Enter the user handler API.

For now it handles PUTs, to create new users. It's still a
partial implementation and there is no documentation yet.

POST, PATCH and DELETE will arrive later to handle other users
operations.
main
absc 2024-07-27 01:57:34 +02:00
parent 285f4ad402
commit 895e0a5330
4 changed files with 90 additions and 1 deletions

View File

@ -1,7 +1,8 @@
{application,dudeswave, {application,dudeswave,
[{description,"The dudeswave web experience"}, [{description,"The dudeswave web experience"},
{vsn,"1.0.0"}, {vsn,"1.0.0"},
{modules,[dudeswave,dudeswave_app,dudeswave_handler,dudeswave_supervisor]}, {modules,[dudeswave,dudeswave_app,dudeswave_handler,
dudeswave_user_handler,dudeswave_supervisor]},
{registered,[]}, {registered,[]},
{applications,[kernel,stdlib,erts,cowboy,ranch]}, {applications,[kernel,stdlib,erts,cowboy,ranch]},
{mod,{dudeswave_app,[]}}, {mod,{dudeswave_app,[]}},

View File

@ -5,6 +5,7 @@ ERLC?= erlc -server
OBJS= dudeswave.beam dudeswave_app.beam OBJS= dudeswave.beam dudeswave_app.beam
OBJS+= dudeswave_supervisor.beam dudeswave_handler.beam OBJS+= dudeswave_supervisor.beam dudeswave_handler.beam
OBJS+= dudeswave_user_handler.beam
all: ${OBJS} all: ${OBJS}

View File

@ -42,6 +42,7 @@ start(_Type, StartArgs) ->
end, end,
Dispatch = cowboy_router:compile([ Dispatch = cowboy_router:compile([
{'_', [{"/user", dudeswave_user_handler, #{bucket => ?USERSBUCKET}}]},
{'_', [{"/", dudeswave_handler, #{bucket => ?APPBUCKET}}]} {'_', [{"/", dudeswave_handler, #{bucket => ?APPBUCKET}}]}
]), ]),

View File

@ -0,0 +1,86 @@
%
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
%
% Permission to use, copy, modify, and distribute this software for any
% purpose with or without fee is hereby granted, provided that the above
% copyright notice and this permission notice appear in all copies.
%
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
%
-module(dudeswave_register_handler).
-moduledoc """
Register a new user.
""".
-behaviour(cowboy_handler).
-export([init/2, terminate/3]).
%
% Callbacks exports
%
-export([allowed_methods/2, content_types_accepted/2,
known_methods/2, resource_exists/2, is_conflict/2,
create_user/2]).
-include_lib("storage/include/storage.hrl").
-define(RANDBYTES, 32).
%
% Protocol functions
%
init(Req, State) ->
{cowboy_rest, Req, State}.
allowed_methods(Req, State) ->
{[<<"PUT">>], Req, State}.
content_types_accepted(Req, State) ->
{[{{ <<"application">>, <<"json">>, '*'}, create_user}], Req, State}.
known_methods(Req, State) ->
{[<<"PUT">>], Req, State}.
resource_exists(Req, State) ->
{ok, Bucket} = maps:find(bucket, State),
case cowboy:read_body(Req, #{period => 5000, length => 8192}) of
{ok, Body, NewReq} ->
#{<<"name">> := Name, <<"password">> := Pass,
<<"user">> := User} = json:decode(Body),
case storage:read(Bucket, User) of
{ok, [_R]} ->
{true, NewReq, user_exists};
{ok, []} ->
{false, NewReq, {Bucket, [{name, Name},
{username, User},{password, Pass}]}}
end
end.
is_conflict(Req, user_exists) -> {true, Req, []};
is_conflict(Req, State) -> {false, Req, State}.
create_user(Req, {Bucket, [{name, Name}, {username, User}, {password, Pass}]}) ->
Salt = rand:bytes(32),
SaltedPW = <<Pass/binary, Salt/binary>>,
Hash = crypto:hash(sha256, SaltedPW),
case storage:write(Bucket, User, Hash, [{salt, Salt}, {name, Name}]) of
ok ->
{true, Req, []};
{error, Reason} ->
{false, Req, Reason}
end.
terminate(_Reason, _Req, _State) -> ok.