MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-11-27 20:58:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

add config json to user table

Browse Source
This commit is contained in:
Scott Lamb
2021-10-26 13:08:45 -07:00
parent 721141770f
commit 24a0b2a9f1
6 changed files with 185 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/db/schema.sql
View File

@@ -289,11 +289,18 @@ create table user (
id integer primary key,
username unique not null,
-- Bitwise mask of flags:
-- 1: disabled. If set, no method of authentication for this user will succeed.
flags integer not null,
-- A json.UserConfig.
config text,
-- If set, a hash for password authentication, as generated by `libpasta::hash_password`.
-- If set, a hash for password authentication, as generated by
-- `libpasta::hash_password`. This is separate from config for two reasons:
-- * It should never be sent over the wire, because password hashes are
-- almost as sensitive as passwords themselves. Keeping it separate avoids
-- complicating the protocol for retrieving the config and updating it
-- with optimistic concurrency control.
-- * It may be updated while authenticating to upgrade the password hash
-- format, and the conflicting writes again might complicate the update
-- protocol.
password_hash text,
-- A counter which increments with every password reset or clear.
@@ -303,19 +310,9 @@ create table user (
-- This could be used to automatically disable the password on hitting a threshold.
password_failure_count integer not null default 0,
-- If set, a Unix UID that is accepted for authentication when using HTTP over
-- a Unix domain socket. (Additionally, the UID running Moonfire NVR can authenticate
-- as anyone; there's no point in trying to do otherwise.) This might be an easy
-- bootstrap method once configuration happens through a web UI rather than text UI.
unix_uid integer,
-- Permissions available for newly created tokens or when authenticating via
-- unix_uid above. A serialized "Permissions" protobuf.
permissions blob not null default X'',
-- Preferences controlled by the user. A JSON object, or null to represent
-- the empty object. Can be returned and modified through the API.
preferences text
permissions blob not null default X''
);
-- A single session, whether for browser or robot use.