feat(db): Implement password reset DAO (#1456)

* feat(db, webserver): Implement password reset flow

* [autofix.ci] apply automated fixes

* Remove webserver logic from this PR

* Use ID instead of email

* Create delete_expired_password_reset

* Rename id to user_id

* Add rowid

* Rename parameters

* Rename db methods

* Unrename one db method

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

ee/tabby-db/migrations/0014_password-reset.down.sql

@@ -0,0 +1 @@
+DROP TABLE password_reset;

ee/tabby-db/migrations/0014_password-reset.up.sql

@@ -0,0 +1,6 @@
+CREATE TABLE password_reset(
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL UNIQUE,
+    code VARCHAR(36) NOT NULL,
+    created_at TIMESTAMP NOT NULL DEFAULT (DATETIME('now'))
+);

ee/tabby-db/src/lib.rs

@@ -14,6 +14,7 @@ mod github_oauth_credential;
 mod google_oauth_credential;
 mod invitations;
 mod job_runs;
+mod password_reset;
 mod path;
 mod refresh_tokens;
 mod repositories;

ee/tabby-db/src/password_reset.rs

@@ -0,0 +1,58 @@
+use anyhow::Result;
+use chrono::{DateTime, Duration, Utc};
+use sqlx::{prelude::FromRow, query};
+use uuid::Uuid;
+
+use crate::DbConn;
+
+#[derive(FromRow)]
+pub struct PasswordResetDAO {
+    pub user_id: i32,
+    pub code: String,
+    pub created_at: DateTime<Utc>,
+}
+
+impl DbConn {
+    pub async fn create_password_reset(&self, user_id: i32) -> Result<String> {
+        let code = Uuid::new_v4().to_string();
+        let time = Utc::now();
+        query!(
+            "INSERT INTO password_reset (user_id, code, created_at) VALUES ($1, $2, $3)
+            ON CONFLICT(user_id) DO UPDATE SET code= $2, created_at = $3;",
+            user_id,
+            code,
+            time
+        )
+        .execute(&self.pool)
+        .await?;
+        Ok(code)
+    }
+
+    pub async fn delete_password_reset_by_user_id(&self, user_id: i32) -> Result<()> {
+        query!("DELETE FROM password_reset WHERE user_id = ?", user_id)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    pub async fn get_password_reset_by_user_id(
+        &self,
+        user_id: i32,
+    ) -> Result<Option<PasswordResetDAO>> {
+        let password_reset = sqlx::query_as(
+            "SELECT user_id, code, created_at FROM password_reset WHERE user_id = ?;",
+        )
+        .bind(user_id)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(password_reset)
+    }
+
+    pub async fn delete_expired_password_resets(&self) -> Result<()> {
+        let time = Utc::now() - Duration::hours(1);
+        query!("DELETE FROM password_reset WHERE created_at < ?", time)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+}

ee/tabby-db/src/users.rs

@@ -191,6 +191,17 @@ impl DbConn {
             Ok(())
         }
     }
+
+    pub async fn update_user_password(&self, id: i32, password_encrypted: String) -> Result<()> {
+        query!(
+            "UPDATE users SET password_encrypted = ? WHERE id = ?",
+            password_encrypted,
+            id
+        )
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
 }
 
 fn generate_auth_token() -> String {

ee/tabby-webserver/email_templates/password_reset.html

@@ -0,0 +1,9 @@
+Reset your Tabby password
+---
+You recently requested a password reset for your TabbyML account {{EMAIL}}. Please click the link below to reset your password.
+
+{{EXTERNAL_URL}}/passwordReset?code={{CODE}}
+
+Best regards,
+
+The Tabby Team