dudeswave2/dudeswave/src/dudeswave_user_handler.erl

96 lines
2.6 KiB
Erlang
Raw Normal View History

%
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
%
% Permission to use, copy, modify, and distribute this software for any
% purpose with or without fee is hereby granted, provided that the above
% copyright notice and this permission notice appear in all copies.
%
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
%
-module(dudeswave_user_handler).
-moduledoc """
JSON API to manage users.
""".
-behaviour(cowboy_handler).
-export([init/2, terminate/3]).
%
% Callbacks exports
%
-export([allowed_methods/2, content_types_accepted/2,
known_methods/2, resource_exists/2, is_conflict/2,
previously_existed/2, allow_missing_post/2, create_user/2]).
-include_lib("storage/include/storage.hrl").
-define(RANDBYTES, 32).
%
% Protocol functions
%
init(Req, State) ->
{cowboy_rest, Req, State}.
allowed_methods(Req, State) ->
{[<<"POST">>], Req, State}.
content_types_accepted(Req, State) ->
{[{<<"application/x-www-form-urlencoded">>, create_user}], Req, State}.
known_methods(Req, State) ->
{[<<"POST">>], Req, State}.
resource_exists(Req, State) ->
{ok, Bucket} = maps:find(bucket, State),
case cowboy:read_urlencoded_body(Req) of
{ok, [{name, Name}, {username, User}, {password, Password}], NewReq} ->
case storage:read(Bucket, User) of
{ok, [_R]} ->
{true, NewReq, user_exists};
{ok, []} ->
{false, NewReq, {Bucket, [{name, Name},
{username, User},{password, Password}]}}
end
end.
is_conflict(Req, user_exists) -> {true, Req, []};
is_conflict(Req, State) -> {false, Req, State}.
previously_existed(Req, State) ->
{false, Req, State}.
allow_missing_post(Req, State) ->
{true, Req, State}.
create_user(Req, {Bucket, [{name, Name}, {username, User}, {password, Pass}]}) ->
crypto:rand_seed(),
Salt = rand:bytes(32),
Hash = crypto:hash(sha256, <<Pass/binary, Salt/binary>>),
URI = uri_string:recompose(#{
scheme => cowboy_req:scheme(Req),
host => cowboy_req:host(Req),
path => lists:flatten(["/user/", User])
}),
case storage:write(Bucket, User, Hash, [{salt, Salt}, {name, Name}]) of
ok ->
{{true, list_to_binary(URI)}, Req, []};
{error, Reason} ->
{false, Req, Reason}
end.
terminate(_Reason, _Req, _State) -> ok.