.Get("new-password") - controller.SetSessionMessage(app.DB, session, fmt.Sprintf("Updating password to %s", newPassword)) + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + session.Account.Password = string(hashedPassword) + err = controller.UpdateAccount(app.DB, session.Account) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, "Password updated successfully.") http.Redirect(w, r, "/admin/account", http.StatusFound) }) } @@ -97,10 +124,10 @@ func deleteAccountHandler(app *model.AppState) http.Handler { if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { fmt.Printf( "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - controller.SetSessionMessage(app.DB, session, "Incorrect password.") + controller.SetSessionError(app.DB, session, "Incorrect password.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } @@ -108,35 +135,36 @@ func deleteAccountHandler(app *model.AppState) http.Handler { totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp")) if err != nil { fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err) - controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } if totpMethod == nil { fmt.Printf( "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - controller.SetSessionMessage(app.DB, session, "Incorrect TOTP.") + controller.SetSessionError(app.DB, session, "Incorrect TOTP.") http.Redirect(w, r, "/admin/account", http.StatusFound) } err = controller.DeleteAccount(app.DB, session.Account.ID) if err != nil { fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) - controller.SetSessionMessage(app.DB, session, "Something went wrong. Please try again.") + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } fmt.Printf( "[%s] INFO: Account \"%s\" deleted by user request.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), session.Account.Username, ) - session.Account = nil + controller.SetSessionAccount(app.DB, session, nil) + controller.SetSessionError(app.DB, session, "") controller.SetSessionMessage(app.DB, session, "Account deleted successfully.") http.Redirect(w, r, "/admin/login", http.StatusFound) }) diff --git a/admin/http.go b/admin/http.go index ad0d44e..5fcce01 100644 --- a/admin/http.go +++ b/admin/http.go @@ -93,8 +93,8 @@ func AdminIndexHandler(app *model.AppState) http.Handler { func registerAccountHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) - session.Error = sql.NullString{} - session.Message = sql.NullString{} + controller.SetSessionError(app.DB, session, "") + controller.SetSessionMessage(app.DB, session, "") if session.Account != nil { // user is already logged in @@ -102,8 +102,12 @@ func registerAccountHandler(app *model.AppState) http.Handler { return } + type registerData struct { + Session *model.Session + } + render := func() { - err := pages["register"].Execute(w, session) + err := pages["register"].Execute(w, registerData{ Session: session }) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -122,7 +126,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + controller.SetSessionError(app.DB, session, "Malformed data.") render() return } @@ -144,7 +148,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { invite, err := controller.GetInvite(app.DB, credentials.Invite) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } @@ -153,7 +157,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { err := controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } } - session.Error = sql.NullString{ String: "Invalid invite code.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid invite code.") render() return } @@ -161,7 +165,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } @@ -175,16 +179,23 @@ func registerAccountHandler(app *model.AppState) http.Handler { err = controller.CreateAccount(app.DB, &account) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { - session.Error = sql.NullString{ String: "An account with that username already exists.", Valid: true } + controller.SetSessionError(app.DB, session, "An account with that username already exists.") render() return } fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } + fmt.Printf( + "[%s]: Account registered: %s (%s)\n", + time.Now().Format(time.UnixDate), + account.Username, + account.ID, + ) + err = controller.DeleteInvite(app.DB, invite.Code) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } @@ -229,7 +240,7 @@ func loginHandler(app *model.AppState) http.Handler { err := r.ParseForm() if err != nil { - session.Error = sql.NullString{ String: "Malformed data.", Valid: true } + controller.SetSessionError(app.DB, session, "Malformed data.") render() return } @@ -253,12 +264,12 @@ func loginHandler(app *model.AppState) http.Handler { account, err := controller.GetAccountByUsername(app.DB, credentials.Username) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err) - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } if account == nil { - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } @@ -267,10 +278,10 @@ func loginHandler(app *model.AppState) http.Handler { if err != nil { fmt.Printf( "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), account.Username, ) - session.Error = sql.NullString{ String: "Invalid username or password.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid username or password.") render() return } @@ -278,12 +289,12 @@ func loginHandler(app *model.AppState) http.Handler { totpMethod, err := controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - session.Error = sql.NullString{ String: "Something went wrong. Please try again.", Valid: true } + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } if totpMethod == nil { - session.Error = sql.NullString{ String: "Invalid TOTP.", Valid: true } + controller.SetSessionError(app.DB, session, "Invalid TOTP.") render() return } @@ -291,7 +302,7 @@ func loginHandler(app *model.AppState) http.Handler { // TODO: log login activity to user fmt.Printf( "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", - time.Now().Format("2006-02-01 15:04:05"), + time.Now().Format(time.UnixDate), account.Username, totpMethod.Name, ) @@ -379,11 +390,7 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler { // fetch existing session session, err = controller.GetSession(app.DB, sessionCookie.Value) - if err != nil { - if strings.Contains(err.Error(), "no rows") { - http.Error(w, "Invalid session. Please try clearing your cookies and refresh.", http.StatusBadRequest) - return - } + if err != nil && !strings.Contains(err.Error(), "no rows") { fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index 0acfaf5..18a6dca 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -52,7 +52,10 @@

You have no MFA devices.

{{end}} - +
+ + Add TOTP Device +
diff --git a/controller/account.go b/controller/account.go index 8272bad..0cf3364 100644 --- a/controller/account.go +++ b/controller/account.go @@ -108,7 +108,7 @@ func CreateAccount(db *sqlx.DB, account *model.Account) error { func UpdateAccount(db *sqlx.DB, account *model.Account) error { _, err := db.Exec( "UPDATE account " + - "SET username=$2, password=$3, email=$4, avatar_url=$5) " + + "SET username=$2,password=$3,email=$4,avatar_url=$5 " + "WHERE id=$1", account.ID, account.Username, @@ -120,7 +120,7 @@ func UpdateAccount(db *sqlx.DB, account *model.Account) error { return err } -func DeleteAccount(db *sqlx.DB, username string) error { - _, err := db.Exec("DELETE FROM account WHERE username=$1", username) +func DeleteAccount(db *sqlx.DB, accountID string) error { + _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID) return err } diff --git a/controller/session.go b/controller/session.go index 2a2a19e..c9c4cbb 100644 --- a/controller/session.go +++ b/controller/session.go @@ -63,6 +63,7 @@ func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Accou func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) error { var err error if message == "" { + if !session.Message.Valid { return nil } session.Message = sql.NullString{ } _, err = db.Exec("UPDATE session SET message=NULL WHERE token=$1", session.Token) } else { @@ -75,10 +76,11 @@ func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) erro func SetSessionError(db *sqlx.DB, session *model.Session, message string) error { var err error if message == "" { - session.Message = sql.NullString{ } + if !session.Error.Valid { return nil } + session.Error = sql.NullString{ } _, err = db.Exec("UPDATE session SET error=NULL WHERE token=$1", session.Token) } else { - session.Message = sql.NullString{ String: message, Valid: true } + session.Error = sql.NullString{ String: message, Valid: true } _, err = db.Exec("UPDATE session SET error=$2 WHERE token=$1", session.Token, message) } return err diff --git a/main.go b/main.go index 9c5b38a..251d9a9 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "log" + "math" "math/rand" "net/http" "os" @@ -22,6 +23,7 @@ import ( "github.com/jmoiron/sqlx" _ "github.com/lib/pq" + "golang.org/x/crypto/bcrypt" ) // used for database migrations @@ -91,12 +93,12 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } @@ -109,10 +111,10 @@ func main() { err = controller.CreateTOTP(app.DB, &totp) if err != nil { if strings.HasPrefix(err.Error(), "pq: duplicate key") { - fmt.Fprintf(os.Stderr, "Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) os.Exit(1) } - fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) os.Exit(1) } @@ -130,18 +132,18 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } err = controller.DeleteTOTP(app.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) os.Exit(1) } @@ -157,18 +159,18 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create TOTP methods: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP methods: %v\n", err) os.Exit(1) } @@ -190,23 +192,23 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } totp, err := controller.GetTOTP(app.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch TOTP method \"%s\": %v\n", totpName, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch TOTP method \"%s\": %v\n", totpName, err) os.Exit(1) } if totp == nil { - fmt.Fprintf(os.Stderr, "TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) + fmt.Fprintf(os.Stderr, "FATAL: TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) os.Exit(1) } @@ -218,18 +220,22 @@ func main() { fmt.Printf("Creating invite...\n") invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to create invite code: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to create invite code: %v\n", err) os.Exit(1) } - fmt.Printf("Here you go! This code expires in 24 hours: %s\n", invite.Code) + fmt.Printf( + "Here you go! This code expires in %d hours: %s\n", + int(math.Ceil(invite.ExpiresAt.Sub(invite.CreatedAt).Hours())), + invite.Code, + ) return case "purgeInvites": fmt.Printf("Deleting all invites...\n") err := controller.DeleteAllInvites(app.DB) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to delete invites: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete invites: %v\n", err) os.Exit(1) } @@ -239,7 +245,7 @@ func main() { case "listAccounts": accounts, err := controller.GetAllAccounts(app.DB) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch accounts: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch accounts: %v\n", err) os.Exit(1) } @@ -259,6 +265,39 @@ func main() { } return + case "changePassword": + if len(os.Args) < 4 { + fmt.Fprintf(os.Stderr, "FATAL: `username` and `password` must be specified for changePassword\n") + os.Exit(1) + } + + username := os.Args[2] + password := os.Args[3] + account, err := controller.GetAccountByUsername(app.DB, username) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + os.Exit(1) + } + if account == nil { + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + os.Exit(1) + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to update password: %v\n", err) + os.Exit(1) + } + account.Password = string(hashedPassword) + err = controller.UpdateAccount(app.DB, account) + if err != nil { + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err) + os.Exit(1) + } + + fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username) + return + case "deleteAccount": if len(os.Args) < 3 { fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for deleteAccount\n") @@ -269,12 +308,12 @@ func main() { account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) os.Exit(1) } @@ -285,9 +324,9 @@ func main() { return } - err = controller.DeleteAccount(app.DB, username) + err = controller.DeleteAccount(app.DB, account.ID) if err != nil { - fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) + fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err) os.Exit(1) } diff --git a/schema_migration/000-init.sql b/schema_migration/000-init.sql index 48b8fbe..ff5c1af 100644 --- a/schema_migration/000-init.sql +++ b/schema_migration/000-init.sql @@ -4,19 +4,19 @@ -- Accounts CREATE TABLE arimelody.account ( - id uuid DEFAULT gen_random_uuid(), - username text NOT NULL UNIQUE, - password text NOT NULL, - email text, - avatar_url text, + id UUID DEFAULT gen_random_uuid(), + username TEXT NOT NULL UNIQUE, + password TEXT NOT NULL, + email TEXT, + avatar_url TEXT, created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account uuid NOT NULL, - privilege text NOT NULL + account UUID NOT NULL, + privilege TEXT NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); @@ -33,12 +33,12 @@ CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL + expires_at TIMESTAMP DEFAULT NULL, account UUID, message TEXT, - error TEXT, + error TEXT ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); -- TOTPs CREATE TABLE arimelody.totp ( diff --git a/schema_migration/001-pre-versioning.sql b/schema_migration/001-pre-versioning.sql index 76fb1b8..cd0c061 100644 --- a/schema_migration/001-pre-versioning.sql +++ b/schema_migration/001-pre-versioning.sql @@ -2,21 +2,21 @@ -- New items -- --- Acounts +-- Accounts CREATE TABLE arimelody.account ( - id uuid DEFAULT gen_random_uuid(), - username text NOT NULL UNIQUE, - password text NOT NULL, - email text, - avatar_url text, + id UUID DEFAULT gen_random_uuid(), + username TEXT NOT NULL UNIQUE, + password TEXT NOT NULL, + email TEXT, + avatar_url TEXT, created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account uuid NOT NULL, - privilege text NOT NULL + account UUID NOT NULL, + privilege TEXT NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); @@ -33,12 +33,12 @@ CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL + expires_at TIMESTAMP DEFAULT NULL, account UUID, message TEXT, - error TEXT, + error TEXT ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (session); +ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); -- TOTPs CREATE TABLE arimelody.totp (