Compare commits

...

7 Commits

Author SHA1 Message Date
absc eb58109292 Add the macros file. 2024-08-15 22:03:30 +00:00
absc 861f3e0258 Use macros for the cookie names. 2024-08-15 22:02:57 +00:00
absc 812b182499 Abstract updating user informations. 2024-08-15 21:59:35 +00:00
absc bbb44f9337 Make reading the registration data a more abstract operation. 2024-08-15 21:54:41 +00:00
absc b3cdc8ee45 Abstract reading the login data from the request. 2024-08-15 21:45:36 +00:00
absc f9d3c5fa4b Make indentation consistent. 2024-08-15 21:26:22 +00:00
absc a3f041cff7 Remove not needed newline. 2024-08-15 21:22:54 +00:00
4 changed files with 124 additions and 26 deletions

View File

@ -0,0 +1,23 @@
%
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
%
% Permission to use, copy, modify, and distribute this software for any
% purpose with or without fee is hereby granted, provided that the above
% copyright notice and this permission notice appear in all copies.
%
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
%
-define(APPBUCK, dudeswave).
-define(USERSBUCK, dudes).
-define(COOKIESBUCK, cookies).
-define(RANDBYTES, 32).
-define(DEFVALIDITY, 365).
-define(DUDENAME, "dudename").
-define(DUDEAUTH, "dudeauth").

View File

@ -26,7 +26,8 @@ from the dudeswave database.
-export([authenticate/2, details/1, new/3, -export([authenticate/2, details/1, new/3,
update/4, delete/1, logout/2, auth_cookies/1, invalidate_cookies/1, update/4, delete/1, logout/2, auth_cookies/1, invalidate_cookies/1,
set_auth_cookies/4]). set_auth_cookies/4, read_login_data/1, read_new_user_data/1,
read_update_user_data/1]).
-doc """ -doc """
Verify a session with an existing cookie. Verify a session with an existing cookie.
@ -262,8 +263,8 @@ Spec:
Cookie :: binary(). Cookie :: binary().
auth_cookies(Req) -> auth_cookies(Req) ->
#{dudeauth := Cookie, dudename := User} = cowboy_req:match_cookies([dudeauth, #{?DUDEAUTH := Cookie, ?DUDENAME := User} = cowboy_req:match_cookies([?DUDEAUTH,
dudename], Req), ?DUDENAME], Req),
{User, Cookie}. {User, Cookie}.
@ -286,9 +287,9 @@ completely invalidated.
Req0 :: cowboy_req:req(). Req0 :: cowboy_req:req().
invalidate_cookies(Req) -> invalidate_cookies(Req) ->
Req0 = cowboy_req:set_resp_cookie(<<"dudeauth">>, <<"">>, Req, Req0 = cowboy_req:set_resp_cookie(<<"?DUDEAUTH">>, <<"">>, Req,
#{max_age => 0}), #{max_age => 0}),
Req1 = cowboy_req:set_resp_cookie(<<"dudename">>, <<"">>, Req0, Req1 = cowboy_req:set_resp_cookie(<<"?DUDENAME">>, <<"">>, Req0,
#{max_age => 0}), #{max_age => 0}),
Req1. Req1.
@ -317,9 +318,89 @@ A new request object `Req0`is returned, with the user and auth cookies set.
Req0 :: cowboy_req:req(). Req0 :: cowboy_req:req().
set_auth_cookies(Req, User, Cookie, Validity) -> set_auth_cookies(Req, User, Cookie, Validity) ->
Req0 = cowboy_req:set_resp_cookie(<<"dudeauth">>, Cookie, Req, Req0 = cowboy_req:set_resp_cookie(<<"?DUDEAUTH">>, Cookie, Req,
#{max_age => Validity}), #{max_age => Validity}),
Req1 = cowboy_req:set_resp_cookie(<<"dudename">>, User, Req0, Req1 = cowboy_req:set_resp_cookie(<<"?DUDENAME">>, User, Req0,
#{max_age => Validity}), #{max_age => Validity}),
Req1. Req1.
-doc """
Spec:
```
-spec read_login_data(Req) -> {User, Pass, Req0} when
Req :: cowboy_req:req(),
User :: binary(),
Pass :: binary(),
Req0 :: cowboy_req:req().
```
Read the login details from the `Req` body and return `User` and `Password`.
""".
-spec read_login_data(Req) -> {User, Pass, Req0} when
Req :: cowboy_req:req(),
User :: binary(),
Pass :: binary(),
Req0 :: cowboy_req:req().
read_login_data(Req) ->
{ok, Data, Req0} = cowboy_req:read_body(Req),
#{<<"user">> := User, <<"password">> := Pass} = json:decode(Data),
{User, Pass, Req0}.
-doc """
Read new registration informations from the request
Spec:
```
-spec read_new_user_data(Req) -> {User, Pass, Email Req0} when
Req :: cowboy_req:req(),
User :: binary(),
Pass :: binary(),
Email :: binary(),
Req0 :: cowboy_req:req().
```
""".
-spec read_new_user_data(Req) -> {User, Pass, Email, Req0} when
Req :: cowboy_req:req(),
User :: binary(),
Pass :: binary(),
Email :: binary(),
Req0 :: cowboy_req:req().
read_new_user_data(Req) ->
{ok, Data, Req0} = cowboy_req:read_body(Req),
#{<<"user">> := User, <<"password">> := Pass,
<<"email">> := Email} = json:decode(Data),
{User, Pass, Email, Req0}.
-doc """
Update user informations.
Spec:
```
-spec read_update_user_data(Req) -> {Email, Desc, Name, Req0} when
Req :: cowboy_req:req(),
Email :: binary(),
Desc :: binary(),
Name :: binary(),
Req0 :: cowboy_req:req().
```
""".
-spec read_update_user_data(Req) -> {Email, Desc, Name, Req0} when
Req :: cowboy_req:req(),
Email :: binary(),
Desc :: binary(),
Name :: binary(),
Req0 :: cowboy_req:req().
read_update_user_data(Req) ->
{ok, Data, Req0} = cowboy_req:read_body(Req),
#{<<"email">> := Email, <<"description">> := Desc,
<<"name">> := Name} = json:decode(Data),
{Email, Desc, Name, Req0}.

View File

@ -117,7 +117,8 @@ resource_exists(Req, State) ->
case dudeswave_auth:details(User) of case dudeswave_auth:details(User) of
[] -> [] ->
{false, Req, State}; {false, Req, State};
{error, Reason} -> exit(Reason); {error, Reason} ->
exit(Reason);
_ -> _ ->
NewState = State#{ NewState = State#{
user_exists => true user_exists => true
@ -127,8 +128,7 @@ resource_exists(Req, State) ->
previously_existed(Req, State) -> {false, Req, State}. previously_existed(Req, State) -> {false, Req, State}.
is_conflict(Req, #{user_exists := true}) -> is_conflict(Req, #{user_exists := true}) -> {false, Req, []};
{false, Req, []};
is_conflict(Req, State) -> {true, Req, State}. is_conflict(Req, State) -> {true, Req, State}.
@ -151,8 +151,7 @@ delete_completed(Req, State) -> {false, Req, State}.
% %
login(Req, State) -> login(Req, State) ->
{ok, Data, Req0} = cowboy_req:read_body(Req), {User, Pass, Req0} = dudeswave_auth:read_login_data(Req),
#{<<"user">> := User, <<"password">> := Pass} = json:decode(Data),
case dudeswave_auth:authenticate(User, {password, Pass}) of case dudeswave_auth:authenticate(User, {password, Pass}) of
{true, Cookie, Validity} -> {true, Cookie, Validity} ->

View File

@ -76,6 +76,7 @@ PUT /api/v1/user
``` ```
{ {
"username": "foo",
"email": "foo@example.com", "email": "foo@example.com",
"password": "123456" "password": "123456"
} }
@ -148,10 +149,8 @@ forbidden(Req, State) ->
{User, Auth} = dudeswave_auth:auth_cookies(Req), {User, Auth} = dudeswave_auth:auth_cookies(Req),
case dudeswave_auth:authenticate(User, {cookie, Auth}) of case dudeswave_auth:authenticate(User, {cookie, Auth}) of
{error, service_unavailable} -> {error, service_unavailable} -> {true, Req, State};
{true, Req, State}; true -> {false, Req, State};
true ->
{false, Req, State};
false -> {true, Req, State} false -> {true, Req, State}
end end
end. end.
@ -180,8 +179,10 @@ resource_exists(Req, State) ->
{User, _} = dudeswave_auth:auth_cookies(Req), {User, _} = dudeswave_auth:auth_cookies(Req),
case dudeswave_auth:details(User) of case dudeswave_auth:details(User) of
[] -> {false, Req, State}; [] ->
{error, _} -> {false, Req, State}; {false, Req, State};
{error, _} ->
{false, Req, State};
Details -> Details ->
NewState = State#{ NewState = State#{
details => Details, details => Details,
@ -215,10 +216,7 @@ delete_completed(Req, State) -> {true, Req, State}.
% %
create_user(Req, State) -> create_user(Req, State) ->
{User, _} = dudeswave_auth:auth_cookies(Req), {User, Pass, Email, Req0} = dudeswave_auth:read_new_user_data(Req),
{ok, Data, Req0} = cowboy_req:read_body(Req),
#{<<"password">> := Pass, <<"email">> := Email} = json:decode(Data),
case dudeswave_auth:new(User, Pass, Email) of case dudeswave_auth:new(User, Pass, Email) of
ok -> {true, Req0, []}; ok -> {true, Req0, []};
@ -227,10 +225,7 @@ create_user(Req, State) ->
modify_user(Req, State) -> modify_user(Req, State) ->
{User, _} = dudeswave_auth:auth_cookies(Req), {User, _} = dudeswave_auth:auth_cookies(Req),
{Email, Desc, Name, Req0} = dudeswave_auth:read_update_user_data(Req),
{ok, Data, Req0} = cowboy_req:read_body(Req),
#{<<"email">> := Email, <<"description">> := Desc,
<<"name">> := Name} = json:decode(Data),
case dudeswave_auth:update(User, Name, Email, Desc) of case dudeswave_auth:update(User, Name, Email, Desc) of
ok -> {true, Req0, []}; ok -> {true, Req0, []};