Adding upstream version 0.28.1.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-22 10:57:38 +02:00 · 2025-05-22 10:57:38 +02:00 · e28c88ef14
commit e28c88ef14
parent 88f1d47ab6
933 changed files with 194711 additions and 0 deletions
--- a/core/mfa_query.go
+++ b/core/mfa_query.go
@ -0,0 +1,117 @@
+package core
+
+import (
+	"errors"
+	"time"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/tools/types"
+)
+
+// FindAllMFAsByRecord returns all MFA models linked to the provided auth record.
+func (app *BaseApp) FindAllMFAsByRecord(authRecord *Record) ([]*MFA, error) {
+	result := []*MFA{}
+
+	err := app.RecordQuery(CollectionNameMFAs).
+		AndWhere(dbx.HashExp{
+			"collectionRef": authRecord.Collection().Id,
+			"recordRef":     authRecord.Id,
+		}).
+		OrderBy("created DESC").
+		All(&result)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindAllMFAsByCollection returns all MFA models linked to the provided collection.
+func (app *BaseApp) FindAllMFAsByCollection(collection *Collection) ([]*MFA, error) {
+	result := []*MFA{}
+
+	err := app.RecordQuery(CollectionNameMFAs).
+		AndWhere(dbx.HashExp{"collectionRef": collection.Id}).
+		OrderBy("created DESC").
+		All(&result)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// FindMFAById returns a single MFA model by its id.
+func (app *BaseApp) FindMFAById(id string) (*MFA, error) {
+	result := &MFA{}
+
+	err := app.RecordQuery(CollectionNameMFAs).
+		AndWhere(dbx.HashExp{"id": id}).
+		Limit(1).
+		One(result)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+// DeleteAllMFAsByRecord deletes all MFA models associated with the provided record.
+//
+// Returns a combined error with the failed deletes.
+func (app *BaseApp) DeleteAllMFAsByRecord(authRecord *Record) error {
+	models, err := app.FindAllMFAsByRecord(authRecord)
+	if err != nil {
+		return err
+	}
+
+	var errs []error
+	for _, m := range models {
+		if err := app.Delete(m); err != nil {
+			errs = append(errs, err)
+		}
+	}
+	if len(errs) > 0 {
+		return errors.Join(errs...)
+	}
+
+	return nil
+}
+
+// DeleteExpiredMFAs deletes the expired MFAs for all auth collections.
+func (app *BaseApp) DeleteExpiredMFAs() error {
+	authCollections, err := app.FindAllCollections(CollectionTypeAuth)
+	if err != nil {
+		return err
+	}
+
+	// note: perform even if MFA is disabled to ensure that there are no dangling old records
+	for _, collection := range authCollections {
+		minValidDate, err := types.ParseDateTime(time.Now().Add(-1 * collection.MFA.DurationTime()))
+		if err != nil {
+			return err
+		}
+
+		items := []*Record{}
+
+		err = app.RecordQuery(CollectionNameMFAs).
+			AndWhere(dbx.HashExp{"collectionRef": collection.Id}).
+			AndWhere(dbx.NewExp("[[created]] < {:date}", dbx.Params{"date": minValidDate})).
+			All(&items)
+		if err != nil {
+			return err
+		}
+
+		for _, item := range items {
+			err = app.Delete(item)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}