pocketbase/core/mfa_query.go

package core

import (
	"errors"
	"time"

	"github.com/pocketbase/dbx"
	"github.com/pocketbase/pocketbase/tools/types"
)

// FindAllMFAsByRecord returns all MFA models linked to the provided auth record.
func (app *BaseApp) FindAllMFAsByRecord(authRecord *Record) ([]*MFA, error) {
	result := []*MFA{}

	err := app.RecordQuery(CollectionNameMFAs).
		AndWhere(dbx.HashExp{
			"collectionRef": authRecord.Collection().Id,
			"recordRef":     authRecord.Id,
		}).
		OrderBy("created DESC").
		All(&result)

	if err != nil {
		return nil, err
	}

	return result, nil
}

// FindAllMFAsByCollection returns all MFA models linked to the provided collection.
func (app *BaseApp) FindAllMFAsByCollection(collection *Collection) ([]*MFA, error) {
	result := []*MFA{}

	err := app.RecordQuery(CollectionNameMFAs).
		AndWhere(dbx.HashExp{"collectionRef": collection.Id}).
		OrderBy("created DESC").
		All(&result)

	if err != nil {
		return nil, err
	}

	return result, nil
}

// FindMFAById returns a single MFA model by its id.
func (app *BaseApp) FindMFAById(id string) (*MFA, error) {
	result := &MFA{}

	err := app.RecordQuery(CollectionNameMFAs).
		AndWhere(dbx.HashExp{"id": id}).
		Limit(1).
		One(result)

	if err != nil {
		return nil, err
	}

	return result, nil
}

// DeleteAllMFAsByRecord deletes all MFA models associated with the provided record.
//
// Returns a combined error with the failed deletes.
func (app *BaseApp) DeleteAllMFAsByRecord(authRecord *Record) error {
	models, err := app.FindAllMFAsByRecord(authRecord)
	if err != nil {
		return err
	}

	var errs []error
	for _, m := range models {
		if err := app.Delete(m); err != nil {
			errs = append(errs, err)
		}
	}
	if len(errs) > 0 {
		return errors.Join(errs...)
	}

	return nil
}

// DeleteExpiredMFAs deletes the expired MFAs for all auth collections.
func (app *BaseApp) DeleteExpiredMFAs() error {
	authCollections, err := app.FindAllCollections(CollectionTypeAuth)
	if err != nil {
		return err
	}

	// note: perform even if MFA is disabled to ensure that there are no dangling old records
	for _, collection := range authCollections {
		minValidDate, err := types.ParseDateTime(time.Now().Add(-1 * collection.MFA.DurationTime()))
		if err != nil {
			return err
		}

		items := []*Record{}

		err = app.RecordQuery(CollectionNameMFAs).
			AndWhere(dbx.HashExp{"collectionRef": collection.Id}).
			AndWhere(dbx.NewExp("[[created]] < {:date}", dbx.Params{"date": minValidDate})).
			All(&items)
		if err != nil {
			return err
		}

		for _, item := range items {
			err = app.Delete(item)
			if err != nil {
				return err
			}
		}
	}

	return nil
}
merge v0.23.0-rc changes 2024-09-30 00:23:19 +08:00			`package core`

			`import (`
			`"errors"`
			`"time"`

			`"github.com/pocketbase/dbx"`
			`"github.com/pocketbase/pocketbase/tools/types"`
			`)`

			`// FindAllMFAsByRecord returns all MFA models linked to the provided auth record.`
			`func (app BaseApp) FindAllMFAsByRecord(authRecord Record) ([]*MFA, error) {`
			`result := []*MFA{}`

			`err := app.RecordQuery(CollectionNameMFAs).`
			`AndWhere(dbx.HashExp{`
			`"collectionRef": authRecord.Collection().Id,`
			`"recordRef": authRecord.Id,`
			`}).`
			`OrderBy("created DESC").`
			`All(&result)`

			`if err != nil {`
			`return nil, err`
			`}`

			`return result, nil`
			`}`

			`// FindAllMFAsByCollection returns all MFA models linked to the provided collection.`
			`func (app BaseApp) FindAllMFAsByCollection(collection Collection) ([]*MFA, error) {`
			`result := []*MFA{}`

			`err := app.RecordQuery(CollectionNameMFAs).`
			`AndWhere(dbx.HashExp{"collectionRef": collection.Id}).`
			`OrderBy("created DESC").`
			`All(&result)`

			`if err != nil {`
			`return nil, err`
			`}`

			`return result, nil`
			`}`

			`// FindMFAById returns a single MFA model by its id.`
			`func (app BaseApp) FindMFAById(id string) (MFA, error) {`
			`result := &MFA{}`

			`err := app.RecordQuery(CollectionNameMFAs).`
			`AndWhere(dbx.HashExp{"id": id}).`
			`Limit(1).`
			`One(result)`

			`if err != nil {`
			`return nil, err`
			`}`

			`return result, nil`
			`}`

			`// DeleteAllMFAsByRecord deletes all MFA models associated with the provided record.`
			`//`
			`// Returns a combined error with the failed deletes.`
			`func (app BaseApp) DeleteAllMFAsByRecord(authRecord Record) error {`
			`models, err := app.FindAllMFAsByRecord(authRecord)`
			`if err != nil {`
			`return err`
			`}`

			`var errs []error`
			`for _, m := range models {`
			`if err := app.Delete(m); err != nil {`
			`errs = append(errs, err)`
			`}`
			`}`
			`if len(errs) > 0 {`
			`return errors.Join(errs...)`
			`}`

			`return nil`
			`}`

			`// DeleteExpiredMFAs deletes the expired MFAs for all auth collections.`
			`func (app *BaseApp) DeleteExpiredMFAs() error {`
			`authCollections, err := app.FindAllCollections(CollectionTypeAuth)`
			`if err != nil {`
			`return err`
			`}`

			`// note: perform even if MFA is disabled to ensure that there are no dangling old records`
			`for _, collection := range authCollections {`
			`minValidDate, err := types.ParseDateTime(time.Now().Add(-1 * collection.MFA.DurationTime()))`
			`if err != nil {`
			`return err`
			`}`

			`items := []*Record{}`

			`err = app.RecordQuery(CollectionNameMFAs).`
			`AndWhere(dbx.HashExp{"collectionRef": collection.Id}).`
			`AndWhere(dbx.NewExp("[[created]] < {:date}", dbx.Params{"date": minValidDate})).`
			`All(&items)`
			`if err != nil {`
			`return err`
			`}`

			`for _, item := range items {`
			`err = app.Delete(item)`
			`if err != nil {`
			`return err`
			`}`
			`}`
			`}`

			`return nil`
			`}`