Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-24 16:23:40 +01:00
Code Releases Activity

Update more SQL queries

Browse Source
This commit is contained in:
Alexey Shchepin 2016-02-25 20:31:58 +03:00
parent 968576d4f2
commit 1f9fd25ff8
3 changed files with 126 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
src/ejabberd_auth_odbc.erl
View File

@ -187,26 +187,23 @@ try_register(User, Server, Password) ->
(LUser == <<>>) or (LServer == <<>>) -> (LUser == <<>>) or (LServer == <<>>) ->
{error, invalid_jid}; {error, invalid_jid};
true -> true ->
Username = ejabberd_odbc:escape(LUser),
case is_scrammed() of case is_scrammed() of
true -> true ->
Scram = password_to_scram(Password), Scram = password_to_scram(Password),
case catch odbc_queries:add_user_scram( case catch odbc_queries:add_user_scram(
LServer, LServer,
Username, LUser,
ejabberd_odbc:escape(Scram#scram.storedkey), Scram#scram.storedkey,
ejabberd_odbc:escape(Scram#scram.serverkey), Scram#scram.serverkey,
ejabberd_odbc:escape(Scram#scram.salt), Scram#scram.salt,
integer_to_binary(Scram#scram.iterationcount) Scram#scram.iterationcount
) of ) of
{updated, 1} -> {atomic, ok}; {updated, 1} -> {atomic, ok};
_ -> {atomic, exists} _ -> {atomic, exists}
end; end;
false -> false ->
Pass = ejabberd_odbc:escape(Password), case catch odbc_queries:add_user(LServer, LUser,
case catch odbc_queries:add_user(LServer, Username, Password) of
Pass)
of
{updated, 1} -> {atomic, ok}; {updated, 1} -> {atomic, ok};
_ -> {atomic, exists} _ -> {atomic, exists}
end end
@ -221,35 +218,51 @@ dirty_get_registered_users() ->
Servers). Servers).
get_vh_registered_users(Server) -> get_vh_registered_users(Server) ->
LServer = jid:nameprep(Server), case jid:nameprep(Server) of
case catch odbc_queries:list_users(LServer) of error -> [];
{selected, [<<"username">>], Res} -> <<>> -> [];
[{U, LServer} || [U] <- Res]; LServer ->
_ -> [] case catch odbc_queries:list_users(LServer) of
{selected, Res} ->
[{U, LServer} || {U} <- Res];
_ -> []
end
end. end.
get_vh_registered_users(Server, Opts) -> get_vh_registered_users(Server, Opts) ->
LServer = jid:nameprep(Server), case jid:nameprep(Server) of
case catch odbc_queries:list_users(LServer, Opts) of error -> [];
{selected, [<<"username">>], Res} -> <<>> -> [];
[{U, LServer} || [U] <- Res]; LServer ->
_ -> [] case catch odbc_queries:list_users(LServer, Opts) of
{selected, Res} ->
[{U, LServer} || {U} <- Res];
_ -> []
end
end. end.
get_vh_registered_users_number(Server) -> get_vh_registered_users_number(Server) ->
LServer = jid:nameprep(Server), case jid:nameprep(Server) of
case catch odbc_queries:users_number(LServer) of error -> 0;
{selected, [_], [[Res]]} -> <<>> -> 0;
jlib:binary_to_integer(Res); LServer ->
_ -> 0 case catch odbc_queries:users_number(LServer) of
{selected, [{Res}]} ->
Res;
_ -> 0
end
end. end.
get_vh_registered_users_number(Server, Opts) -> get_vh_registered_users_number(Server, Opts) ->
LServer = jid:nameprep(Server), case jid:nameprep(Server) of
case catch odbc_queries:users_number(LServer, Opts) of error -> 0;
{selected, [_], [[Res]]} -> <<>> -> 0;
jlib:binary_to_integer(Res); LServer ->
_Other -> 0 case catch odbc_queries:users_number(LServer, Opts) of
{selected, [{Res}]} ->
Res;
_Other -> 0
end
end. end.
get_password(User, Server) -> get_password(User, Server) ->
@ -323,12 +336,14 @@ is_user_exists(User, Server) ->
%% @doc Remove user. %% @doc Remove user.
%% Note: it may return ok even if there was some problem removing the user. %% Note: it may return ok even if there was some problem removing the user.
remove_user(User, Server) -> remove_user(User, Server) ->
case jid:nodeprep(User) of LServer = jid:nameprep(Server),
error -> error; LUser = jid:nodeprep(User),
LUser -> if (LUser == error) or (LServer == error) ->
Username = ejabberd_odbc:escape(LUser), error;
LServer = jid:nameprep(Server), (LUser == <<>>) or (LServer == <<>>) ->
catch odbc_queries:del_user(LServer, Username), error;
true ->
catch odbc_queries:del_user(LServer, LUser),
ok ok
end. end.
@ -351,16 +366,12 @@ remove_user(User, Server, Password) ->
false -> not_allowed false -> not_allowed
end; end;
false -> false ->
Username = ejabberd_odbc:escape(LUser),
Pass = ejabberd_odbc:escape(Password),
F = fun () -> F = fun () ->
Result = odbc_queries:del_user_return_password( Result = odbc_queries:del_user_return_password(
LServer, Username, Pass), LServer, LUser, Password),
case Result of case Result of
{selected, [<<"password">>], {selected, [{Password}]} -> ok;
[[Password]]} -> ok; {selected, []} -> not_exists;
{selected, [<<"password">>],
[]} -> not_exists;
_ -> not_allowed _ -> not_allowed
end end
end, end,

10
src/ejabberd_odbc.erl
View File

@ -41,6 +41,7 @@
sql_bloc/2, sql_bloc/2,
escape/1, escape/1,
escape_like/1, escape_like/1,
escape_like_arg/1,
to_bool/1, to_bool/1,
sqlite_db/1, sqlite_db/1,
sqlite_file/1, sqlite_file/1,
@ -125,7 +126,7 @@ start_link(Host, StartInterval) ->
{error, binary()} | {error, binary()} |
{selected, [binary()], {selected, [binary()],
[[binary()]]} | [[binary()]]} |
{selected, [any]}. {selected, [any()]}.
-spec sql_query(binary(), sql_query()) -> sql_query_result(). -spec sql_query(binary(), sql_query()) -> sql_query_result().
@ -199,6 +200,13 @@ escape_like($%) -> <<"\\%">>;
escape_like($_) -> <<"\\_">>; escape_like($_) -> <<"\\_">>;
escape_like(C) when is_integer(C), C >= 0, C =< 255 -> odbc_queries:escape(C). escape_like(C) when is_integer(C), C >= 0, C =< 255 -> odbc_queries:escape(C).
escape_like_arg(S) when is_binary(S) ->
<< <<(escape_like_arg(C))/binary>> || <<C>> <= S >>;
escape_like_arg($%) -> <<"\\%">>;
escape_like_arg($_) -> <<"\\_">>;
escape_like_arg($\\) -> <<"\\\\">>;
escape_like_arg(C) when is_integer(C), C >= 0, C =< 255 -> <<C>>.
to_bool(<<"t">>) -> true; to_bool(<<"t">>) -> true;
to_bool(<<"true">>) -> true; to_bool(<<"true">>) -> true;
to_bool(<<"1">>) -> true; to_bool(<<"1">>) -> true;

136
src/odbc_queries.erl
View File

@ -175,39 +175,39 @@ set_password_scram_t(LServer, LUser,
"iterationcount=%(IterationCount)d"]) "iterationcount=%(IterationCount)d"])
end). end).
add_user(LServer, Username, Pass) -> add_user(LServer, LUser, Password) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query(
[<<"insert into users(username, password) " LServer,
"values ('">>, ?SQL("insert into users(username, password) "
Username, <<"', '">>, Pass, <<"');">>]). "values (%(LUser)s, %(Password)s)")).
add_user_scram(LServer, Username, add_user_scram(LServer, LUser,
StoredKey, ServerKey, Salt, IterationCount) -> StoredKey, ServerKey, Salt, IterationCount) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query(
[<<"insert into users(username, password, serverkey, salt, iterationcount) " LServer,
"values ('">>, ?SQL("insert into users(username, password, serverkey, salt, "
Username, <<"', '">>, StoredKey, <<"', '">>, "iterationcount) "
ServerKey, <<"', '">>, "values (%(LUser)s, %(StoredKey)s, %(ServerKey)s,"
Salt, <<"', '">>, " %(Salt)s, %(IterationCount)d)")).
IterationCount, <<"');">>]).
del_user(LServer, Username) -> del_user(LServer, LUser) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query(
[<<"delete from users where username='">>, Username, LServer,
<<"';">>]). ?SQL("delete from users where username=%(LUser)s")).
del_user_return_password(_LServer, Username, Pass) -> del_user_return_password(_LServer, LUser, Password) ->
P = P =
ejabberd_odbc:sql_query_t([<<"select password from users where username='">>, ejabberd_odbc:sql_query_t(
Username, <<"';">>]), ?SQL("select @(password)s from users where username=%(LUser)s")),
ejabberd_odbc:sql_query_t([<<"delete from users where username='">>, ejabberd_odbc:sql_query_t(
Username, <<"' and password='">>, Pass, ?SQL("delete from users"
<<"';">>]), " where username=%(LUser)s and password=%(Password)s")),
P. P.
list_users(LServer) -> list_users(LServer) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query(
[<<"select username from users">>]). LServer,
?SQL("select @(username)s from users")).
list_users(LServer, [{from, Start}, {to, End}]) list_users(LServer, [{from, Start}, {to, End}])
when is_integer(Start) and is_integer(End) -> when is_integer(Start) and is_integer(End) ->
@ -222,64 +222,54 @@ list_users(LServer,
{offset, Start - 1}]); {offset, Start - 1}]);
list_users(LServer, [{limit, Limit}, {offset, Offset}]) list_users(LServer, [{limit, Limit}, {offset, Offset}])
when is_integer(Limit) and is_integer(Offset) -> when is_integer(Limit) and is_integer(Offset) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query(
[list_to_binary( LServer,
io_lib:format( ?SQL("select @(username)s from users "
"select username from users " ++ "order by username "
"order by username " ++ "limit %(Limit)d offset %(Offset)d"));
"limit ~w offset ~w",
[Limit, Offset]))]);
list_users(LServer, list_users(LServer,
[{prefix, Prefix}, {limit, Limit}, {offset, Offset}]) [{prefix, Prefix}, {limit, Limit}, {offset, Offset}])
when is_binary(Prefix) and is_integer(Limit) and when is_binary(Prefix) and is_integer(Limit) and
is_integer(Offset) -> is_integer(Offset) ->
ejabberd_odbc:sql_query(LServer, SPrefix = ejabberd_odbc:escape_like_arg(Prefix),
[list_to_binary( SPrefix2 = <<SPrefix/binary, $%>>,
io_lib:format( ejabberd_odbc:sql_query(
"select username from users " ++ LServer,
"where username like '~s%' " ++ ?SQL("select @(username)s from users "
"order by username " ++ "where username like %(SPrefix2)s "
"limit ~w offset ~w ", "order by username "
[Prefix, Limit, Offset]))]). "limit %(Limit)d offset %(Offset)d")).
users_number(LServer) -> users_number(LServer) ->
Type = ejabberd_config:get_option({odbc_type, LServer}, ejabberd_odbc:sql_query(
fun(pgsql) -> pgsql; LServer,
(mysql) -> mysql; fun(pgsql, _) ->
(sqlite) -> sqlite; case
(odbc) -> odbc ejabberd_config:get_option(
end, odbc), {pgsql_users_number_estimate, LServer},
case Type of fun(V) when is_boolean(V) -> V end,
pgsql -> false) of
case true ->
ejabberd_config:get_option( ejabberd_odbc:sql_query_t(
{pgsql_users_number_estimate, LServer}, ?SQL("select @(reltuples :: bigint)d from pg_class"
fun(V) when is_boolean(V) -> V end, " where oid = 'users'::regclass::oid"));
false) _ ->
of ejabberd_odbc:sql_query_t(
true -> ?SQL("select @(count(*))d from users"))
ejabberd_odbc:sql_query(LServer,
[<<"select reltuples from pg_class where "
"oid = 'users'::regclass::oid">>]);
_ ->
ejabberd_odbc:sql_query(LServer,
[<<"select count(*) from users">>])
end; end;
_ -> (_Type, _) ->
ejabberd_odbc:sql_query(LServer, ejabberd_odbc:sql_query_t(
[<<"select count(*) from users">>]) ?SQL("select @(count(*))d from users"))
end. end).
users_number(LServer, [{prefix, Prefix}]) users_number(LServer, [{prefix, Prefix}])
when is_binary(Prefix) -> when is_binary(Prefix) ->
ejabberd_odbc:sql_query(LServer, SPrefix = ejabberd_odbc:escape_like_arg(Prefix),
[list_to_binary( SPrefix2 = <<SPrefix/binary, $%>>,
io_lib:fwrite( ejabberd_odbc:sql_query(
"select count(*) from users " ++ LServer,
%% Warning: Escape prefix at higher level to prevent SQL ?SQL("select @(count(*))d from users "
%% injection. "where username like %(SPrefix2)s"));
"where username like '~s%'",
[Prefix]))]);
users_number(LServer, []) -> users_number(LServer, []) ->
users_number(LServer). users_number(LServer).