//SPDX-FileCopyrightText: 2023 Yury Gubich //SPDX-License-Identifier: GPL-3.0-or-later #include "mysql.h" #include #include #include #include "mysqld_error.h" #include "statement.h" #include "transaction.h" #include "database/exceptions.h" constexpr const char* versionQuery = "SELECT value FROM system WHERE `key` = 'version'"; constexpr const char* updateQuery = "UPDATE system SET `value` = ? WHERE `key` = 'version'"; constexpr const char* registerQuery = "INSERT INTO accounts (`login`, `type`, `password`) VALUES (?, 1, ?)"; constexpr const char* lastIdQuery = "SELECT LAST_INSERT_ID() AS id"; constexpr const char* assignRoleQuery = "INSERT INTO roleBindings (`account`, `role`) SELECT ?, roles.id FROM roles WHERE roles.name = ?"; constexpr const char* selectHash = "SELECT password FROM accounts where login = ?"; constexpr const char* createSessionQuery = "INSERT INTO sessions (`owner`, `access`, `renew`, `persist`, `device`)" " SELECT accounts.id, ?, ?, true, ? FROM accounts WHERE accounts.login = ?" " RETURNING id, owner"; constexpr const char* selectSession = "SELECT id, owner, access, renew FROM sessions where access = ?"; constexpr const char* selectAssets = "SELECT id, owner, currency, title, icon, color, archived FROM assets where owner = ?"; constexpr const char* insertAsset = "INSERT INTO assets (`owner`, `currency`, `title`, `icon`, `color`, `archived`, `type`)" " VALUES (?, ?, ?, ?, ?, ?, 1)"; constexpr const char* updateAssetQuery = "UPDATE assets SET `owner` = ?, `currency` = ?, `title` = ?, `icon` = ?, `color` = ?, `archived` = ?" " WHERE `id` = ?"; constexpr const char* removeAsset = "DELETE FROM assets where `id` = ? AND `owner` = ?"; constexpr const char* selectUsedCurrencies = "SELECT DISTINCT c.id, c.code, c.title, c.manual, c.icon FROM currencies c" " JOIN assets a ON c.id = a.currency" " WHERE a.owner = ?"; constexpr const char* addTransactionQuery = "INSERT INTO transactions" " (`initiator`, `type`, `asset`, `parent`, `value`, `performed`)" " VALUES (?, 1, ?, ?, ?, ?)"; constexpr const char* updateTransactionQuery = "UPDATE transactions SET" " `initiator` = ?, `type` = 1, `asset` = ?," " `parent` = ?, `value` = ?, `performed` = ?" " WHERE `id` = ?"; constexpr const char* deleteTransactionQuery = "DELETE FROM transactions where (`id` = ? OR `parent` = ?) AND `initiator` = ?"; constexpr const char* selectAllTransactions = "WITH RECURSIVE AllTransactions AS (" " SELECT t.id, t.initiator, t.asset, t.parent, t.value, t.modified, t.performed t.notes FROM transactions t" " JOIN assets a ON t.asset = a.id" " WHERE a.owner = ?" " UNION ALL" " SELECT t.id, t.initiator, t.asset, t.parent, t.value, t.modified, t.performed t.notes FROM transactions t" " JOIN AllTransactions at ON t.id = at.parent)" " SELECT DISTINCT id, initiator, asset, parent, value, modified, performed notes FROM AllTransactions" " ORDER BY performed" " LIMIT 100 OFFSET 0;"; static const std::filesystem::path buildSQLPath = "database"; DB::MySQL::MySQL (): Interface(Type::mysql), connection(), login(), password(), database() { mysql_init(&connection); } DB::MySQL::~MySQL() { mysql_close(&connection); } void DB::MySQL::connect (const std::string& path) { if (state != State::disconnected) return; MYSQL* con = &connection; MYSQL* res = mysql_real_connect( con, NULL, login.c_str(), password.c_str(), database.empty() ? NULL : database.c_str(), 0, path.c_str(), 0 ); if (res != con) throw std::runtime_error(std::string("Error changing connecting: ") + mysql_error(con)); state = State::connected; } void DB::MySQL::setCredentials (const std::string& login, const std::string& password) { if (MySQL::login == login && MySQL::password == password) return; MySQL::login = login; MySQL::password = password; if (state == State::disconnected) return; MYSQL* con = &connection; int result = mysql_change_user( con, login.c_str(), password.c_str(), database.empty() ? NULL : database.c_str() ); if (result != 0) throw std::runtime_error(std::string("Error changing credetials: ") + mysql_error(con)); } void DB::MySQL::setDatabase (const std::string& database) { if (MySQL::database == database) return; MySQL::database = database; if (state == State::disconnected) return; MYSQL* con = &connection; int result = mysql_select_db(con, database.c_str()); if (result != 0) throw std::runtime_error(std::string("Error changing db: ") + mysql_error(con)); } void DB::MySQL::disconnect () { if (state == State::disconnected) return; MYSQL* con = &connection; mysql_close(con); mysql_init(con); //this is ridiculous! } void DB::MySQL::executeFile (const std::filesystem::path& relativePath) { MYSQL* con = &connection; std::filesystem::path path = sharedPath() / relativePath; if (!std::filesystem::exists(path)) throw std::runtime_error("Error executing file " + std::filesystem::absolute(path).string() + ": file doesn't exist"); std::cout << "Executing file " << path << std::endl; std::ifstream inputFile(path); std::string block, comment; while (getBlock(inputFile, block, comment)) { if (!comment.empty()) std::cout << '\t' << comment << std::endl; if (block.empty()) continue; int result = mysql_query(con, block.c_str()); if (result != 0) { int errcode = mysql_errno(con); if (errcode == ER_EMPTY_QUERY) continue; throw std::runtime_error("Error executing file " + path.string() + ": " + mysql_error(con)); } } } bool DB::MySQL::getBlock(std::ifstream& file, std::string& block, std::string& name) { if (file.eof()) return false; block.clear(); name.clear(); if (file.peek() == '-') { file.get(); if (file.peek() == '-') { file.get(); std::getline(file, name); } else { file.unget(); } } std::string line; while (!file.eof()) { if (file.peek() == '-') return true; if (!std::getline(file, line)) break; if (!block.empty()) block.append(1, '\n'); block += line; } return !block.empty() || !name.empty(); } uint8_t DB::MySQL::getVersion () { MYSQL* con = &connection; int result = mysql_query(con, versionQuery); if (result != 0) { unsigned int errcode = mysql_errno(con); if (errcode == ER_NO_SUCH_TABLE) return 0; throw std::runtime_error(std::string("Error executing retreiving version: ") + mysql_error(con)); } std::unique_ptr res(mysql_store_result(con)); if (!res) throw std::runtime_error(std::string("Querying version returned no result: ") + mysql_error(con)); MYSQL_ROW row = mysql_fetch_row(res.get()); if (row) return std::stoi(row[0]); else return 0; } void DB::MySQL::setVersion (uint8_t version) { std::string strVersion = std::to_string(version); Statement statement(&connection, updateQuery); statement.bind(strVersion.data(), MYSQL_TYPE_VAR_STRING); statement.execute(); } void DB::MySQL::migrate (uint8_t targetVersion) { uint8_t currentVersion = getVersion(); while (currentVersion < targetVersion) { if (currentVersion == 255) throw std::runtime_error("Maximum possible database version reached"); uint8_t nextVersion = currentVersion + 1; std::string fileName = "migrations/m" + std::to_string(currentVersion) + ".sql"; std::cout << "Performing migration " << std::to_string(currentVersion) << " -> " << std::to_string(nextVersion) << std::endl; executeFile(fileName); setVersion(nextVersion); currentVersion = nextVersion; } std::cout << "Database is now on actual version " << std::to_string(targetVersion) << std::endl; } uint32_t DB::MySQL::registerAccount (const std::string& login, const std::string& hash) { //TODO validate filed lengths! MYSQL* con = &connection; MySQL::Transaction txn(con); Statement addAcc(con, registerQuery); std::string l = login; //I hate copying just to please this horible API std::string h = hash; addAcc.bind(l.data(), MYSQL_TYPE_STRING); addAcc.bind(h.data(), MYSQL_TYPE_STRING); try { addAcc.execute(); } catch (const Duplicate& dup) { throw DuplicateLogin(dup.what()); } uint32_t id = lastInsertedId(); static std::string defaultRole("default"); Statement addRole(con, assignRoleQuery); addRole.bind(&id, MYSQL_TYPE_LONG, true); addRole.bind(defaultRole.data(), MYSQL_TYPE_STRING); addRole.execute(); txn.commit(); return id; } std::string DB::MySQL::getAccountHash (const std::string& login) { std::string l = login; MYSQL* con = &connection; Statement getHash(con, selectHash); getHash.bind(l.data(), MYSQL_TYPE_STRING); getHash.execute(); std::vector> result = getHash.fetchResult(); if (result.empty()) throw NoLogin("Couldn't find login " + l); if (result[0].empty()) throw std::runtime_error("Error with the query \"selectHash\""); return std::any_cast(result[0][0]); } DB::Session DB::MySQL::createSession (const std::string& login, const std::string& access, const std::string& renew) { std::string l = login; DB::Session res; res.accessToken = access; res.renewToken = renew; static std::string testingDevice("Testing..."); MYSQL* con = &connection; Statement session(con, createSessionQuery); session.bind(res.accessToken.data(), MYSQL_TYPE_STRING); session.bind(res.renewToken.data(), MYSQL_TYPE_STRING); session.bind(testingDevice.data(), MYSQL_TYPE_STRING); session.bind(l.data(), MYSQL_TYPE_STRING); session.execute(); std::vector> result = session.fetchResult(); if (result.empty()) throw std::runtime_error("Error returning ids after insertion in sessions table"); res.id = std::any_cast(result[0][0]); res.owner = std::any_cast(result[0][1]); return res; } uint32_t DB::MySQL::lastInsertedId () { MYSQL* con = &connection; int result = mysql_query(con, lastIdQuery); if (result != 0) throw std::runtime_error(std::string("Error executing last inserted id: ") + mysql_error(con)); std::unique_ptr res(mysql_store_result(con)); if (!res) throw std::runtime_error(std::string("Querying last inserted id returned no result: ") + mysql_error(con)); MYSQL_ROW row = mysql_fetch_row(res.get()); if (row) return std::stoi(row[0]); else throw std::runtime_error(std::string("Querying last inserted id returned no rows")); } DB::Session DB::MySQL::findSession (const std::string& accessToken) { std::string a = accessToken; MYSQL* con = &connection; Statement session(con, selectSession); session.bind(a.data(), MYSQL_TYPE_STRING); session.execute(); std::vector> result = session.fetchResult(); if (result.empty()) throw NoSession("Couldn't find session with token " + a); return DB::Session(result[0]); } std::vector DB::MySQL::listAssets (uint32_t owner) { MYSQL* con = &connection; Statement st(con, selectAssets); st.bind(&owner, MYSQL_TYPE_LONG, true); st.execute(); std::vector> res = st.fetchResult(); std::size_t size = res.size(); std::vector result(size); for (std::size_t i = 0; i < size; ++i) result[i].parse(res[i]); return result; } DB::Asset DB::MySQL::addAsset(const Asset& asset) { MYSQL* con = &connection; Asset result = asset; Statement add(con, insertAsset); add.bind(&result.owner, MYSQL_TYPE_LONG, true); add.bind(&result.currency, MYSQL_TYPE_LONG, true); add.bind(result.title.data(), MYSQL_TYPE_STRING); add.bind(result.icon.data(), MYSQL_TYPE_STRING); add.bind(&result.color, MYSQL_TYPE_LONG, true); add.bind(&result.archived, MYSQL_TYPE_TINY); add.execute(); result.id = lastInsertedId(); return result; } void DB::MySQL::updateAsset(const Asset& asset) { MYSQL* con = &connection; Asset result = asset; Statement update(con, updateAssetQuery); update.bind(&result.owner, MYSQL_TYPE_LONG, true); update.bind(&result.currency, MYSQL_TYPE_LONG, true); update.bind(result.title.data(), MYSQL_TYPE_STRING); update.bind(result.icon.data(), MYSQL_TYPE_STRING); update.bind(&result.color, MYSQL_TYPE_LONG, true); update.bind(&result.archived, MYSQL_TYPE_TINY); update.bind(&result.id, MYSQL_TYPE_LONG, true); update.execute(); } bool DB::MySQL::deleteAsset(uint32_t assetId, uint32_t actorId) { Statement del(&connection, removeAsset); del.bind(&assetId, MYSQL_TYPE_LONG, true); del.bind(&actorId, MYSQL_TYPE_LONG, true); del.execute(); if (del.affectedRows() == 0) return false; return true; } std::vector DB::MySQL::listUsedCurrencies(uint32_t owner) { Statement list(&connection, selectUsedCurrencies); list.bind(&owner, MYSQL_TYPE_LONG, true); list.execute(); std::vector> res = list.fetchResult(); std::size_t size = res.size(); std::vector result(size); for (std::size_t i = 0; i < size; ++i) result[i].parse(res[i]); return result; } DB::Transaction DB::MySQL::addTransaction(const DB::Transaction& transaction) { MYSQL* con = &connection; DB::Transaction result = transaction; std::string value = std::to_string(result.value); Statement add(con, addTransactionQuery); add.bind(&result.initiator, MYSQL_TYPE_LONG, true); add.bind(&result.asset, MYSQL_TYPE_LONG, true); add.bind(&result.parent, MYSQL_TYPE_LONG, true); add.bind(value.data(), MYSQL_TYPE_STRING); add.bind(&result.performed, MYSQL_TYPE_LONG, true); add.execute(); result.id = lastInsertedId(); std::chrono::time_point currently = std::chrono::time_point_cast( std::chrono::system_clock::now() ); result.modified = currently.time_since_epoch().count(); //todo actual value which could have changed after insertion return result; } void DB::MySQL::updateTransaction(const DB::Transaction& transaction) { MYSQL* con = &connection; DB::Transaction result = transaction; std::string value = std::to_string(result.value); Statement upd(con, updateTransactionQuery); upd.bind(&result.initiator, MYSQL_TYPE_LONG, true); upd.bind(&result.asset, MYSQL_TYPE_LONG, true); upd.bind(&result.parent, MYSQL_TYPE_LONG, true); upd.bind(value.data(), MYSQL_TYPE_STRING); upd.bind(&result.performed, MYSQL_TYPE_LONG, true); upd.bind(&result.id, MYSQL_TYPE_LONG, true); upd.execute(); } bool DB::MySQL::deleteTransaction(uint32_t id, uint32_t actorId) { MYSQL* con = &connection; Statement del(con, deleteTransactionQuery); del.bind(&id, MYSQL_TYPE_LONG, true); //for actual transactions del.bind(&id, MYSQL_TYPE_LONG, true); //for potential children del.bind(&actorId, MYSQL_TYPE_LONG, true); //for preventing unauthorized removal, but it needs to be improved del.execute(); //need to think of a parent with no children transactions... if (del.affectedRows() == 0) return false; return true; } std::vector DB::MySQL::listTransactions(uint32_t owner) { MYSQL* con = &connection; Statement get(con, selectAllTransactions); get.bind(&owner, MYSQL_TYPE_LONG, true); get.execute(); std::vector> res = get.fetchResult(); std::size_t size = res.size(); std::vector result(size); for (std::size_t i = 0; i < size; ++i) result[i].parse(res[i]); return result; }