navidrome/db/migrations/20210616150710_encrypt_all_...

package migrations

import (
	"context"
	"crypto/sha256"
	"database/sql"

	"github.com/navidrome/navidrome/consts"
	"github.com/navidrome/navidrome/log"
	"github.com/navidrome/navidrome/utils"
	"github.com/pressly/goose/v3"
)

func init() {
	goose.AddMigrationContext(upEncodeAllPasswords, downEncodeAllPasswords)
}

func upEncodeAllPasswords(ctx context.Context, tx *sql.Tx) error {
	rows, err := tx.Query(`SELECT id, user_name, password from user;`)
	if err != nil {
		return err
	}
	defer rows.Close()

	stmt, err := tx.Prepare("UPDATE user SET password = ? WHERE id = ?")
	if err != nil {
		return err
	}
	var id string
	var username, password string

	data := sha256.Sum256([]byte(consts.DefaultEncryptionKey))
	encKey := data[0:]

	for rows.Next() {
		err = rows.Scan(&id, &username, &password)
		if err != nil {
			return err
		}

		password, err = utils.Encrypt(ctx, encKey, password)
		if err != nil {
			log.Error("Error encrypting user's password", "id", id, "username", username, err)
		}

		_, err = stmt.Exec(password, id)
		if err != nil {
			log.Error("Error saving user's encrypted password", "id", id, "username", username, err)
		}
	}
	return rows.Err()
}

func downEncodeAllPasswords(_ context.Context, tx *sql.Tx) error {
	return nil
}
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			`package migrations`

			`import (`
			`"context"`
			`"crypto/sha256"`
			`"database/sql"`

			`"github.com/navidrome/navidrome/consts"`
			`"github.com/navidrome/navidrome/log"`
			`"github.com/navidrome/navidrome/utils"`
Upgrade goose 2023-04-04 15:57:00 +02:00			`"github.com/pressly/goose/v3"`
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			`)`

			`func init() {`
Upgrade to Goose 3.15.1 2023-11-27 20:46:44 +01:00			`goose.AddMigrationContext(upEncodeAllPasswords, downEncodeAllPasswords)`
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			`}`

Upgrade to Goose 3.15.1 2023-11-27 20:46:44 +01:00			`func upEncodeAllPasswords(ctx context.Context, tx *sql.Tx) error {`
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			rows, err := tx.Query(`SELECT id, user_name, password from user;`)
			`if err != nil {`
			`return err`
			`}`
			`defer rows.Close()`

			`stmt, err := tx.Prepare("UPDATE user SET password = ? WHERE id = ?")`
			`if err != nil {`
			`return err`
			`}`
			`var id string`
			`var username, password string`

			`data := sha256.Sum256([]byte(consts.DefaultEncryptionKey))`
			`encKey := data[0:]`

			`for rows.Next() {`
			`err = rows.Scan(&id, &username, &password)`
			`if err != nil {`
			`return err`
			`}`

Upgrade to Goose 3.15.1 2023-11-27 20:46:44 +01:00			`password, err = utils.Encrypt(ctx, encKey, password)`
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			`if err != nil {`
			`log.Error("Error encrypting user's password", "id", id, "username", username, err)`
			`}`

			`_, err = stmt.Exec(password, id)`
			`if err != nil {`
			`log.Error("Error saving user's encrypted password", "id", id, "username", username, err)`
			`}`
			`}`
			`return rows.Err()`
			`}`

Upgrade to Goose 3.15.1 2023-11-27 20:46:44 +01:00			`func downEncodeAllPasswords(_ context.Context, tx *sql.Tx) error {`
Encrypt passwords in DB (#1187) * Encode/Encrypt passwords in DB * Only decrypts passwords if it is necessary * Add tests for encryption functions 2021-06-19 00:38:38 +02:00			`return nil`
			`}`