2024-08-06 19:17:35 -04:00
|
|
|
%
|
|
|
|
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
|
|
|
|
%
|
|
|
|
% Permission to use, copy, modify, and distribute this software for any
|
|
|
|
% purpose with or without fee is hereby granted, provided that the above
|
|
|
|
% copyright notice and this permission notice appear in all copies.
|
|
|
|
%
|
|
|
|
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
%
|
|
|
|
-module(dudeswave_auth).
|
|
|
|
-moduledoc """
|
|
|
|
Dudes users management module.
|
|
|
|
|
|
|
|
Here lives all the functions needed to create, update and delete users
|
|
|
|
from the dudeswave database.
|
|
|
|
""".
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
-include_lib("dudeswave/include/defines.hrl").
|
2024-08-06 19:17:35 -04:00
|
|
|
-include_lib("storage/include/storage.hrl").
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
-export([authenticate/2, details/1, new/3,
|
2024-08-15 17:00:06 -04:00
|
|
|
update/4, delete/1, logout/2, auth_cookies/1]).
|
2024-08-06 19:17:35 -04:00
|
|
|
|
|
|
|
-doc """
|
|
|
|
Verify a session with an existing cookie.
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec authenticate(User, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
2024-08-15 16:27:02 -04:00
|
|
|
Auth :: {cookie, binary()} | {password, binary()},
|
2024-08-06 19:17:35 -04:00
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
Authenticate a user with either an existing `Cookie` or by issuing a new one
|
|
|
|
after authenticating with `Password`.
|
|
|
|
|
|
|
|
If `Cookie` is valid, the function returns `true`. If the authentication is denied
|
|
|
|
returns `false`
|
2024-08-06 19:17:35 -04:00
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec authenticate(User, Auth) -> true | false | {true, Cookie, Validity} | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
2024-08-15 16:27:02 -04:00
|
|
|
Auth :: {cookie, binary()} | {password, binary()},
|
2024-08-06 19:17:35 -04:00
|
|
|
Cookie :: binary(),
|
2024-08-15 16:27:02 -04:00
|
|
|
Validity :: pos_integer(),
|
2024-08-06 19:17:35 -04:00
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
authenticate(User, {cookie, Cookie}) ->
|
|
|
|
case storage:read(?COOKIESBUCK, Cookie) of
|
2024-08-06 19:17:35 -04:00
|
|
|
{ok, [R]} ->
|
|
|
|
CurTime = calendar:now_to_universal_time(erlang:timestamp()),
|
2024-08-09 15:50:19 -04:00
|
|
|
CookieTime = R#object.value,
|
|
|
|
CookieUser = lists:keyfind(user, 1, R#object.metadata),
|
|
|
|
|
2024-08-06 19:17:35 -04:00
|
|
|
if
|
|
|
|
CookieTime >= CurTime ->
|
|
|
|
if
|
2024-08-09 15:50:19 -04:00
|
|
|
User =:= CookieUser -> true;
|
2024-08-06 19:17:35 -04:00
|
|
|
true -> false
|
|
|
|
end;
|
|
|
|
true -> false
|
|
|
|
end;
|
|
|
|
{ok, []} -> false;
|
|
|
|
{error, _} -> {error, service_unavailable}
|
2024-08-15 16:27:02 -04:00
|
|
|
end;
|
2024-08-06 19:17:35 -04:00
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
authenticate(User, {password, Password}) ->
|
|
|
|
case storage:read(?USERSBUCK, User) of
|
2024-08-06 19:17:35 -04:00
|
|
|
{ok, [R]} ->
|
2024-08-07 16:22:45 -04:00
|
|
|
Validity = case application:get_env(cookie_validity) of
|
|
|
|
{ok, Value} ->
|
|
|
|
erlang:system_time(seconds) + Value * 86400;
|
|
|
|
undefined ->
|
|
|
|
erlang:system_time(seconds) + ?DEFVALIDITY * 86400
|
|
|
|
end,
|
|
|
|
|
2024-08-06 19:17:35 -04:00
|
|
|
{ok, Hash} = lists:keyfind(hash, 1, R#object.metadata),
|
|
|
|
{ok, Salt} = lists:keyfind(salt, 1, R#object.metadata),
|
|
|
|
Auth = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
|
2024-08-07 16:22:45 -04:00
|
|
|
|
2024-08-06 19:17:35 -04:00
|
|
|
if
|
|
|
|
Auth =:= Hash ->
|
|
|
|
Cookie = base64:encode(rand:bytes(64)),
|
2024-08-15 16:27:02 -04:00
|
|
|
case storage:write(?COOKIESBUCK, <<Cookie/binary>>,
|
|
|
|
Validity, [{user, User}]) of
|
2024-08-07 16:22:45 -04:00
|
|
|
ok -> {true, Cookie, Validity};
|
2024-08-06 19:17:35 -04:00
|
|
|
{error, Reason} -> {error, Reason}
|
|
|
|
end;
|
|
|
|
true -> false
|
|
|
|
end;
|
|
|
|
{ok, []} -> false;
|
|
|
|
{error, Reason} -> {error, Reason}
|
|
|
|
end.
|
|
|
|
|
2024-08-09 18:19:17 -04:00
|
|
|
-doc """
|
|
|
|
Close an existing session
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec logout(User, Cookie) -> ok | {error, Reason} when
|
2024-08-09 18:19:17 -04:00
|
|
|
User :: binary(),
|
|
|
|
Cookie :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
|
|
|
|
Invalidate and delete `Cookie` associated with `User` from the system.
|
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec logout(User, Cookie) -> ok | {error, Reason} when
|
2024-08-09 18:19:17 -04:00
|
|
|
User :: binary(),
|
|
|
|
Cookie :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
logout(User, Cookie) ->
|
|
|
|
case storage:read(?COOKIESBUCK, Cookie) of
|
2024-08-09 18:19:17 -04:00
|
|
|
{ok, [R]} ->
|
|
|
|
{user, User} = lists:keyfind(user, 1, R#object.metadata),
|
2024-08-15 16:27:02 -04:00
|
|
|
storage:delete(?COOKIESBUCK, Cookie);
|
2024-08-09 18:19:17 -04:00
|
|
|
{ok, []} ->
|
|
|
|
{error, not_found};
|
|
|
|
{error, Reason} ->
|
|
|
|
{error, Reason}
|
|
|
|
end.
|
|
|
|
|
2024-08-06 19:17:35 -04:00
|
|
|
-doc """
|
|
|
|
Return user details.
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec details(User) -> Value | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Value :: term(),
|
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec details(User) -> Value | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Value :: term(),
|
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
details(User) ->
|
|
|
|
case storage:read(?USERSBUCK, User) of
|
2024-08-06 19:17:35 -04:00
|
|
|
{ok, [R]} -> R#object.value;
|
|
|
|
{error, Reason} -> {error, Reason};
|
|
|
|
{ok, []} -> {error, not_found}
|
|
|
|
end.
|
|
|
|
|
|
|
|
-doc """
|
|
|
|
Create a new user.
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec new(User, Password, Email) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Password :: binary(),
|
|
|
|
Email :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
The `User` is created, and stored in the application's users bucket
|
2024-08-06 19:17:35 -04:00
|
|
|
`Password` is salted and hashed with SHA256 before being stored.
|
|
|
|
|
|
|
|
The new user is saved with a metadata `status` of `waiting_confirmation`,
|
|
|
|
based on the application settings, the confirmation method may vary.
|
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec new(User, Password, Email) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Password :: binary(),
|
|
|
|
Email :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
new(User, Password, Email) ->
|
2024-08-06 19:23:30 -04:00
|
|
|
Salt = rand:bytes(?RANDBYTES),
|
2024-08-06 19:17:35 -04:00
|
|
|
Hash = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
|
|
|
|
|
|
|
|
Data = #{<<"email">> => Email},
|
|
|
|
Metadata = [{salt, Salt}, {hash, Hash}, {status, waiting_confirmation}],
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
storage:write(?USERSBUCK, User, Data, Metadata).
|
2024-08-06 19:17:35 -04:00
|
|
|
|
|
|
|
-doc """
|
|
|
|
Update user's details
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec update(User, Name, Email, Desc) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Name :: binary(),
|
|
|
|
Email :: binary(),
|
|
|
|
Desc :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
|
|
|
|
The details apart from `User` are updated. The username itself is immutable
|
|
|
|
and cannot be modified. All the other fields, excluding the e-mail, are the
|
|
|
|
ones that can be seen in the public page.
|
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec update(User, Name, Email, Desc) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Name :: binary(),
|
|
|
|
Email :: binary(),
|
|
|
|
Desc :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
update(User, Name, Email, Desc) ->
|
|
|
|
{ok, CurData, Metadata} = case storage:read(?USERSBUCK, User) of
|
2024-08-06 19:17:35 -04:00
|
|
|
{ok, [R]} ->
|
|
|
|
{ok, R#object.value, R#object.metadata};
|
|
|
|
{error, Reason} -> {error, Reason}
|
|
|
|
end,
|
|
|
|
|
|
|
|
Data = CurData#{<<"email">> => Email, <<"name">> => Name,
|
|
|
|
<<"description">> => Desc},
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
storage:write(?USERSBUCK, User, Data, Metadata).
|
2024-08-06 19:17:35 -04:00
|
|
|
|
|
|
|
-doc """
|
|
|
|
Delete an existing user from the database.
|
|
|
|
|
|
|
|
```
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec delete(User) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
```
|
|
|
|
""".
|
2024-08-15 16:27:02 -04:00
|
|
|
-spec delete(User) -> ok | {error, Reason} when
|
2024-08-06 19:17:35 -04:00
|
|
|
User :: binary(),
|
|
|
|
Reason :: term().
|
|
|
|
|
2024-08-15 16:27:02 -04:00
|
|
|
delete(User) ->
|
2024-08-06 19:17:35 -04:00
|
|
|
% We are missing the cleanup of the cookies
|
|
|
|
% here. For that, we need to add at least another
|
|
|
|
% API to the storage layer.
|
2024-08-15 17:00:06 -04:00
|
|
|
storage:delete(?USERSBUCK, User).
|
|
|
|
|
|
|
|
-doc """
|
|
|
|
Get the authentication cookies from a cowboy request.
|
|
|
|
|
|
|
|
Spec:
|
|
|
|
|
|
|
|
```
|
|
|
|
-spec auth_cookies(Req) -> {User, Cookie} when
|
|
|
|
Req :: cowboy_req:req(),
|
|
|
|
User :: binary(),
|
|
|
|
Cookie :: binary().
|
|
|
|
```
|
|
|
|
""".
|
|
|
|
-spec auth_cookies(Req) -> {User, Cookie} when
|
|
|
|
Req :: cowboy_req:req(),
|
|
|
|
User :: binary(),
|
|
|
|
Cookie :: binary().
|
|
|
|
|
|
|
|
auth_cookies(Req) ->
|
|
|
|
#{dudeauth := Cookie, dudename := User} = cowboy_req:match_cookies([dudeauth,
|
|
|
|
dudename], Req),
|
|
|
|
|
|
|
|
{User, Cookie}.
|