Enter the user handler API.

For now it handles PUTs, to create new users. It's still a
partial implementation and there is no documentation yet.

POST, PATCH and DELETE will arrive later to handle other users
operations.

dudeswave/ebin/dudeswave.app

@@ -1,7 +1,8 @@
 {application,dudeswave,
              [{description,"The dudeswave web experience"},
               {vsn,"1.0.0"},
-              {modules,[dudeswave,dudeswave_app,dudeswave_handler,dudeswave_supervisor]},
+              {modules,[dudeswave,dudeswave_app,dudeswave_handler,
+                  dudeswave_user_handler,dudeswave_supervisor]},
               {registered,[]},
               {applications,[kernel,stdlib,erts,cowboy,ranch]},
               {mod,{dudeswave_app,[]}},

dudeswave/src/Makefile

@@ -5,6 +5,7 @@ ERLC?=	erlc -server
 
 OBJS=	dudeswave.beam dudeswave_app.beam
 OBJS+=	dudeswave_supervisor.beam dudeswave_handler.beam
+OBJS+=	dudeswave_user_handler.beam
 
 all: ${OBJS}
 

dudeswave/src/dudeswave_app.erl

@@ -42,6 +42,7 @@ start(_Type, StartArgs) ->
 	end,
 
 	Dispatch = cowboy_router:compile([
+	    {'_', [{"/user", dudeswave_user_handler, #{bucket => ?USERSBUCKET}}]},
 	    {'_', [{"/", dudeswave_handler, #{bucket => ?APPBUCKET}}]}
 	]),
 

dudeswave/src/dudeswave_user_handler.erl

@@ -0,0 +1,86 @@
+%
+% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
+%
+% Permission to use, copy, modify, and distribute this software for any
+% purpose with or without fee is hereby granted, provided that the above
+% copyright notice and this permission notice appear in all copies.
+%
+% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+%
+-module(dudeswave_register_handler).
+-moduledoc """
+Register a new user.
+""".
+
+-behaviour(cowboy_handler).
+
+-export([init/2, terminate/3]).
+
+%
+% Callbacks exports
+%
+-export([allowed_methods/2, content_types_accepted/2,
+     known_methods/2, resource_exists/2, is_conflict/2,
+     create_user/2]).
+
+
+-include_lib("storage/include/storage.hrl").
+
+-define(RANDBYTES, 32).
+
+%
+% Protocol functions
+%
+
+init(Req, State) ->
+	{cowboy_rest, Req, State}.
+
+allowed_methods(Req, State) ->
+	{[<<"PUT">>], Req, State}.
+
+content_types_accepted(Req, State) ->
+	 {[{{ <<"application">>, <<"json">>, '*'}, create_user}], Req, State}.
+
+known_methods(Req, State) ->
+	{[<<"PUT">>], Req, State}.
+
+resource_exists(Req, State) ->
+	{ok, Bucket} = maps:find(bucket, State),
+
+	case cowboy:read_body(Req, #{period => 5000, length => 8192}) of
+		{ok, Body, NewReq} ->
+			#{<<"name">> := Name, <<"password">> := Pass,
+			    <<"user">> := User} = json:decode(Body),
+
+			case storage:read(Bucket, User) of
+				{ok, [_R]} ->
+					{true, NewReq, user_exists};
+				{ok, []} ->
+					{false, NewReq, {Bucket, [{name, Name},
+					    {username, User},{password, Pass}]}}
+			end
+	end.
+
+is_conflict(Req, user_exists) -> {true, Req, []};
+
+is_conflict(Req, State) -> {false, Req, State}.
+
+create_user(Req, {Bucket, [{name, Name}, {username, User}, {password, Pass}]}) ->
+	Salt = rand:bytes(32),
+	SaltedPW = <<Pass/binary, Salt/binary>>,
+	Hash = crypto:hash(sha256, SaltedPW),
+
+	case storage:write(Bucket, User, Hash, [{salt, Salt}, {name, Name}]) of
+		ok ->
+			{true, Req, []};
+		{error, Reason} ->
+			{false, Req, Reason}
+	end.
+
+terminate(_Reason, _Req, _State) -> ok.