mirror of
https://github.com/thiloho/archtika.git
synced 2025-11-22 02:41:35 +01:00
Show logs and usernames for deleted users and remove svg mimetype for client side
This commit is contained in:
thiloho
@@ -43,7 +43,7 @@ CREATE TABLE internal.website (
|
||||
CREATE TABLE internal.media (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid (),
|
||||
website_id UUID REFERENCES internal.website (id) ON DELETE CASCADE NOT NULL,
|
||||
user_id UUID REFERENCES internal.user (id) ON DELETE CASCADE NOT NULL DEFAULT (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id') ::UUID,
|
||||
user_id UUID REFERENCES internal.user (id) ON DELETE SET NULL DEFAULT (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id') ::UUID,
|
||||
blob BYTEA NOT NULL,
|
||||
mimetype TEXT NOT NULL,
|
||||
original_name TEXT NOT NULL,
|
||||
|
||||
@@ -7,18 +7,17 @@ CREATE FUNCTION internal.check_role_exists ()
|
||||
RETURNS TRIGGER
|
||||
AS $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (
|
||||
IF (NOT EXISTS (
|
||||
SELECT
|
||||
1
|
||||
FROM
|
||||
pg_roles AS r
|
||||
WHERE
|
||||
r.rolname = NEW.role) THEN
|
||||
RAISE foreign_key_violation
|
||||
USING message = 'Unknown database role: ' || NEW.role;
|
||||
RETURN NULL;
|
||||
END IF;
|
||||
RETURN NEW;
|
||||
r.rolname = NEW.role)) THEN
|
||||
RAISE foreign_key_violation
|
||||
USING message = 'Unknown database role: ' || NEW.role;
|
||||
END IF;
|
||||
RETURN NULL;
|
||||
END
|
||||
$$
|
||||
LANGUAGE plpgsql;
|
||||
@@ -67,43 +66,42 @@ DECLARE
|
||||
_password_length_min CONSTANT INT := 12;
|
||||
_password_length_max CONSTANT INT := 128;
|
||||
BEGIN
|
||||
CASE WHEN LENGTH(register.username)
|
||||
NOT BETWEEN _username_length_min AND _username_length_max THEN
|
||||
RAISE string_data_length_mismatch
|
||||
USING message = FORMAT('Username must be between %s and %s characters long', _username_length_min, _username_length_max);
|
||||
WHEN EXISTS (
|
||||
SELECT
|
||||
1
|
||||
FROM
|
||||
internal.user AS u
|
||||
WHERE
|
||||
u.username = register.username) THEN
|
||||
IF (LENGTH(register.username)
|
||||
NOT BETWEEN _username_length_min AND _username_length_max) THEN
|
||||
RAISE string_data_length_mismatch
|
||||
USING message = FORMAT('Username must be between %s and %s characters long', _username_length_min, _username_length_max);
|
||||
ELSIF (EXISTS (
|
||||
SELECT
|
||||
1
|
||||
FROM
|
||||
internal.user AS u
|
||||
WHERE
|
||||
u.username = register.username)) THEN
|
||||
RAISE unique_violation
|
||||
USING message = 'Username is already taken';
|
||||
WHEN LENGTH(register.pass) NOT BETWEEN _password_length_min AND _password_length_max THEN
|
||||
RAISE string_data_length_mismatch
|
||||
USING message = FORMAT('Password must be between %s and %s characters long', _password_length_min, _password_length_max);
|
||||
WHEN register.pass !~ '[a-z]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one lowercase letter';
|
||||
WHEN register.pass !~ '[A-Z]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one uppercase letter';
|
||||
WHEN register.pass !~ '[0-9]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one number';
|
||||
WHEN register.pass !~ '[!@#$%^&*(),.?":{}|<>]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one special character';
|
||||
ELSE
|
||||
INSERT
|
||||
INTO internal.user (username, password_hash)
|
||||
VALUES (register.username, register.pass)
|
||||
RETURNING
|
||||
id INTO user_id;
|
||||
END
|
||||
CASE;
|
||||
END;
|
||||
USING message = 'Username is already taken';
|
||||
ELSIF (LENGTH(register.pass)
|
||||
NOT BETWEEN _password_length_min AND _password_length_max) THEN
|
||||
RAISE string_data_length_mismatch
|
||||
USING message = FORMAT('Password must be between %s and %s characters long', _password_length_min, _password_length_max);
|
||||
ELSIF register.pass !~ '[a-z]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one lowercase letter';
|
||||
ELSIF register.pass !~ '[A-Z]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one uppercase letter';
|
||||
ELSIF register.pass !~ '[0-9]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one number';
|
||||
ELSIF register.pass !~ '[!@#$%^&*(),.?":{}|<>]' THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Password must contain at least one special character';
|
||||
ELSE
|
||||
INSERT INTO internal.user (username, password_hash)
|
||||
VALUES (register.username, register.pass)
|
||||
RETURNING
|
||||
id INTO user_id;
|
||||
END IF;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql
|
||||
SECURITY DEFINER;
|
||||
@@ -120,7 +118,7 @@ BEGIN
|
||||
IF _role IS NULL THEN
|
||||
RAISE invalid_password
|
||||
USING message = 'Invalid username or password';
|
||||
END IF;
|
||||
ELSE
|
||||
SELECT
|
||||
id INTO _user_id
|
||||
FROM
|
||||
@@ -130,6 +128,7 @@ BEGIN
|
||||
_exp := EXTRACT(EPOCH FROM CLOCK_TIMESTAMP())::INTEGER + 86400;
|
||||
SELECT
|
||||
SIGN(JSON_BUILD_OBJECT('role', _role, 'user_id', _user_id, 'username', login.username, 'exp', _exp), CURRENT_SETTING('app.jwt_secret')) INTO token;
|
||||
END IF;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql
|
||||
@@ -146,10 +145,11 @@ BEGIN
|
||||
IF _role IS NULL THEN
|
||||
RAISE invalid_password
|
||||
USING message = 'Invalid password';
|
||||
END IF;
|
||||
ELSE
|
||||
DELETE FROM internal.user AS u
|
||||
WHERE u.username = _username;
|
||||
was_deleted := TRUE;
|
||||
END IF;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql
|
||||
|
||||
@@ -2,19 +2,32 @@
|
||||
CREATE FUNCTION internal.update_last_modified ()
|
||||
RETURNS TRIGGER
|
||||
AS $$
|
||||
DECLARE
|
||||
_user_id UUID := (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID;
|
||||
BEGIN
|
||||
NEW.last_modified_at = CLOCK_TIMESTAMP();
|
||||
NEW.last_modified_by = (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID;
|
||||
IF (NOT EXISTS (
|
||||
SELECT
|
||||
id
|
||||
FROM
|
||||
internal.user
|
||||
WHERE
|
||||
id = _user_id)) THEN
|
||||
RETURN COALESCE(NEW, OLD);
|
||||
END IF;
|
||||
IF TG_OP != 'DELETE' THEN
|
||||
NEW.last_modified_at = CLOCK_TIMESTAMP();
|
||||
NEW.last_modified_by = _user_id;
|
||||
END IF;
|
||||
IF TG_TABLE_NAME != 'website' THEN
|
||||
UPDATE
|
||||
internal.website
|
||||
SET
|
||||
last_modified_at = CLOCK_TIMESTAMP(),
|
||||
last_modified_by = (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID
|
||||
last_modified_by = _user_id
|
||||
WHERE
|
||||
id = COALESCE(NEW.website_id, OLD.website_id);
|
||||
END IF;
|
||||
RETURN NEW;
|
||||
RETURN COALESCE(NEW, OLD);
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql;
|
||||
|
||||
@@ -3,18 +3,17 @@ CREATE FUNCTION internal.check_user_not_website_owner ()
|
||||
RETURNS TRIGGER
|
||||
AS $$
|
||||
BEGIN
|
||||
IF EXISTS (
|
||||
IF (EXISTS (
|
||||
SELECT
|
||||
1
|
||||
FROM
|
||||
internal.website AS w
|
||||
WHERE
|
||||
w.id = NEW.website_id
|
||||
AND w.user_id = NEW.user_id) THEN
|
||||
RAISE foreign_key_violation
|
||||
USING message = 'User cannot be added as a collaborator to their own website';
|
||||
END IF;
|
||||
RETURN NEW;
|
||||
w.id = NEW.website_id AND w.user_id = NEW.user_id)) THEN
|
||||
RAISE foreign_key_violation
|
||||
USING message = 'User cannot be added as a collaborator to their own website';
|
||||
END IF;
|
||||
RETURN NULL;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql;
|
||||
|
||||
@@ -16,21 +16,21 @@ BEGIN
|
||||
IF OCTET_LENGTH($1) = 0 THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'No file data was provided';
|
||||
ELSIF (_mimetype IS NULL
|
||||
OR _mimetype NOT IN (
|
||||
SELECT
|
||||
UNNEST(_allowed_mimetypes))) THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Invalid MIME type. Allowed types are: png, jpg, webp';
|
||||
ELSIF OCTET_LENGTH($1) > _max_file_size THEN
|
||||
RAISE program_limit_exceeded
|
||||
USING message = FORMAT('File size exceeds the maximum limit of %s MB', _max_file_size / (1024 * 1024));
|
||||
ELSE
|
||||
INSERT INTO internal.media (website_id, blob, mimetype, original_name)
|
||||
VALUES (_website_id, $1, _mimetype, _original_filename)
|
||||
RETURNING
|
||||
id INTO file_id;
|
||||
END IF;
|
||||
IF _mimetype IS NULL OR _mimetype NOT IN (
|
||||
SELECT
|
||||
UNNEST(_allowed_mimetypes)) THEN
|
||||
RAISE invalid_parameter_value
|
||||
USING message = 'Invalid MIME type. Allowed types are: png, jpg, webp';
|
||||
END IF;
|
||||
IF OCTET_LENGTH($1) > _max_file_size THEN
|
||||
RAISE program_limit_exceeded
|
||||
USING message = FORMAT('File size exceeds the maximum limit of %s MB', _max_file_size / (1024 * 1024));
|
||||
END IF;
|
||||
INSERT INTO internal.media (website_id, blob, mimetype, original_name)
|
||||
VALUES (_website_id, $1, _mimetype, _original_filename)
|
||||
RETURNING
|
||||
id INTO file_id;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql
|
||||
|
||||
@@ -4,7 +4,8 @@ CREATE EXTENSION hstore;
|
||||
CREATE TABLE internal.change_log (
|
||||
id UUID PRIMARY KEY DEFAULT gen_random_uuid (),
|
||||
website_id UUID REFERENCES internal.website (id) ON DELETE CASCADE,
|
||||
user_id UUID REFERENCES internal.user (id) ON DELETE CASCADE DEFAULT (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id') ::UUID,
|
||||
user_id UUID REFERENCES internal.user (id) ON DELETE SET NULL DEFAULT (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id') ::UUID,
|
||||
username VARCHAR(16) NOT NULL DEFAULT (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'username'),
|
||||
tstamp TIMESTAMPTZ NOT NULL DEFAULT CLOCK_TIMESTAMP(),
|
||||
table_name TEXT NOT NULL,
|
||||
operation TEXT NOT NULL,
|
||||
@@ -17,9 +18,16 @@ CREATE FUNCTION internal.track_changes ()
|
||||
AS $$
|
||||
DECLARE
|
||||
_website_id UUID;
|
||||
_user_id UUID := (CURRENT_SETTING('request.jwt.claims', TRUE)::JSON ->> 'user_id')::UUID;
|
||||
BEGIN
|
||||
IF (to_jsonb (OLD.*) - 'last_modified_at') = (to_jsonb (NEW.*) - 'last_modified_at') THEN
|
||||
RETURN NEW;
|
||||
IF (NOT EXISTS (
|
||||
SELECT
|
||||
id
|
||||
FROM
|
||||
internal.user
|
||||
WHERE
|
||||
id = _user_id) OR (to_jsonb (OLD.*) - 'last_modified_at' - 'last_modified_by') = (to_jsonb (NEW.*) - 'last_modified_at' - 'last_modified_by')) THEN
|
||||
RETURN NULL;
|
||||
END IF;
|
||||
IF TG_TABLE_NAME = 'website' THEN
|
||||
_website_id := NEW.id;
|
||||
@@ -29,31 +37,28 @@ BEGIN
|
||||
IF TG_OP = 'INSERT' THEN
|
||||
INSERT INTO internal.change_log (website_id, table_name, operation, new_value)
|
||||
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (NEW));
|
||||
RETURN NEW;
|
||||
ELSIF TG_OP = 'UPDATE'
|
||||
ELSIF (TG_OP = 'UPDATE'
|
||||
AND EXISTS (
|
||||
SELECT
|
||||
id
|
||||
FROM
|
||||
internal.website
|
||||
WHERE
|
||||
id = _website_id) THEN
|
||||
INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
|
||||
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
|
||||
RETURN NEW;
|
||||
ELSIF TG_OP = 'DELETE'
|
||||
id = _website_id)) THEN
|
||||
INSERT INTO internal.change_log (website_id, table_name, operation, old_value, new_value)
|
||||
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD) - HSTORE (NEW), HSTORE (NEW) - HSTORE (OLD));
|
||||
ELSIF (TG_OP = 'DELETE'
|
||||
AND EXISTS (
|
||||
SELECT
|
||||
id
|
||||
FROM
|
||||
internal.website
|
||||
WHERE
|
||||
id = _website_id) THEN
|
||||
INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
|
||||
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
|
||||
RETURN NEW;
|
||||
id = _website_id)) THEN
|
||||
INSERT INTO internal.change_log (website_id, table_name, operation, old_value)
|
||||
VALUES (_website_id, TG_TABLE_NAME, TG_OP, HSTORE (OLD));
|
||||
END IF;
|
||||
RETURN NEW;
|
||||
RETURN NULL;
|
||||
END;
|
||||
$$
|
||||
LANGUAGE plpgsql
|
||||
|
||||
Reference in New Issue
Block a user