1294 lines
43 KiB
Python
1294 lines
43 KiB
Python
"""MySQL database layer for the encrypted chat server."""
|
|
|
|
import os
|
|
import uuid
|
|
|
|
import mysql.connector
|
|
from dotenv import load_dotenv
|
|
|
|
from crypto_utils import (
|
|
generate_identity_keypair,
|
|
serialize_ed25519_public,
|
|
generate_signed_prekey,
|
|
serialize_x25519_public,
|
|
generate_one_time_prekeys,
|
|
)
|
|
|
|
load_dotenv()
|
|
|
|
# Sentinel device_id for self-encrypted copies and legacy (pre-multi-device) rows
|
|
SELF_DEVICE_ID = "00000000-0000-0000-0000-000000000000"
|
|
|
|
|
|
def get_connection():
|
|
"""Create a new MySQL connection from environment variables."""
|
|
return mysql.connector.connect(
|
|
host=os.getenv("MYSQL_HOST", "localhost"),
|
|
port=int(os.getenv("MYSQL_PORT", "3306")),
|
|
user=os.getenv("MYSQL_USER", "root"),
|
|
password=os.getenv("MYSQL_PASSWORD", ""),
|
|
database=os.getenv("MYSQL_DATABASE", "encrypted_chat"),
|
|
)
|
|
|
|
|
|
def generate_uuid() -> str:
|
|
return str(uuid.uuid4())
|
|
|
|
|
|
# --- Devices ---
|
|
|
|
def create_device(user_id: str, device_name: str | None = None) -> str:
|
|
"""Create a new device for a user. Returns device_id."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
device_id = generate_uuid()
|
|
cursor.execute(
|
|
"INSERT INTO devices (id, user_id, device_name) VALUES (%s, %s, %s)",
|
|
(device_id, user_id, device_name),
|
|
)
|
|
conn.commit()
|
|
return device_id
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_user_devices(user_id: str) -> list[dict]:
|
|
"""Get all devices for a user."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT id, user_id, device_name, created_at, last_seen_at "
|
|
"FROM devices WHERE user_id = %s ORDER BY created_at",
|
|
(user_id,),
|
|
)
|
|
return cursor.fetchall()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_device(device_id: str) -> dict | None:
|
|
"""Get a single device by ID."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT id, user_id, device_name, created_at, last_seen_at "
|
|
"FROM devices WHERE id = %s",
|
|
(device_id,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_device_last_seen(device_id: str):
|
|
"""Update last_seen_at timestamp for a device."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE devices SET last_seen_at = NOW() WHERE id = %s",
|
|
(device_id,),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def delete_device(device_id: str):
|
|
"""Delete a device. CASCADE removes its prekeys."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("DELETE FROM devices WHERE id = %s", (device_id,))
|
|
# Also clean up prekeys explicitly for device_id column
|
|
cursor.execute("DELETE FROM signed_prekeys WHERE device_id = %s", (device_id,))
|
|
cursor.execute("DELETE FROM one_time_prekeys WHERE device_id = %s", (device_id,))
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Users ---
|
|
|
|
def create_user(username: str, email: str, rsa_public_key_pem: str, identity_key: bytes) -> str:
|
|
"""Register a new user. Returns user ID."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
user_id = generate_uuid()
|
|
cursor.execute(
|
|
"INSERT INTO users (id, username, email, rsa_public_key, identity_key) "
|
|
"VALUES (%s, %s, %s, %s, %s)",
|
|
(user_id, username, email, rsa_public_key_pem, identity_key),
|
|
)
|
|
conn.commit()
|
|
return user_id
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_user_by_email(email: str) -> dict | None:
|
|
"""Get user by email."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT id, username, rsa_public_key, email, identity_key FROM users WHERE email = %s",
|
|
(email,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_user_by_id(user_id: str) -> dict | None:
|
|
"""Get user by ID."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT id, username, rsa_public_key, email, identity_key FROM users WHERE id = %s",
|
|
(user_id,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_user_contacts(user_id: str) -> list[str]:
|
|
"""Get all user IDs that share at least one conversation with the given user."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT DISTINCT cm2.user_id "
|
|
"FROM conversation_members cm1 "
|
|
"JOIN conversation_members cm2 ON cm1.conversation_id = cm2.conversation_id "
|
|
"WHERE cm1.user_id = %s AND cm2.user_id != %s",
|
|
(user_id, user_id),
|
|
)
|
|
return [row[0] for row in cursor.fetchall()]
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_user_rsa_key(user_id: str, rsa_public_key_pem: str):
|
|
"""Update user's RSA public key (for login)."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("UPDATE users SET rsa_public_key = %s WHERE id = %s", (rsa_public_key_pem, user_id))
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Pre-keys ---
|
|
|
|
def store_signed_prekey(user_id: str, spk_id: str, public_key: bytes, signature: bytes,
|
|
device_id: str | None = None):
|
|
"""Store (or replace) a signed pre-key for a user's device."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
# Remove old SPKs for this user+device
|
|
if device_id:
|
|
cursor.execute("DELETE FROM signed_prekeys WHERE user_id = %s AND device_id = %s",
|
|
(user_id, device_id))
|
|
else:
|
|
cursor.execute("DELETE FROM signed_prekeys WHERE user_id = %s AND device_id IS NULL",
|
|
(user_id,))
|
|
cursor.execute(
|
|
"INSERT INTO signed_prekeys (id, user_id, device_id, public_key, signature) "
|
|
"VALUES (%s, %s, %s, %s, %s)",
|
|
(spk_id, user_id, device_id, public_key, signature),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_signed_prekey(user_id: str, device_id: str | None = None) -> dict | None:
|
|
"""Get the current signed pre-key for a user (optionally per device)."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
if device_id:
|
|
cursor.execute(
|
|
"SELECT id, public_key, signature, device_id, created_at FROM signed_prekeys "
|
|
"WHERE user_id = %s AND device_id = %s "
|
|
"ORDER BY created_at DESC LIMIT 1",
|
|
(user_id, device_id),
|
|
)
|
|
else:
|
|
cursor.execute(
|
|
"SELECT id, public_key, signature, device_id, created_at FROM signed_prekeys "
|
|
"WHERE user_id = %s ORDER BY created_at DESC LIMIT 1",
|
|
(user_id,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def store_one_time_prekeys(user_id: str, prekeys: list[dict], device_id: str | None = None):
|
|
"""Store a batch of one-time pre-keys. Each dict has {id, public_key (bytes)}."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
for pk in prekeys:
|
|
cursor.execute(
|
|
"INSERT INTO one_time_prekeys (id, user_id, device_id, public_key) "
|
|
"VALUES (%s, %s, %s, %s)",
|
|
(pk["id"], user_id, device_id, pk["public_key"]),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def consume_one_time_prekey(user_id: str, device_id: str | None = None) -> dict | None:
|
|
"""Atomically consume one OTP: SELECT FOR UPDATE + DELETE.
|
|
Returns {id, public_key} or None."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
conn.start_transaction()
|
|
if device_id:
|
|
cursor.execute(
|
|
"SELECT id, public_key FROM one_time_prekeys "
|
|
"WHERE user_id = %s AND device_id = %s LIMIT 1 FOR UPDATE",
|
|
(user_id, device_id),
|
|
)
|
|
else:
|
|
cursor.execute(
|
|
"SELECT id, public_key FROM one_time_prekeys "
|
|
"WHERE user_id = %s LIMIT 1 FOR UPDATE",
|
|
(user_id,),
|
|
)
|
|
row = cursor.fetchone()
|
|
if row:
|
|
cursor.execute("DELETE FROM one_time_prekeys WHERE id = %s", (row["id"],))
|
|
conn.commit()
|
|
return row
|
|
except Exception:
|
|
conn.rollback()
|
|
raise
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def count_one_time_prekeys(user_id: str, device_id: str | None = None) -> int:
|
|
"""Count remaining OTPs for a user (optionally per device)."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
if device_id:
|
|
cursor.execute(
|
|
"SELECT COUNT(*) FROM one_time_prekeys WHERE user_id = %s AND device_id = %s",
|
|
(user_id, device_id),
|
|
)
|
|
else:
|
|
cursor.execute("SELECT COUNT(*) FROM one_time_prekeys WHERE user_id = %s", (user_id,))
|
|
return cursor.fetchone()[0]
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_key_bundle(user_id: str) -> dict | None:
|
|
"""Get complete key bundle for X3DH (single device — legacy compat).
|
|
|
|
Returns {identity_key, signed_prekey_id, signed_prekey, spk_signature,
|
|
one_time_prekey_id, one_time_prekey} or None.
|
|
OTP is consumed atomically.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
# Get user identity key
|
|
cursor.execute("SELECT identity_key FROM users WHERE id = %s", (user_id,))
|
|
user = cursor.fetchone()
|
|
if not user:
|
|
return None
|
|
|
|
# Get signed prekey
|
|
cursor.execute(
|
|
"SELECT id, public_key, signature, device_id FROM signed_prekeys WHERE user_id = %s "
|
|
"ORDER BY created_at DESC LIMIT 1",
|
|
(user_id,),
|
|
)
|
|
spk = cursor.fetchone()
|
|
if not spk:
|
|
return None
|
|
|
|
# Consume one OTP (may be None) — use transaction for atomicity (H12 fix)
|
|
conn.start_transaction()
|
|
cursor.execute(
|
|
"SELECT id, public_key FROM one_time_prekeys WHERE user_id = %s LIMIT 1 FOR UPDATE",
|
|
(user_id,),
|
|
)
|
|
opk = cursor.fetchone()
|
|
if opk:
|
|
cursor.execute("DELETE FROM one_time_prekeys WHERE id = %s", (opk["id"],))
|
|
conn.commit()
|
|
|
|
result = {
|
|
"identity_key": user["identity_key"],
|
|
"signed_prekey_id": spk["id"],
|
|
"signed_prekey": spk["public_key"],
|
|
"spk_signature": spk["signature"],
|
|
}
|
|
if opk:
|
|
result["one_time_prekey_id"] = opk["id"]
|
|
result["one_time_prekey"] = opk["public_key"]
|
|
return result
|
|
except Exception:
|
|
try:
|
|
conn.rollback()
|
|
except Exception:
|
|
pass
|
|
raise
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_key_bundles_for_user(user_id: str) -> dict | None:
|
|
"""Get key bundles for ALL devices of a user. Returns
|
|
{identity_key, device_bundles: [{device_id, signed_prekey_id, signed_prekey_pub,
|
|
spk_signature, opk_id, opk_pub}]} or None.
|
|
Consumes one OPK per device atomically.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
# Get user identity key
|
|
cursor.execute("SELECT identity_key FROM users WHERE id = %s", (user_id,))
|
|
user = cursor.fetchone()
|
|
if not user:
|
|
return None
|
|
|
|
# Get all signed prekeys (one per device, most recent)
|
|
cursor.execute(
|
|
"SELECT id, public_key, signature, device_id FROM signed_prekeys "
|
|
"WHERE user_id = %s ORDER BY created_at DESC",
|
|
(user_id,),
|
|
)
|
|
all_spks = cursor.fetchall()
|
|
if not all_spks:
|
|
return None
|
|
|
|
# De-duplicate: keep only the most recent SPK per device_id
|
|
seen_devices = set()
|
|
spks_by_device = []
|
|
for spk in all_spks:
|
|
dev = spk.get("device_id") or "__legacy__"
|
|
if dev not in seen_devices:
|
|
seen_devices.add(dev)
|
|
spks_by_device.append(spk)
|
|
|
|
device_bundles = []
|
|
# Commit the implicit transaction from the read-only queries above
|
|
# so we can start an explicit transaction for atomic OPK consumption.
|
|
conn.commit()
|
|
conn.start_transaction()
|
|
for spk in spks_by_device:
|
|
dev_id = spk.get("device_id")
|
|
# Consume one OPK for this device
|
|
if dev_id:
|
|
cursor.execute(
|
|
"SELECT id, public_key FROM one_time_prekeys "
|
|
"WHERE user_id = %s AND device_id = %s LIMIT 1 FOR UPDATE",
|
|
(user_id, dev_id),
|
|
)
|
|
else:
|
|
cursor.execute(
|
|
"SELECT id, public_key FROM one_time_prekeys "
|
|
"WHERE user_id = %s AND device_id IS NULL LIMIT 1 FOR UPDATE",
|
|
(user_id,),
|
|
)
|
|
opk = cursor.fetchone()
|
|
if opk:
|
|
cursor.execute("DELETE FROM one_time_prekeys WHERE id = %s", (opk["id"],))
|
|
|
|
bundle = {
|
|
"device_id": dev_id,
|
|
"signed_prekey_id": spk["id"],
|
|
"signed_prekey_pub": spk["public_key"],
|
|
"spk_signature": spk["signature"],
|
|
}
|
|
if opk:
|
|
bundle["opk_id"] = opk["id"]
|
|
bundle["opk_pub"] = opk["public_key"]
|
|
device_bundles.append(bundle)
|
|
conn.commit()
|
|
|
|
return {
|
|
"identity_key": user["identity_key"],
|
|
"device_bundles": device_bundles,
|
|
}
|
|
except Exception:
|
|
try:
|
|
conn.rollback()
|
|
except Exception:
|
|
pass
|
|
raise
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Conversations ---
|
|
|
|
def create_conversation(member_user_ids: list[str], joined_at=None, name=None, created_by=None) -> str:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
conv_id = generate_uuid()
|
|
cursor.execute("INSERT INTO conversations (id, name, created_by) VALUES (%s, %s, %s)",
|
|
(conv_id, name, created_by))
|
|
for uid in member_user_ids:
|
|
cursor.execute(
|
|
"INSERT INTO conversation_members (conversation_id, user_id, joined_at) VALUES (%s, %s, %s)",
|
|
(conv_id, uid, joined_at),
|
|
)
|
|
conn.commit()
|
|
return conv_id
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def add_conversation_member(conversation_id: str, user_id: str, joined_at=None):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"INSERT IGNORE INTO conversation_members (conversation_id, user_id, joined_at) VALUES (%s, %s, %s)",
|
|
(conversation_id, user_id, joined_at),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def remove_conversation_member(conversation_id: str, user_id: str):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"DELETE FROM conversation_members WHERE conversation_id = %s AND user_id = %s",
|
|
(conversation_id, user_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def count_conversation_members(conversation_id: str) -> int:
|
|
"""Count members in a conversation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT COUNT(*) FROM conversation_members WHERE conversation_id = %s",
|
|
(conversation_id,),
|
|
)
|
|
return cursor.fetchone()[0]
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_conversation_file_ids(conversation_id: str) -> list[str]:
|
|
"""Get all file IDs (images + files) uploaded to a conversation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT file_id FROM image_uploads WHERE conversation_id = %s",
|
|
(conversation_id,),
|
|
)
|
|
return [row[0] for row in cursor.fetchall()]
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def delete_conversation(conversation_id: str):
|
|
"""Delete a conversation entirely. CASCADE cleans up members, messages, etc."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("DELETE FROM conversations WHERE id = %s", (conversation_id,))
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_conversation_members(conversation_id: str) -> list[dict]:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT u.id, u.username, u.email, u.identity_key FROM conversation_members cm "
|
|
"JOIN users u ON cm.user_id = u.id "
|
|
"WHERE cm.conversation_id = %s",
|
|
(conversation_id,),
|
|
)
|
|
return cursor.fetchall()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def find_direct_conversation(user_id_a: str, user_id_b: str) -> str | None:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT cm1.conversation_id FROM conversation_members cm1 "
|
|
"JOIN conversation_members cm2 ON cm1.conversation_id = cm2.conversation_id "
|
|
"WHERE cm1.user_id = %s AND cm2.user_id = %s "
|
|
"AND (SELECT COUNT(*) FROM conversation_members cm3 "
|
|
" WHERE cm3.conversation_id = cm1.conversation_id) = 2 "
|
|
"LIMIT 1",
|
|
(user_id_a, user_id_b),
|
|
)
|
|
row = cursor.fetchone()
|
|
return row[0] if row else None
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_conversation_creator(conversation_id: str, new_creator_id: str):
|
|
"""Transfer group creator role to another member."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE conversations SET created_by = %s WHERE id = %s",
|
|
(new_creator_id, conversation_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_conversation(conversation_id: str) -> dict | None:
|
|
"""Get conversation by ID."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT id, created_at, name, created_by, avatar_file FROM conversations WHERE id = %s",
|
|
(conversation_id,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_conversation_avatar(conversation_id: str, avatar_file: str):
|
|
"""Set avatar file for a conversation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE conversations SET avatar_file = %s WHERE id = %s",
|
|
(avatar_file, conversation_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_conversation_name(conversation_id: str, name: str):
|
|
"""Update the name of a conversation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE conversations SET name = %s WHERE id = %s",
|
|
(name, conversation_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def is_conversation_member(conversation_id: str, user_id: str) -> bool:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT 1 FROM conversation_members WHERE conversation_id = %s AND user_id = %s",
|
|
(conversation_id, user_id),
|
|
)
|
|
return cursor.fetchone() is not None
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def list_user_conversations(user_id: str) -> list[dict]:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT c.id, c.created_at, c.name, c.created_by, c.avatar_file FROM conversations c "
|
|
"JOIN conversation_members cm ON c.id = cm.conversation_id "
|
|
"WHERE cm.user_id = %s ORDER BY c.created_at DESC",
|
|
(user_id,),
|
|
)
|
|
convs = cursor.fetchall()
|
|
for conv in convs:
|
|
cursor.execute(
|
|
"SELECT u.id AS user_id, u.username, u.email FROM conversation_members cm "
|
|
"JOIN users u ON cm.user_id = u.id "
|
|
"WHERE cm.conversation_id = %s",
|
|
(conv["id"],),
|
|
)
|
|
conv["members"] = cursor.fetchall()
|
|
return convs
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Group Invitations ---
|
|
|
|
def create_invitation(conversation_id: str, user_id: str, invited_by: str):
|
|
"""Create a pending group invitation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
inv_id = generate_uuid()
|
|
cursor.execute(
|
|
"INSERT IGNORE INTO group_invitations (id, conversation_id, user_id, invited_by) "
|
|
"VALUES (%s, %s, %s, %s)",
|
|
(inv_id, conversation_id, user_id, invited_by),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_pending_invitations(user_id: str) -> list[dict]:
|
|
"""Get all pending invitations for a user, joined with conversation and inviter info."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT gi.id, gi.conversation_id, gi.invited_by, gi.created_at, "
|
|
"c.name AS conversation_name, u.username AS invited_by_username "
|
|
"FROM group_invitations gi "
|
|
"JOIN conversations c ON gi.conversation_id = c.id "
|
|
"JOIN users u ON gi.invited_by = u.id "
|
|
"WHERE gi.user_id = %s "
|
|
"ORDER BY gi.created_at DESC",
|
|
(user_id,),
|
|
)
|
|
return cursor.fetchall()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def delete_invitation(conversation_id: str, user_id: str):
|
|
"""Delete a pending invitation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"DELETE FROM group_invitations WHERE conversation_id = %s AND user_id = %s",
|
|
(conversation_id, user_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def has_pending_invitation(conversation_id: str, user_id: str) -> bool:
|
|
"""Check if a user has a pending invitation for a conversation."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"SELECT 1 FROM group_invitations WHERE conversation_id = %s AND user_id = %s",
|
|
(conversation_id, user_id),
|
|
)
|
|
return cursor.fetchone() is not None
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Messages ---
|
|
|
|
def store_message(
|
|
conversation_id: str,
|
|
sender_id: str,
|
|
ratchet_header: bytes,
|
|
recipients: list[dict],
|
|
x3dh_header: bytes | None = None,
|
|
sender_chain_id: bytes | None = None,
|
|
sender_chain_n: int | None = None,
|
|
image_file_id: str | None = None,
|
|
sender_device_id: str | None = None,
|
|
) -> str:
|
|
"""Store an encrypted message with per-recipient ciphertext.
|
|
|
|
recipients: [{user_id, encrypted_content (bytes), nonce (bytes),
|
|
device_id (str, optional), ratchet_header (bytes, optional),
|
|
x3dh_header (bytes, optional)}]
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
msg_id = generate_uuid()
|
|
cursor.execute(
|
|
"INSERT INTO messages (id, conversation_id, sender_id, sender_device_id, "
|
|
"ratchet_header, x3dh_header, sender_chain_id, sender_chain_n, image_file_id) "
|
|
"VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s)",
|
|
(msg_id, conversation_id, sender_id, sender_device_id, ratchet_header,
|
|
x3dh_header, sender_chain_id, sender_chain_n, image_file_id),
|
|
)
|
|
for r in recipients:
|
|
device_id = r.get("device_id", SELF_DEVICE_ID)
|
|
cursor.execute(
|
|
"INSERT INTO message_recipients (message_id, user_id, device_id, "
|
|
"encrypted_content, nonce, ratchet_header, x3dh_header) "
|
|
"VALUES (%s, %s, %s, %s, %s, %s, %s)",
|
|
(msg_id, r["user_id"], device_id, r["encrypted_content"], r["nonce"],
|
|
r.get("ratchet_header"), r.get("x3dh_header")),
|
|
)
|
|
conn.commit()
|
|
return msg_id
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_messages(conversation_id: str, user_id: str, limit: int = 50, offset: int = 0,
|
|
device_id: str | None = None) -> list[dict]:
|
|
"""Get messages for a user in a conversation, JOINing their per-recipient ciphertext.
|
|
|
|
If device_id is set, returns rows where mr.device_id matches OR is the sentinel
|
|
(self-encrypted / legacy). This ensures both device-specific and self-encrypted
|
|
copies are returned.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
if device_id:
|
|
cursor.execute(
|
|
"SELECT m.id, m.conversation_id, m.sender_id, m.sender_device_id, "
|
|
"m.ratchet_header, m.x3dh_header, "
|
|
"m.sender_chain_id, m.sender_chain_n, m.created_at, m.deleted_at, m.image_file_id, "
|
|
"mr.encrypted_content, mr.nonce, mr.device_id AS mr_device_id, "
|
|
"mr.ratchet_header AS mr_ratchet_header, mr.x3dh_header AS mr_x3dh_header "
|
|
"FROM messages m "
|
|
"JOIN message_recipients mr ON m.id = mr.message_id AND mr.user_id = %s "
|
|
" AND (mr.device_id = %s OR mr.device_id = %s) "
|
|
"JOIN conversation_members cm ON cm.conversation_id = m.conversation_id AND cm.user_id = %s "
|
|
"WHERE m.conversation_id = %s AND (cm.joined_at IS NULL OR m.created_at >= cm.joined_at) "
|
|
"ORDER BY m.created_at DESC LIMIT %s OFFSET %s",
|
|
(user_id, device_id, SELF_DEVICE_ID, user_id, conversation_id, limit, offset),
|
|
)
|
|
else:
|
|
cursor.execute(
|
|
"SELECT m.id, m.conversation_id, m.sender_id, m.sender_device_id, "
|
|
"m.ratchet_header, m.x3dh_header, "
|
|
"m.sender_chain_id, m.sender_chain_n, m.created_at, m.deleted_at, m.image_file_id, "
|
|
"mr.encrypted_content, mr.nonce, mr.device_id AS mr_device_id, "
|
|
"mr.ratchet_header AS mr_ratchet_header, mr.x3dh_header AS mr_x3dh_header "
|
|
"FROM messages m "
|
|
"JOIN message_recipients mr ON m.id = mr.message_id AND mr.user_id = %s "
|
|
"JOIN conversation_members cm ON cm.conversation_id = m.conversation_id AND cm.user_id = %s "
|
|
"WHERE m.conversation_id = %s AND (cm.joined_at IS NULL OR m.created_at >= cm.joined_at) "
|
|
"ORDER BY m.created_at DESC LIMIT %s OFFSET %s",
|
|
(user_id, user_id, conversation_id, limit, offset),
|
|
)
|
|
return cursor.fetchall()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_message_conversation(message_id: str) -> str | None:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("SELECT conversation_id FROM messages WHERE id = %s", (message_id,))
|
|
row = cursor.fetchone()
|
|
return row[0] if row else None
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_message_sender(message_id: str) -> str | None:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("SELECT sender_id FROM messages WHERE id = %s", (message_id,))
|
|
row = cursor.fetchone()
|
|
return row[0] if row else None
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Group Sender Keys ---
|
|
|
|
def store_sender_key(conversation_id: str, sender_id: str, chain_id: bytes,
|
|
device_id: str | None = None):
|
|
"""Store or update a sender key chain ID for a group member's device."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
dev = device_id or SELF_DEVICE_ID
|
|
cursor.execute(
|
|
"REPLACE INTO group_sender_keys (conversation_id, sender_id, device_id, chain_id) "
|
|
"VALUES (%s, %s, %s, %s)",
|
|
(conversation_id, sender_id, dev, chain_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_sender_key(conversation_id: str, sender_id: str,
|
|
device_id: str | None = None) -> dict | None:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
dev = device_id or SELF_DEVICE_ID
|
|
cursor.execute(
|
|
"SELECT chain_id, created_at FROM group_sender_keys "
|
|
"WHERE conversation_id = %s AND sender_id = %s AND device_id = %s",
|
|
(conversation_id, sender_id, dev),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Read Receipts ---
|
|
|
|
def mark_messages_read(conversation_id: str, user_id: str, message_ids: list[str]):
|
|
if not message_ids:
|
|
return
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
for mid in message_ids:
|
|
cursor.execute(
|
|
"INSERT IGNORE INTO message_reads (message_id, user_id) VALUES (%s, %s)",
|
|
(mid, user_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_unread_counts(user_id: str) -> dict[str, int]:
|
|
"""Return {conversation_id: unread_count} for all conversations the user is in."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT m.conversation_id, COUNT(*) AS cnt "
|
|
"FROM messages m "
|
|
"JOIN message_recipients mr ON mr.message_id = m.id AND mr.user_id = %s "
|
|
"LEFT JOIN message_reads mrd ON mrd.message_id = m.id AND mrd.user_id = %s "
|
|
"WHERE m.sender_id != %s AND m.deleted_at IS NULL AND mrd.message_id IS NULL "
|
|
"GROUP BY m.conversation_id",
|
|
(user_id, user_id, user_id),
|
|
)
|
|
return {row["conversation_id"]: row["cnt"] for row in cursor.fetchall()}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_message_read_status(message_ids: list[str]) -> dict:
|
|
if not message_ids:
|
|
return {}
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
placeholders = ",".join(["%s"] * len(message_ids))
|
|
cursor.execute(
|
|
f"SELECT mr.message_id, mr.user_id, mr.read_at "
|
|
f"FROM message_reads mr "
|
|
f"WHERE mr.message_id IN ({placeholders})",
|
|
tuple(message_ids),
|
|
)
|
|
result = {}
|
|
for row in cursor.fetchall():
|
|
mid = row["message_id"]
|
|
if mid not in result:
|
|
result[mid] = []
|
|
result[mid].append({
|
|
"user_id": row["user_id"],
|
|
"read_at": row["read_at"].isoformat() if hasattr(row["read_at"], "isoformat") else str(row["read_at"]),
|
|
})
|
|
return result
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Delete ---
|
|
|
|
def soft_delete_message(message_id: str, sender_id: str) -> dict | None:
|
|
"""Soft-delete a message if sender matches. Returns {'image_file_id': ...} or None."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT sender_id, image_file_id FROM messages WHERE id = %s AND deleted_at IS NULL",
|
|
(message_id,),
|
|
)
|
|
row = cursor.fetchone()
|
|
if not row or row["sender_id"] != sender_id:
|
|
return None
|
|
cursor.execute(
|
|
"UPDATE messages SET deleted_at = NOW() WHERE id = %s",
|
|
(message_id,),
|
|
)
|
|
# Clear per-recipient ciphertext
|
|
cursor.execute(
|
|
"UPDATE message_recipients SET encrypted_content = %s WHERE message_id = %s",
|
|
(b"", message_id),
|
|
)
|
|
conn.commit()
|
|
return {"image_file_id": row.get("image_file_id")}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def set_message_image_file_id(message_id: str, file_id: str):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE messages SET image_file_id = %s WHERE id = %s",
|
|
(file_id, message_id),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Image Uploads ---
|
|
|
|
def create_image_upload(file_id: str, conversation_id: str, uploader_id: str, file_size: int):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"INSERT INTO image_uploads (file_id, conversation_id, uploader_id, file_size) "
|
|
"VALUES (%s, %s, %s, %s)",
|
|
(file_id, conversation_id, uploader_id, file_size),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def complete_image_upload(file_id: str):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE image_uploads SET completed = TRUE WHERE file_id = %s",
|
|
(file_id,),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_image_upload(file_id: str) -> dict | None:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT file_id, conversation_id, uploader_id, file_size, completed, created_at "
|
|
"FROM image_uploads WHERE file_id = %s",
|
|
(file_id,),
|
|
)
|
|
return cursor.fetchone()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def delete_image_upload(file_id: str):
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("DELETE FROM image_uploads WHERE file_id = %s", (file_id,))
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- User Profiles ---
|
|
|
|
def create_default_profile(user_id: str):
|
|
"""Create a default profile for a new user."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"INSERT IGNORE INTO user_profiles (user_id) VALUES (%s)",
|
|
(user_id,),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_user_profile(user_id: str, viewer_id: str | None = None) -> dict | None:
|
|
"""Get user profile joined with user info. Respects visibility if viewer is different user."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT u.id AS user_id, u.username, u.email, u.created_at, "
|
|
"p.phone, p.phone_visible, p.email_visible, p.location, "
|
|
"p.location_visible, p.avatar_file, p.updated_at "
|
|
"FROM users u LEFT JOIN user_profiles p ON u.id = p.user_id "
|
|
"WHERE u.id = %s",
|
|
(user_id,),
|
|
)
|
|
row = cursor.fetchone()
|
|
if not row:
|
|
return None
|
|
# If viewing someone else's profile, apply visibility rules
|
|
if viewer_id and viewer_id != user_id:
|
|
if not row.get("email_visible"):
|
|
row["email"] = None
|
|
if not row.get("phone_visible"):
|
|
row["phone"] = None
|
|
if not row.get("location_visible"):
|
|
row["location"] = None
|
|
return row
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def update_user_profile(user_id: str, **fields):
|
|
"""Upsert user profile fields. Allowed: phone, phone_visible, email_visible,
|
|
location, location_visible, avatar_file."""
|
|
allowed = {"phone", "phone_visible", "email_visible", "location",
|
|
"location_visible", "avatar_file"}
|
|
filtered = {k: v for k, v in fields.items() if k in allowed}
|
|
if not filtered:
|
|
return
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
# Upsert: insert default then update
|
|
cursor.execute(
|
|
"INSERT IGNORE INTO user_profiles (user_id) VALUES (%s)",
|
|
(user_id,),
|
|
)
|
|
set_clause = ", ".join(f"{k} = %s" for k in filtered)
|
|
values = list(filtered.values()) + [user_id]
|
|
cursor.execute(
|
|
f"UPDATE user_profiles SET {set_clause} WHERE user_id = %s",
|
|
values,
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def batch_reencrypt_messages(user_id: str, updates: list[dict]):
|
|
"""Batch re-encrypt message_recipients rows with self-encryption key data.
|
|
|
|
Each update: {message_id, encrypted_content (bytes), nonce (bytes)}.
|
|
Sets ratchet_header to '{"self":true}' and clears x3dh_header.
|
|
Only updates rows belonging to user_id with sentinel device_id (self-encrypted copies).
|
|
"""
|
|
if not updates:
|
|
return
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
self_header = b'{"self":true}'
|
|
for u in updates:
|
|
cursor.execute(
|
|
"UPDATE message_recipients "
|
|
"SET encrypted_content = %s, nonce = %s, ratchet_header = %s, x3dh_header = NULL "
|
|
"WHERE message_id = %s AND user_id = %s AND device_id = %s",
|
|
(u["encrypted_content"], u["nonce"], self_header, u["message_id"],
|
|
user_id, SELF_DEVICE_ID),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
# --- Phantom Users ---
|
|
|
|
def create_phantom_user(email: str) -> dict:
|
|
"""Create a phantom user with valid crypto keys for X3DH.
|
|
|
|
Phantom users have rsa_public_key = 'PHANTOM' as a marker.
|
|
Returns user dict: {id, username, email, identity_key}.
|
|
"""
|
|
username = email.split("@")[0]
|
|
user_id = generate_uuid()
|
|
|
|
# Generate real crypto keys so X3DH works on the client side
|
|
ik_private, ik_public = generate_identity_keypair()
|
|
ik_public_bytes = serialize_ed25519_public(ik_public)
|
|
|
|
spk = generate_signed_prekey(ik_private)
|
|
spk_pub_bytes = serialize_x25519_public(spk["public"])
|
|
spk_sig = spk["signature"]
|
|
|
|
opks = generate_one_time_prekeys(count=5)
|
|
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"INSERT INTO users (id, username, email, rsa_public_key, identity_key) "
|
|
"VALUES (%s, %s, %s, %s, %s)",
|
|
(user_id, username, email, "PHANTOM", ik_public_bytes),
|
|
)
|
|
cursor.execute(
|
|
"INSERT INTO signed_prekeys (id, user_id, public_key, signature) VALUES (%s, %s, %s, %s)",
|
|
(spk["id"], user_id, spk_pub_bytes, spk_sig),
|
|
)
|
|
for opk in opks:
|
|
cursor.execute(
|
|
"INSERT INTO one_time_prekeys (id, user_id, public_key) VALUES (%s, %s, %s)",
|
|
(opk["id"], user_id, serialize_x25519_public(opk["public"])),
|
|
)
|
|
conn.commit()
|
|
return {"id": user_id, "username": username, "email": email, "identity_key": ik_public_bytes}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def is_phantom_user(user_id: str) -> bool:
|
|
"""Check if a user is a phantom (rsa_public_key == 'PHANTOM')."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("SELECT rsa_public_key FROM users WHERE id = %s", (user_id,))
|
|
row = cursor.fetchone()
|
|
return row is not None and row[0] == "PHANTOM"
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def delete_phantom_user(user_id: str):
|
|
"""Delete a phantom user. CASCADE removes signed_prekeys, one_time_prekeys,
|
|
conversation_members, message_recipients, etc."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"DELETE FROM users WHERE id = %s AND rsa_public_key = %s",
|
|
(user_id, "PHANTOM"),
|
|
)
|
|
conn.commit()
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def upgrade_phantom_user(phantom_id: str, username: str, rsa_public_key_pem: str,
|
|
identity_key: bytes) -> str | None:
|
|
"""Upgrade a phantom user to a real user in-place.
|
|
|
|
Preserves user_id and all FK references (conversation_members, group_invitations, etc.).
|
|
Deletes phantom's server-generated prekeys (real user will upload own on first login).
|
|
Returns phantom_id as the new user_id, or None if phantom no longer exists.
|
|
"""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"UPDATE users SET username = %s, rsa_public_key = %s, identity_key = %s "
|
|
"WHERE id = %s AND rsa_public_key = 'PHANTOM'",
|
|
(username, rsa_public_key_pem, identity_key, phantom_id),
|
|
)
|
|
if cursor.rowcount == 0:
|
|
conn.rollback()
|
|
return None
|
|
# Remove phantom's server-generated crypto keys — real user uploads own
|
|
cursor.execute("DELETE FROM signed_prekeys WHERE user_id = %s", (phantom_id,))
|
|
cursor.execute("DELETE FROM one_time_prekeys WHERE user_id = %s", (phantom_id,))
|
|
conn.commit()
|
|
return phantom_id
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_all_phantom_user_ids() -> set[str]:
|
|
"""Return set of all phantom user IDs (for server startup cache)."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute("SELECT id FROM users WHERE rsa_public_key = %s", ("PHANTOM",))
|
|
return {row[0] for row in cursor.fetchall()}
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def cleanup_stale_phantoms(max_age_days: int = 30) -> int:
|
|
"""Delete phantom users older than max_age_days with no active conversations with real users."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
# Two-step: SELECT ids first, then DELETE.
|
|
# MySQL error 1093: can't DELETE from table referenced in subquery.
|
|
cursor.execute("""
|
|
SELECT u.id FROM users u
|
|
WHERE u.rsa_public_key = 'PHANTOM'
|
|
AND u.created_at < DATE_SUB(NOW(), INTERVAL %s DAY)
|
|
AND NOT EXISTS (
|
|
SELECT 1 FROM conversation_members cm1
|
|
JOIN conversation_members cm2 ON cm1.conversation_id = cm2.conversation_id
|
|
JOIN users u2 ON cm2.user_id = u2.id
|
|
WHERE cm1.user_id = u.id
|
|
AND u2.rsa_public_key != 'PHANTOM'
|
|
)
|
|
""", (max_age_days,))
|
|
ids = [row[0] for row in cursor.fetchall()]
|
|
if not ids:
|
|
return 0
|
|
cursor.execute(
|
|
"DELETE FROM users WHERE id IN (%s)" % ",".join(["%s"] * len(ids)),
|
|
ids,
|
|
)
|
|
deleted = cursor.rowcount
|
|
conn.commit()
|
|
return deleted
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def remove_conversation_member_atomic(conversation_id: str, user_id: str) -> bool:
|
|
"""Remove member and return True if actually removed (row existed). M6 TOCTOU fix."""
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor()
|
|
cursor.execute(
|
|
"DELETE FROM conversation_members WHERE conversation_id = %s AND user_id = %s",
|
|
(conversation_id, user_id),
|
|
)
|
|
conn.commit()
|
|
return cursor.rowcount > 0
|
|
finally:
|
|
conn.close()
|
|
|
|
|
|
def get_stale_uploads(max_age_seconds: int = 3600) -> list[dict]:
|
|
conn = get_connection()
|
|
try:
|
|
cursor = conn.cursor(dictionary=True)
|
|
cursor.execute(
|
|
"SELECT file_id FROM image_uploads "
|
|
"WHERE completed = FALSE AND created_at < DATE_SUB(NOW(), INTERVAL %s SECOND)",
|
|
(max_age_seconds,),
|
|
)
|
|
return cursor.fetchall()
|
|
finally:
|
|
conn.close()
|