2024-07-26 18:57:34 -05:00
|
|
|
%
|
|
|
|
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
|
|
|
|
%
|
|
|
|
% Permission to use, copy, modify, and distribute this software for any
|
|
|
|
% purpose with or without fee is hereby granted, provided that the above
|
|
|
|
% copyright notice and this permission notice appear in all copies.
|
|
|
|
%
|
|
|
|
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
%
|
2024-08-04 06:54:46 -05:00
|
|
|
-module(dudeswave_user_handler).
|
2024-07-26 18:57:34 -05:00
|
|
|
-moduledoc """
|
2024-08-04 06:54:46 -05:00
|
|
|
JSON API to manage users.
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
The username is passed in a cookie. The handler recover it from the
|
|
|
|
session. Cookies are:
|
2024-08-06 18:17:35 -05:00
|
|
|
|
|
|
|
```
|
2024-08-09 17:35:53 -05:00
|
|
|
dudename: the actual username
|
|
|
|
dudeauth: the authentication cookie
|
2024-08-06 18:17:35 -05:00
|
|
|
```
|
|
|
|
|
|
|
|
If the session is not valid, all the requests will return `403 Forbidden` to
|
|
|
|
the client. In case a technical problem occurs, `500 Internal Server Error`
|
|
|
|
is returned.
|
|
|
|
|
|
|
|
This module accepts four methods:
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
- GET /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
Retrieve user's details. However, this call requires the user to have
|
|
|
|
a valid cookie set. Not suitable for a public page.
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
- POST /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
Update user's details, like their name, description and whatnot.
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
- DELETE /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
Remove a user forever. The data is delete immediately. However,
|
|
|
|
it's content is left up there. Probably a specific option will be added
|
|
|
|
later. This request does not have a body. The call deletes the user
|
|
|
|
immediately, however we return `202 Accepted` in case of success,
|
|
|
|
for the simple reason that we may make the call asynchronous
|
|
|
|
to remove additional content in background.
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
- PUT /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
Register a user. The registration takes only three parameter: username,
|
|
|
|
password and e-mail. The e-mail is required if a confirmation message
|
|
|
|
is to be sent. The plan is to have a separate process handle this, so the
|
|
|
|
API just need to set the proper value for the user's `status` in it's metadata.
|
|
|
|
|
|
|
|
JSON APIs
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
GET /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-09 17:35:53 -05:00
|
|
|
Response body:
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
```
|
|
|
|
{
|
2024-08-07 17:10:45 -05:00
|
|
|
"user" : "foo",
|
2024-08-06 18:17:35 -05:00
|
|
|
"email": "foo@example.com",
|
|
|
|
"description": "A wonderful user",
|
|
|
|
"name": "Fantastic Foo"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Response codes:
|
|
|
|
|
|
|
|
- 200 OK (Success)
|
|
|
|
- 404 Not Found
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
PUT /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
|
|
|
|
```
|
|
|
|
{
|
|
|
|
"email": "foo@example.com",
|
|
|
|
"password": "123456"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Response codes:
|
|
|
|
|
|
|
|
- 201 Created
|
|
|
|
- 400 Bad Request
|
|
|
|
- 409 Conflict (User already exists)
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
POST /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
|
|
|
|
```
|
|
|
|
{
|
|
|
|
"email": "foo@example.com",
|
|
|
|
"description": "A wonderful user",
|
|
|
|
"name": "Fantastic Foo"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Response codes:
|
|
|
|
|
|
|
|
- 200 OK
|
|
|
|
- 400 Bad Request
|
|
|
|
- 404 Not Found
|
|
|
|
|
2024-08-09 15:37:47 -05:00
|
|
|
DELETE /api/v1/user
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-09 17:35:53 -05:00
|
|
|
Response codes:
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
- 202 Accepted
|
|
|
|
- 404 Not Found
|
|
|
|
|
2024-07-26 18:57:34 -05:00
|
|
|
""".
|
|
|
|
|
|
|
|
-behaviour(cowboy_handler).
|
|
|
|
|
|
|
|
-export([init/2, terminate/3]).
|
|
|
|
|
|
|
|
%
|
|
|
|
% Callbacks exports
|
|
|
|
%
|
2024-08-06 18:17:35 -05:00
|
|
|
-export([allowed_methods/2, content_types_provided/2,
|
|
|
|
content_types_accepted/2, known_methods/2, is_authorized/2,
|
|
|
|
forbidden/2, resource_exists/2, is_conflict/2, previously_existed/2,
|
|
|
|
allow_missing_post/2, delete_resource/2, create_user/2, modify_user/2,
|
|
|
|
delete_completed/2, user_details/2]).
|
2024-07-26 18:57:34 -05:00
|
|
|
|
|
|
|
%
|
2024-08-06 18:17:35 -05:00
|
|
|
% Cowboy standard callbacks
|
2024-07-26 18:57:34 -05:00
|
|
|
%
|
|
|
|
|
|
|
|
init(Req, State) ->
|
|
|
|
{cowboy_rest, Req, State}.
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
known_methods(Req, State) ->
|
|
|
|
{[<<"POST">>, <<"PUT">>, <<"DELETE">>, <<"GET">>], Req, State}.
|
|
|
|
|
2024-07-26 18:57:34 -05:00
|
|
|
allowed_methods(Req, State) ->
|
2024-08-06 18:17:35 -05:00
|
|
|
{[<<"POST">>, <<"PUT">>, <<"DELETE">>, <<"GET">>], Req, State}.
|
|
|
|
|
|
|
|
is_authorized(Req, State) -> {true, Req, State}.
|
|
|
|
|
|
|
|
forbidden(Req, State) ->
|
|
|
|
case cowboy_req:method(Req) of
|
|
|
|
<<"PUT">> ->
|
|
|
|
{false, Req, State};
|
|
|
|
_ ->
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudeauth := Auth, dudename := User} = cowboy_req:match_cookies([dudeauth,
|
|
|
|
dudename], Req),
|
2024-08-06 18:17:35 -05:00
|
|
|
{ok, Bucket} = maps:find(cookies, State),
|
|
|
|
|
2024-08-11 15:56:11 -05:00
|
|
|
case dudeswave_auth:authenticate(User, Auth, Bucket) of
|
2024-08-11 15:49:48 -05:00
|
|
|
{error, service_unavailable} ->
|
2024-08-12 16:00:26 -05:00
|
|
|
{true, Req, State};
|
2024-08-09 17:35:53 -05:00
|
|
|
true ->
|
2024-08-12 16:00:26 -05:00
|
|
|
{false, Req, State};
|
2024-08-06 18:17:35 -05:00
|
|
|
false -> {true, Req, State}
|
|
|
|
end
|
|
|
|
end.
|
2024-07-26 18:57:34 -05:00
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
content_types_provided(Req, State) ->
|
|
|
|
case cowboy_req:method(Req) of
|
|
|
|
<<"PUT">> ->
|
|
|
|
{[{<<"application/json">>, create_user}], Req, State};
|
|
|
|
<<"POST">> ->
|
|
|
|
{[{<<"application/json">>, modify_user}], Req, State};
|
|
|
|
<<"DELETE">> ->
|
|
|
|
{[{<<"application/json">>, delete_user}], Req, State};
|
|
|
|
<<"GET">> ->
|
|
|
|
{[{<<"application/json">>, user_details}], Req, State}
|
|
|
|
end.
|
2024-07-26 18:57:34 -05:00
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
content_types_accepted(Req, State) ->
|
|
|
|
case cowboy_req:method(Req) of
|
|
|
|
<<"PUT">> ->
|
|
|
|
{[{<<"application/json">>, create_user}], Req, State};
|
|
|
|
<<"POST">> ->
|
|
|
|
{[{<<"application/json">>, modify_user}], Req, State}
|
|
|
|
end.
|
2024-07-26 18:57:34 -05:00
|
|
|
|
|
|
|
resource_exists(Req, State) ->
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudename := User} = cowboy_req:match_cookies([dudename], Req),
|
2024-07-26 18:57:34 -05:00
|
|
|
{ok, Bucket} = maps:find(bucket, State),
|
|
|
|
|
2024-08-11 15:56:11 -05:00
|
|
|
case dudeswave_auth:details(User, Bucket) of
|
2024-08-12 16:00:26 -05:00
|
|
|
[] -> {false, Req, State};
|
|
|
|
{error, _} -> {false, Req, State};
|
2024-08-06 18:17:35 -05:00
|
|
|
Details ->
|
|
|
|
NewState = State#{
|
|
|
|
bucket => Bucket,
|
|
|
|
details => Details,
|
|
|
|
user_exists => true,
|
|
|
|
request => cowboy_req:method(Req)
|
|
|
|
},
|
|
|
|
{true, Req, NewState}
|
2024-07-26 18:57:34 -05:00
|
|
|
end.
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
previously_existed(Req, State) -> {false, Req, State}.
|
|
|
|
|
|
|
|
is_conflict(Req, #{user_exists := true, request := <<"PUT">>}) ->
|
|
|
|
{true, Req, []};
|
2024-07-26 18:57:34 -05:00
|
|
|
|
|
|
|
is_conflict(Req, State) -> {false, Req, State}.
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
allow_missing_post(Req, State) -> {false, Req, State}.
|
2024-08-02 18:13:47 -05:00
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
delete_resource(Req, State) ->
|
|
|
|
{ok, Bucket} = maps:find(bucket, State),
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudename := User} = cowboy_req:match_cookies([dudename], Req),
|
2024-08-02 18:13:47 -05:00
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
case dudeswave_auth:delete(User, Bucket) of
|
2024-08-12 16:00:26 -05:00
|
|
|
ok -> {true, Req, State};
|
|
|
|
{error, _} -> {false, Req, State}
|
2024-08-06 18:17:35 -05:00
|
|
|
end.
|
2024-07-26 18:57:34 -05:00
|
|
|
|
2024-08-09 17:35:53 -05:00
|
|
|
delete_completed(Req, State) -> {true, Req, State}.
|
2024-08-02 18:13:47 -05:00
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
%
|
|
|
|
% Custom callbacks
|
|
|
|
%
|
|
|
|
|
|
|
|
create_user(Req, State) ->
|
|
|
|
{ok, Bucket} = maps:find(bucket, State),
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudename := User} = cowboy_req:match_cookies([dudename], Req),
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-11 15:56:11 -05:00
|
|
|
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
|
|
|
#{<<"password">> := Pass, <<"email">> := Email} = json:decode(Data),
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-11 15:56:11 -05:00
|
|
|
case dudeswave_auth:new(User, Pass, Email, Bucket) of
|
2024-08-12 16:00:26 -05:00
|
|
|
ok -> {true, Req0, []};
|
|
|
|
{error, _} -> {false, Req0, State}
|
2024-08-06 18:17:35 -05:00
|
|
|
end.
|
|
|
|
|
|
|
|
modify_user(Req, State) ->
|
|
|
|
{ok, Bucket} = maps:find(bucket, State),
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudename := User} = cowboy_req:match_cookies([dudename], Req),
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-11 15:56:11 -05:00
|
|
|
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
2024-08-06 18:17:35 -05:00
|
|
|
#{<<"email">> := Email, <<"description">> := Desc,
|
2024-08-11 15:56:11 -05:00
|
|
|
<<"name">> := Name} = json:decode(Data),
|
2024-08-06 18:17:35 -05:00
|
|
|
|
|
|
|
case dudeswave_auth:update(User, Name, Email, Desc, Bucket) of
|
2024-08-12 16:00:26 -05:00
|
|
|
ok -> {true, Req0, []};
|
|
|
|
{error, _} -> {false, Req0, State}
|
2024-07-26 18:57:34 -05:00
|
|
|
end.
|
|
|
|
|
2024-08-06 18:17:35 -05:00
|
|
|
user_details(Req, State) ->
|
|
|
|
#{details := Details} = State,
|
2024-08-09 15:37:47 -05:00
|
|
|
#{dudename := User} = cowboy_req:match_cookies([dudename], Req),
|
|
|
|
Data = Details#{user => User},
|
2024-08-06 18:17:35 -05:00
|
|
|
|
2024-08-07 17:10:45 -05:00
|
|
|
{iolist_to_binary(json:encode(Data)), Req, State}.
|
2024-08-06 18:17:35 -05:00
|
|
|
|
|
|
|
%
|
|
|
|
% gen_server callbacks
|
|
|
|
%
|
|
|
|
|
2024-07-26 18:57:34 -05:00
|
|
|
terminate(_Reason, _Req, _State) -> ok.
|