1 package mailmux
2 
3 import (
4 	"database/sql"
5 	"errors"
6 	"fmt"
7 	"net/mail"
8 	"os"
9 	"path"
10 
11 	_ "github.com/mattn/go-sqlite3"
12 	"golang.org/x/crypto/bcrypt"
13 )
14 
15 // maxUsernameSize defines a reasonable maximum length for an email address.
16 const maxUsernameLength = 255
17 
18 // UserDB is an implementation of UserStore backed by a SQLite3 database.
19 // Users are fully authenticated after confirming ownership of their
20 // email address by supplying a matching ticket to a generated ticket file.
21 type UserDB struct {
22 	*sql.DB
23 	TicketDir string
24 }
25 
26 // CreateUserDB creates the named user database file and ticket directory.
27 // If the database file already exists, it is truncated. If successfullly created,
28 // the database's tables are initialised so the database is ready to use.
29 func CreateUserDB(name, ticketDir string) (*UserDB, error) {
30 	_, err := os.Create(name)
31 	if err != nil {
32 		return nil, err
33 	}
34 	if err := os.MkdirAll(ticketDir, 0666); err != nil {
35 		return nil, fmt.Errorf("create user db: %w", err)
36 	}
37 	db, err := OpenUserDB(name, ticketDir)
38 	if err != nil {
39 		return nil, fmt.Errorf("create user db: %w", err)
40 	}
41 	return db, initialiseUserDB(db.DB)
42 }
43 
44 // OpenUserDB opens the named user database file and ticket directory.
45 // If the database does not exist, it is created and its tables are 
46 // initialised ready for use.
47 func OpenUserDB(name, dir string) (*UserDB, error) {
48 	db, err := sql.Open("sqlite3", name)
49 	if err != nil {
50 		return nil, err
51 	}
52 	if err := initialiseUserDB(db); err != nil {
53 		return nil, err
54 	}
55 	return &UserDB{db, dir}, db.Ping()
56 }
57 
58 func initialiseUserDB(db *sql.DB) error {
59 	stmt := `CREATE TABLE IF NOT EXISTS users (
60 	username TEXT PRIMARY KEY,
61 	password BLOB NOT NULL
62 );`
63 	_, err := db.Exec(stmt)
64 	return err
65 }
66 
67 func (db *UserDB) Lookup(name string) (User, error) {
68 	var u User
69 	row := db.QueryRow("SELECT username, password FROM users WHERE username = ?", name)
70 	if err := row.Scan(&u.name, &u.password); err != nil {
71 		if errors.Is(err, sql.ErrNoRows) {
72 			return User{}, ErrUnknownUser
73 		}
74 		return User{}, err
75 	}
76 	return u, nil
77 }
78 
79 func (db *UserDB) add(username string, pw Password) error {
80 	if len(username) > maxUsernameLength {
81 		return fmt.Errorf("add %s: invalid username: too long", username)
82 	}
83 	addr, err := mail.ParseAddress(username)
84 	if err != nil {
85 		return fmt.Errorf("add %s: invalid username: %w", username, err)
86 	}
87 	if addr.Name != "" {
88 		return fmt.Errorf("add %s: proper name present", username)
89 	}
90 
91 	hashed, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
92 	if err != nil {
93 		return fmt.Errorf("add %s: %w", username, err)
94 	}
95 	_, err = db.Exec("INSERT INTO users (username, password) VALUES (?, ?)", username, hashed)
96 	if err != nil {
97 		return fmt.Errorf("add %s: %w", username, err)
98 	}
99 	if err := createTicket(db.TicketDir, username, pw); err != nil {
100 		return fmt.Errorf("add %s: create ticket: %w", username, err)
101 	}
102 	return nil
103 }
104 
105 func (db *UserDB) Change(name string, new Password) error {
106 	_, err := db.Lookup(name)
107 	if errors.Is(err, ErrUnknownUser) {
108 		return db.add(name, new)
109 	}
110 	if err != nil {
111 		return fmt.Errorf("lookup %s: %w", name, err)
112 	}
113 
114 	hashed, err := bcrypt.GenerateFromPassword(new, bcrypt.DefaultCost)
115 	if err != nil {
116 		return fmt.Errorf("generate hash: %w", err)
117 	}
118 	_, err = db.Exec("UPDATE users SET password = ? WHERE username = ?", hashed, name)
119 	return err
120 }
121 
122 func (db *UserDB) Delete(name string) error {
123 	_, err := db.Lookup(name)
124 	if err != nil {
125 		return fmt.Errorf("delete %s: %w", name, err)
126 	}
127 	_, err = db.Exec("DELETE FROM users WHERE username = ?", name)
128 	if err != nil {
129 		return fmt.Errorf("delete %s: %w", name, err)
130 	}
131 	return nil
132 }
133 
134 func (db *UserDB) Authenticate(name string, pw Password) error {
135 	u, err := db.Lookup(name)
136 	if err != nil {
137 		return fmt.Errorf("authenticate %s: %w", name, err)
138 	}
139 	if err := bcrypt.CompareHashAndPassword(u.password, pw); err != nil {
140 		return fmt.Errorf("authenticate %s: %w", name, err)
141 	}
142 	return nil
143 }
144 
145 // TODO tickets aren't implemented yet
146 func createTicket(dir, username string, pw Password) error {
147 	f, err := os.Create(path.Join(dir, username))
148 	if err != nil {
149 		return err
150 	}
151 	defer f.Close()
152 
153 	// TODO hash username, password, random bytes
154 	// _, err := f.Write(b)
155 	if _, err := f.Write(testTicket); err != nil {
156 		return err
157 	}
158 	return nil
159 }