fix(userstore): enable strict user checking

2022-03-24 15:52:42 +08:00 · 2022-03-24 15:52:42 +08:00 · d65f1c4356
commit d65f1c4356
parent b7609e6c06
8 changed files with 53 additions and 34 deletions
--- a/src/db/common.go
+++ b/src/db/common.go
@ -37,7 +37,7 @@ var (
 	DefaultSiteName = "Quickshare"
 	DefaultSiteDesc = "Quickshare"
 	DefaultBgConfig = &BgConfig{
-		Repeat:   "repeated",
+		Repeat:   "repeat",
 		Position: "top",
 		Align:    "fixed",
 		BgColor:  "#ccc",
@ -75,6 +75,16 @@ var (
 	DefaultDownloadSpeedLimit = 50 * 1024 * 1024          // 50MB
 	VisitorUploadSpeedLimit   = 10 * 1024 * 1024          // 10MB
 	VisitorDownloadSpeedLimit = 10 * 1024 * 1024          // 10MB
+
+	DefaultPreferences = Preferences{
+		Bg:         DefaultBgConfig,
+		CSSURL:     DefaultCSSURL,
+		LanPackURL: DefaultLanPackURL,
+		Lan:        DefaultLan,
+		Theme:      DefaultTheme,
+		Avatar:     DefaultAvatar,
+		Email:      DefaultEmail,
+	}
 )

 type FileInfo struct {
@ -231,9 +241,6 @@ func CheckPreferences(prefers *Preferences, fillDefault bool) error {
 		prefers.Avatar = DefaultAvatar
 	}
 	if prefers.Email == "" {
-		if !fillDefault {
-			return ErrInvalidPreferences
-		}
 		prefers.Email = DefaultEmail
 	}
 	if prefers.Bg == nil {
@ -281,7 +288,7 @@ func CheckBgConfig(cfg *BgConfig, fillDefault bool) error {
 	return nil
 }

-func CheckUser(user User, fillDefault bool) error {
+func CheckUser(user *User, fillDefault bool) error {
 	if user.ID == 0 && user.Role != AdminRole {
 		return ErrInvalidUser
 	}
--- a/src/db/userstore/user_store.go
+++ b/src/db/userstore/user_store.go
@ -22,16 +22,6 @@ var (
 	ErrReachedLimit     = errors.New("reached space limit")
 	ErrUserNotFound     = errors.New("user not found")
 	ErrNegtiveUsedSpace = errors.New("used space can not be negative")
-
-	DefaultPreferences = db.Preferences{
-		Bg:         db.DefaultBgConfig,
-		CSSURL:     db.DefaultCSSURL,
-		LanPackURL: db.DefaultLanPackURL,
-		Lan:        db.DefaultLan,
-		Theme:      db.DefaultTheme,
-		Avatar:     db.DefaultAvatar,
-		Email:      db.DefaultEmail,
-	}
 )

 type IUserStore interface {
@ -93,7 +83,7 @@ func (us *KVUserStore) Init(rootName, rootPwd string) error {
 			UploadSpeedLimit:   db.DefaultUploadSpeedLimit,
 			DownloadSpeedLimit: db.DefaultDownloadSpeedLimit,
 		},
-		Preferences: &DefaultPreferences,
+		Preferences: &db.DefaultPreferences,
 	}

 	visitor := &db.User{
@ -106,7 +96,7 @@ func (us *KVUserStore) Init(rootName, rootPwd string) error {
 			UploadSpeedLimit:   db.VisitorUploadSpeedLimit,
 			DownloadSpeedLimit: db.VisitorDownloadSpeedLimit,
 		},
-		Preferences: &DefaultPreferences,
+		Preferences: &db.DefaultPreferences,
 	}

 	for _, user := range []*db.User{admin, visitor} {
@ -134,6 +124,10 @@ func (us *KVUserStore) IsInited() bool {
 func (us *KVUserStore) setUser(user *db.User) error {
 	var err error

+	if err = db.CheckUser(user, false); err != nil {
+		return err
+	}
+
 	userID := fmt.Sprint(user.ID)
 	err = us.store.SetStringIn(db.UserIDsNs, user.Name, userID)
 	if err != nil {
@ -159,6 +153,9 @@ func (us *KVUserStore) getUser(id uint64) (*db.User, error) {
 		return nil, err
 	}

+	if err = db.CheckUser(user, true); err != nil {
+		return nil, err
+	}
 	return user, nil
 }

@ -178,6 +175,10 @@ func (us *KVUserStore) getUserByName(name string) (*db.User, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	if err = db.CheckUser(user, true); err != nil {
+		return nil, err
+	}
 	return user, nil
 }

--- a/src/db/userstore/user_store_test.go
+++ b/src/db/userstore/user_store_test.go
@ -37,8 +37,8 @@ func TestUserStores(t *testing.T) {
 		if root.Quota.DownloadSpeedLimit != db.DefaultDownloadSpeedLimit {
 			t.Fatalf("incorrect root DownloadSpeedLimit")
 		}
-		if !db.ComparePreferences(root.Preferences, &DefaultPreferences) {
-			t.Fatalf("incorrect preference %v %v", root.Preferences, DefaultPreferences)
+		if !db.ComparePreferences(root.Preferences, &db.DefaultPreferences) {
+			t.Fatalf("incorrect preference %v %v", root.Preferences, db.DefaultPreferences)
 		}

 		visitor, err := store.GetUser(1)
@ -63,7 +63,7 @@ func TestUserStores(t *testing.T) {
 		if visitor.Quota.DownloadSpeedLimit != db.VisitorDownloadSpeedLimit {
 			t.Fatalf("incorrect visitor DownloadSpeedLimit")
 		}
-		if !db.ComparePreferences(visitor.Preferences, &DefaultPreferences) {
+		if !db.ComparePreferences(visitor.Preferences, &db.DefaultPreferences) {
 			t.Fatalf("incorrect preference")
 		}

@ -83,6 +83,7 @@ func TestUserStores(t *testing.T) {
 				UploadSpeedLimit:   upLimit1,
 				DownloadSpeedLimit: downLimit1,
 			},
+			Preferences: &db.DefaultPreferences,
 		})
 		if err != nil {
 			t.Fatal("there should be no error")
@ -191,7 +192,7 @@ func TestUserStores(t *testing.T) {
 			Bg: &db.BgConfig{
 				Url:      "/url",
 				Repeat:   "repeat",
-				Position: "pos",
+				Position: "center",
 				Align:    "fixed",
 				BgColor:  "#333",
 			},
--- a/src/handlers/multiusers/handlers.go
+++ b/src/handlers/multiusers/handlers.go
@ -188,7 +188,7 @@ func (h *MultiUsersSvc) Init(adminName, adminPwd string) (string, error) {
 				return "", err
 			}

-			preferences := userstore.DefaultPreferences
+			preferences := db.DefaultPreferences
 			user := &db.User{
 				ID:   h.deps.ID().Gen(),
 				Name: userCfg.Name,
@ -433,7 +433,7 @@ func (h *MultiUsersSvc) AddUser(c *gin.Context) {
 		return
 	}

-	newPreferences := userstore.DefaultPreferences
+	newPreferences := db.DefaultPreferences
 	err = h.deps.Users().AddUser(&db.User{
 		ID:   uid,
 		Name: req.Name,
--- a/src/server/server.go
+++ b/src/server/server.go
@ -97,7 +97,7 @@ func checkCompatibility(deps *depidx.Deps) error {

 	for _, user := range users {
 		if user.Preferences == nil {
-			deps.Users().SetPreferences(user.ID, &userstore.DefaultPreferences)
+			deps.Users().SetPreferences(user.ID, &db.DefaultPreferences)
 		}
 	}

--- a/src/server/server_permission_test.go
+++ b/src/server/server_permission_test.go
@ -152,7 +152,7 @@ func TestPermissions(t *testing.T) {
 			assertResp(t, resp, errs, expectedCodes["ListUsers"], fmt.Sprintf("%s-%s", desc, "ListUsers"))

 			// TODO: the id here should be uint64
-			tmpUserID := uint64(0)
+			tmpUserID := uint64(12345)
 			var err error
 			if addUserResp.ID != "" {
 				tmpUserID, err = strconv.ParseUint(addUserResp.ID, 10, 64)
@ -160,13 +160,20 @@ func TestPermissions(t *testing.T) {
 					t.Fatal(err)
 				}
 			}
-			userID := uint64(0)
+			userID := uint64(12345)
 			if selfResp.ID != "" {
 				userID, err = strconv.ParseUint(selfResp.ID, 10, 64)
 				if err != nil {
 					t.Fatal(err)
 				}
 			}
+			tmpAdminID := uint64(12345)
+			if addAdminResp.ID != "" {
+				tmpAdminID, err = strconv.ParseUint(addAdminResp.ID, 10, 64)
+				if err != nil {
+					t.Fatal(err)
+				}
+			}

 			resp, _, errs = cl.ForceSetPwd(selfResp.ID, newPwd, token)
 			assertResp(t, resp, errs, expectedCodes["ForceSetPwd"], fmt.Sprintf("%s-%s", desc, "ForceSetPwd"))
@ -187,7 +194,7 @@ func TestPermissions(t *testing.T) {
 			// update other users
 			resp, _, errs = cl.SetUser(tmpUserID, db.AdminRole, newQuota, token)
 			assertResp(t, resp, errs, expectedCodes["SetUserOthers"], fmt.Sprintf("%s-%s", desc, "SetUserOthers"))
-			resp, _, errs = cl.SetUser(0, db.UserRole, newQuota, token)
+			resp, _, errs = cl.SetUser(tmpAdminID, db.UserRole, newQuota, token)
 			assertResp(t, resp, errs, expectedCodes["SetUserOthersAdmin"], fmt.Sprintf("%s-%s", desc, "SetUserOthersAdmin"))

 			resp, _, errs = cl.DelUser(addUserResp.ID, token)
--- a/src/server/server_users_test.go
+++ b/src/server/server_users_test.go
@ -9,7 +9,6 @@ import (

 	"github.com/ihexxa/quickshare/src/client"
 	"github.com/ihexxa/quickshare/src/db"
-	"github.com/ihexxa/quickshare/src/db/userstore"
 	q "github.com/ihexxa/quickshare/src/handlers"
 	su "github.com/ihexxa/quickshare/src/handlers/singleuserhdr"
 )
@ -94,7 +93,7 @@ func TestUsersHandlers(t *testing.T) {
 					user.Quota.SpaceLimit != 1024*1024*1024 || // TODO: export these
 					user.Quota.UploadSpeedLimit != 50*1024*1024 ||
 					user.Quota.DownloadSpeedLimit != 50*1024*1024 ||
-					!reflect.DeepEqual(user.Preferences, &userstore.DefaultPreferences) {
+					!reflect.DeepEqual(user.Preferences, &db.DefaultPreferences) {
 					t.Fatal(fmt.Errorf("incorrect user info (%v)", user))
 				}
 			}
@ -103,7 +102,7 @@ func TestUsersHandlers(t *testing.T) {
 					user.Quota.SpaceLimit != 0 || // TODO: export these
 					user.Quota.UploadSpeedLimit != 10*1024*1024 ||
 					user.Quota.DownloadSpeedLimit != 10*1024*1024 ||
-					!reflect.DeepEqual(user.Preferences, &userstore.DefaultPreferences) {
+					!reflect.DeepEqual(user.Preferences, &db.DefaultPreferences) {
 					t.Fatal(fmt.Errorf("incorrect user info (%v)", user))
 				}
 			}
@ -112,7 +111,7 @@ func TestUsersHandlers(t *testing.T) {
 					user.Quota.SpaceLimit != 1024 ||
 					user.Quota.UploadSpeedLimit != 409600 ||
 					user.Quota.DownloadSpeedLimit != 409600 ||
-					!reflect.DeepEqual(user.Preferences, &userstore.DefaultPreferences) {
+					!reflect.DeepEqual(user.Preferences, &db.DefaultPreferences) {
 					t.Fatal(fmt.Errorf("incorrect user info (%v)", user))
 				}
 			}
@ -458,19 +457,23 @@ func TestUsersHandlers(t *testing.T) {
 				LanPackURL: "/lanpack",
 				Avatar:     "a1",
 				Email:      "email1",
+				Lan:        "en_US",
+				Theme:      "light",
 			},
 			&db.Preferences{
 				Bg: &db.BgConfig{
 					Url:      "/bgurl2",
-					Repeat:   "no-repeat2",
-					Position: "center2",
-					Align:    "fixed2",
+					Repeat:   "repeat",
+					Position: "top",
+					Align:    "scroll",
 					BgColor:  "#333",
 				},
 				CSSURL:     "/cssurl2",
 				LanPackURL: "/lanpack2",
 				Avatar:     "a2",
 				Email:      "email2",
+				Lan:        "zh_CN",
+				Theme:      "dark",
 			},
 		}
 		for _, prefer := range prefers {
--- a/src/server/testdata/test_quickshare.db
+++ b/src/server/testdata/test_quickshare.db