Compare commits
5 Commits
eb58109292
...
45b5bc3d2d
Author | SHA1 | Date |
---|---|---|
absc | 45b5bc3d2d | |
absc | 18a430614f | |
absc | e95e91b645 | |
absc | ae07951cd2 | |
absc | 1ca3e1f4ef |
|
@ -18,8 +18,6 @@
|
|||
|
||||
-export([bootstrap/3, start/2, stop/1]).
|
||||
|
||||
-include_lib("dudeswave/include/defines.hrl").
|
||||
|
||||
start(_Type, StartArgs) ->
|
||||
crypto:rand_seed(),
|
||||
|
||||
|
@ -38,6 +36,7 @@ start(_Type, StartArgs) ->
|
|||
|
||||
Dispatch = cowboy_router:compile([
|
||||
{'_', [
|
||||
{"/api/v1/auth", dudeswave_auth_handler, #{}},
|
||||
{"/api/v1/user", dudeswave_user_handler, #{}},
|
||||
{"/", dudeswave_handler, #{}}
|
||||
]}
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
-moduledoc """
|
||||
Dudes users management module.
|
||||
|
||||
Here lives all the functions needed to create, update and delete users
|
||||
from the dudeswave database.
|
||||
Here lives all the functions for the APIs needed to create, update and delete
|
||||
users from the dudeswave database.
|
||||
""".
|
||||
|
||||
-include_lib("dudeswave/include/defines.hrl").
|
||||
|
@ -59,7 +59,7 @@ authenticate(User, {cookie, Cookie}) ->
|
|||
{ok, [R]} ->
|
||||
CurTime = calendar:now_to_universal_time(erlang:timestamp()),
|
||||
CookieTime = R#object.value,
|
||||
CookieUser = lists:keyfind(user, 1, R#object.metadata),
|
||||
{user, CookieUser} = proplists:lookup(user, R#object.metadata),
|
||||
|
||||
if
|
||||
CookieTime >= CurTime ->
|
||||
|
@ -83,11 +83,14 @@ authenticate(User, {password, Password}) ->
|
|||
erlang:system_time(seconds) + ?DEFVALIDITY * 86400
|
||||
end,
|
||||
|
||||
{ok, Hash} = lists:keyfind(hash, 1, R#object.metadata),
|
||||
{ok, Salt} = lists:keyfind(salt, 1, R#object.metadata),
|
||||
{hash, Hash} = proplists:lookup(hash, R#object.metadata),
|
||||
{salt, Salt} = proplists:lookup(salt, R#object.metadata),
|
||||
{approved, Appr} = proplists:lookup(approved, R#object.metadata),
|
||||
|
||||
Auth = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
|
||||
|
||||
if
|
||||
Appr =/= true -> false;
|
||||
Auth =:= Hash ->
|
||||
Cookie = base64:encode(rand:bytes(64)),
|
||||
case storage:write(?COOKIESBUCK, <<Cookie/binary>>,
|
||||
|
@ -123,7 +126,7 @@ Invalidate and delete `Cookie` associated with `User` from the system.
|
|||
logout(User, Cookie) ->
|
||||
case storage:read(?COOKIESBUCK, Cookie) of
|
||||
{ok, [R]} ->
|
||||
{user, User} = lists:keyfind(user, 1, R#object.metadata),
|
||||
{user, User} = proplists:lookup(user, R#object.metadata),
|
||||
storage:delete(?COOKIESBUCK, Cookie);
|
||||
{ok, []} ->
|
||||
{error, not_found};
|
||||
|
@ -171,8 +174,7 @@ Spec:
|
|||
The `User` is created, and stored in the application's users bucket
|
||||
`Password` is salted and hashed with SHA256 before being stored.
|
||||
|
||||
The new user is saved with a metadata `status` of `waiting_confirmation`,
|
||||
based on the application settings, the confirmation method may vary.
|
||||
The new user is saved with a metadata `approved` of `false`,
|
||||
""".
|
||||
-spec new(User, Password, Email) -> ok | {error, Reason} when
|
||||
User :: binary(),
|
||||
|
@ -185,7 +187,7 @@ new(User, Password, Email) ->
|
|||
Hash = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
|
||||
|
||||
Data = #{<<"email">> => Email},
|
||||
Metadata = [{salt, Salt}, {hash, Hash}, {status, waiting_confirmation}],
|
||||
Metadata = [{salt, Salt}, {hash, Hash}, {approved, false}],
|
||||
|
||||
storage:write(?USERSBUCK, User, Data, Metadata).
|
||||
|
||||
|
@ -295,7 +297,7 @@ invalidate_cookies(Req) ->
|
|||
Req1.
|
||||
|
||||
-doc """
|
||||
Set the authentication cookies for the provided clien request
|
||||
Set the authentication cookies for the provided client request
|
||||
|
||||
Spec:
|
||||
|
||||
|
|
|
@ -17,14 +17,6 @@
|
|||
-moduledoc """
|
||||
JSON API to manage users.
|
||||
|
||||
The username is passed in a cookie. The handler recover it from the
|
||||
session. Cookies are:
|
||||
|
||||
```
|
||||
dudename: the actual username
|
||||
dudeauth: the authentication cookie
|
||||
```
|
||||
|
||||
If the session is not valid, all the requests will return `403 Forbidden` to
|
||||
the client. In case a technical problem occurs, `500 Internal Server Error`
|
||||
is returned.
|
||||
|
|
Loading…
Reference in New Issue