Compare commits
No commits in common. "eb5810929299056cdbd411e2b2e1e500b7a5a9e4" and "38d8e297343ea8176d1997e3d856a05276a53f90" have entirely different histories.
eb58109292
...
38d8e29734
|
@ -1,23 +0,0 @@
|
||||||
%
|
|
||||||
% Copyright (c) 2024 Andrea Biscuola <a@abiscuola.com>
|
|
||||||
%
|
|
||||||
% Permission to use, copy, modify, and distribute this software for any
|
|
||||||
% purpose with or without fee is hereby granted, provided that the above
|
|
||||||
% copyright notice and this permission notice appear in all copies.
|
|
||||||
%
|
|
||||||
% THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
||||||
% WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
||||||
% MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
||||||
% ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
||||||
% WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
||||||
% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
||||||
% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
||||||
%
|
|
||||||
|
|
||||||
-define(APPBUCK, dudeswave).
|
|
||||||
-define(USERSBUCK, dudes).
|
|
||||||
-define(COOKIESBUCK, cookies).
|
|
||||||
-define(RANDBYTES, 32).
|
|
||||||
-define(DEFVALIDITY, 365).
|
|
||||||
-define(DUDENAME, "dudename").
|
|
||||||
-define(DUDEAUTH, "dudeauth").
|
|
|
@ -26,8 +26,7 @@ from the dudeswave database.
|
||||||
|
|
||||||
-export([authenticate/2, details/1, new/3,
|
-export([authenticate/2, details/1, new/3,
|
||||||
update/4, delete/1, logout/2, auth_cookies/1, invalidate_cookies/1,
|
update/4, delete/1, logout/2, auth_cookies/1, invalidate_cookies/1,
|
||||||
set_auth_cookies/4, read_login_data/1, read_new_user_data/1,
|
set_auth_cookies/4]).
|
||||||
read_update_user_data/1]).
|
|
||||||
|
|
||||||
-doc """
|
-doc """
|
||||||
Verify a session with an existing cookie.
|
Verify a session with an existing cookie.
|
||||||
|
@ -263,8 +262,8 @@ Spec:
|
||||||
Cookie :: binary().
|
Cookie :: binary().
|
||||||
|
|
||||||
auth_cookies(Req) ->
|
auth_cookies(Req) ->
|
||||||
#{?DUDEAUTH := Cookie, ?DUDENAME := User} = cowboy_req:match_cookies([?DUDEAUTH,
|
#{dudeauth := Cookie, dudename := User} = cowboy_req:match_cookies([dudeauth,
|
||||||
?DUDENAME], Req),
|
dudename], Req),
|
||||||
|
|
||||||
{User, Cookie}.
|
{User, Cookie}.
|
||||||
|
|
||||||
|
@ -287,9 +286,9 @@ completely invalidated.
|
||||||
Req0 :: cowboy_req:req().
|
Req0 :: cowboy_req:req().
|
||||||
|
|
||||||
invalidate_cookies(Req) ->
|
invalidate_cookies(Req) ->
|
||||||
Req0 = cowboy_req:set_resp_cookie(<<"?DUDEAUTH">>, <<"">>, Req,
|
Req0 = cowboy_req:set_resp_cookie(<<"dudeauth">>, <<"">>, Req,
|
||||||
#{max_age => 0}),
|
#{max_age => 0}),
|
||||||
Req1 = cowboy_req:set_resp_cookie(<<"?DUDENAME">>, <<"">>, Req0,
|
Req1 = cowboy_req:set_resp_cookie(<<"dudename">>, <<"">>, Req0,
|
||||||
#{max_age => 0}),
|
#{max_age => 0}),
|
||||||
|
|
||||||
Req1.
|
Req1.
|
||||||
|
@ -318,89 +317,9 @@ A new request object `Req0`is returned, with the user and auth cookies set.
|
||||||
Req0 :: cowboy_req:req().
|
Req0 :: cowboy_req:req().
|
||||||
|
|
||||||
set_auth_cookies(Req, User, Cookie, Validity) ->
|
set_auth_cookies(Req, User, Cookie, Validity) ->
|
||||||
Req0 = cowboy_req:set_resp_cookie(<<"?DUDEAUTH">>, Cookie, Req,
|
Req0 = cowboy_req:set_resp_cookie(<<"dudeauth">>, Cookie, Req,
|
||||||
#{max_age => Validity}),
|
#{max_age => Validity}),
|
||||||
Req1 = cowboy_req:set_resp_cookie(<<"?DUDENAME">>, User, Req0,
|
Req1 = cowboy_req:set_resp_cookie(<<"dudename">>, User, Req0,
|
||||||
#{max_age => Validity}),
|
#{max_age => Validity}),
|
||||||
|
|
||||||
Req1.
|
Req1.
|
||||||
|
|
||||||
-doc """
|
|
||||||
Spec:
|
|
||||||
|
|
||||||
```
|
|
||||||
-spec read_login_data(Req) -> {User, Pass, Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
User :: binary(),
|
|
||||||
Pass :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
```
|
|
||||||
Read the login details from the `Req` body and return `User` and `Password`.
|
|
||||||
""".
|
|
||||||
-spec read_login_data(Req) -> {User, Pass, Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
User :: binary(),
|
|
||||||
Pass :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
|
|
||||||
read_login_data(Req) ->
|
|
||||||
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
|
||||||
#{<<"user">> := User, <<"password">> := Pass} = json:decode(Data),
|
|
||||||
|
|
||||||
{User, Pass, Req0}.
|
|
||||||
|
|
||||||
-doc """
|
|
||||||
Read new registration informations from the request
|
|
||||||
|
|
||||||
Spec:
|
|
||||||
|
|
||||||
```
|
|
||||||
-spec read_new_user_data(Req) -> {User, Pass, Email Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
User :: binary(),
|
|
||||||
Pass :: binary(),
|
|
||||||
Email :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
```
|
|
||||||
""".
|
|
||||||
-spec read_new_user_data(Req) -> {User, Pass, Email, Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
User :: binary(),
|
|
||||||
Pass :: binary(),
|
|
||||||
Email :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
|
|
||||||
read_new_user_data(Req) ->
|
|
||||||
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
|
||||||
#{<<"user">> := User, <<"password">> := Pass,
|
|
||||||
<<"email">> := Email} = json:decode(Data),
|
|
||||||
|
|
||||||
{User, Pass, Email, Req0}.
|
|
||||||
|
|
||||||
-doc """
|
|
||||||
Update user informations.
|
|
||||||
|
|
||||||
Spec:
|
|
||||||
|
|
||||||
```
|
|
||||||
-spec read_update_user_data(Req) -> {Email, Desc, Name, Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
Email :: binary(),
|
|
||||||
Desc :: binary(),
|
|
||||||
Name :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
```
|
|
||||||
""".
|
|
||||||
-spec read_update_user_data(Req) -> {Email, Desc, Name, Req0} when
|
|
||||||
Req :: cowboy_req:req(),
|
|
||||||
Email :: binary(),
|
|
||||||
Desc :: binary(),
|
|
||||||
Name :: binary(),
|
|
||||||
Req0 :: cowboy_req:req().
|
|
||||||
|
|
||||||
read_update_user_data(Req) ->
|
|
||||||
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
|
||||||
#{<<"email">> := Email, <<"description">> := Desc,
|
|
||||||
<<"name">> := Name} = json:decode(Data),
|
|
||||||
|
|
||||||
{Email, Desc, Name, Req0}.
|
|
|
@ -117,8 +117,7 @@ resource_exists(Req, State) ->
|
||||||
case dudeswave_auth:details(User) of
|
case dudeswave_auth:details(User) of
|
||||||
[] ->
|
[] ->
|
||||||
{false, Req, State};
|
{false, Req, State};
|
||||||
{error, Reason} ->
|
{error, Reason} -> exit(Reason);
|
||||||
exit(Reason);
|
|
||||||
_ ->
|
_ ->
|
||||||
NewState = State#{
|
NewState = State#{
|
||||||
user_exists => true
|
user_exists => true
|
||||||
|
@ -128,7 +127,8 @@ resource_exists(Req, State) ->
|
||||||
|
|
||||||
previously_existed(Req, State) -> {false, Req, State}.
|
previously_existed(Req, State) -> {false, Req, State}.
|
||||||
|
|
||||||
is_conflict(Req, #{user_exists := true}) -> {false, Req, []};
|
is_conflict(Req, #{user_exists := true}) ->
|
||||||
|
{false, Req, []};
|
||||||
|
|
||||||
is_conflict(Req, State) -> {true, Req, State}.
|
is_conflict(Req, State) -> {true, Req, State}.
|
||||||
|
|
||||||
|
@ -151,7 +151,8 @@ delete_completed(Req, State) -> {false, Req, State}.
|
||||||
%
|
%
|
||||||
|
|
||||||
login(Req, State) ->
|
login(Req, State) ->
|
||||||
{User, Pass, Req0} = dudeswave_auth:read_login_data(Req),
|
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
||||||
|
#{<<"user">> := User, <<"password">> := Pass} = json:decode(Data),
|
||||||
|
|
||||||
case dudeswave_auth:authenticate(User, {password, Pass}) of
|
case dudeswave_auth:authenticate(User, {password, Pass}) of
|
||||||
{true, Cookie, Validity} ->
|
{true, Cookie, Validity} ->
|
||||||
|
|
|
@ -76,7 +76,6 @@ PUT /api/v1/user
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
"username": "foo",
|
|
||||||
"email": "foo@example.com",
|
"email": "foo@example.com",
|
||||||
"password": "123456"
|
"password": "123456"
|
||||||
}
|
}
|
||||||
|
@ -149,8 +148,10 @@ forbidden(Req, State) ->
|
||||||
{User, Auth} = dudeswave_auth:auth_cookies(Req),
|
{User, Auth} = dudeswave_auth:auth_cookies(Req),
|
||||||
|
|
||||||
case dudeswave_auth:authenticate(User, {cookie, Auth}) of
|
case dudeswave_auth:authenticate(User, {cookie, Auth}) of
|
||||||
{error, service_unavailable} -> {true, Req, State};
|
{error, service_unavailable} ->
|
||||||
true -> {false, Req, State};
|
{true, Req, State};
|
||||||
|
true ->
|
||||||
|
{false, Req, State};
|
||||||
false -> {true, Req, State}
|
false -> {true, Req, State}
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
@ -179,10 +180,8 @@ resource_exists(Req, State) ->
|
||||||
{User, _} = dudeswave_auth:auth_cookies(Req),
|
{User, _} = dudeswave_auth:auth_cookies(Req),
|
||||||
|
|
||||||
case dudeswave_auth:details(User) of
|
case dudeswave_auth:details(User) of
|
||||||
[] ->
|
[] -> {false, Req, State};
|
||||||
{false, Req, State};
|
{error, _} -> {false, Req, State};
|
||||||
{error, _} ->
|
|
||||||
{false, Req, State};
|
|
||||||
Details ->
|
Details ->
|
||||||
NewState = State#{
|
NewState = State#{
|
||||||
details => Details,
|
details => Details,
|
||||||
|
@ -216,7 +215,10 @@ delete_completed(Req, State) -> {true, Req, State}.
|
||||||
%
|
%
|
||||||
|
|
||||||
create_user(Req, State) ->
|
create_user(Req, State) ->
|
||||||
{User, Pass, Email, Req0} = dudeswave_auth:read_new_user_data(Req),
|
{User, _} = dudeswave_auth:auth_cookies(Req),
|
||||||
|
|
||||||
|
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
||||||
|
#{<<"password">> := Pass, <<"email">> := Email} = json:decode(Data),
|
||||||
|
|
||||||
case dudeswave_auth:new(User, Pass, Email) of
|
case dudeswave_auth:new(User, Pass, Email) of
|
||||||
ok -> {true, Req0, []};
|
ok -> {true, Req0, []};
|
||||||
|
@ -225,7 +227,10 @@ create_user(Req, State) ->
|
||||||
|
|
||||||
modify_user(Req, State) ->
|
modify_user(Req, State) ->
|
||||||
{User, _} = dudeswave_auth:auth_cookies(Req),
|
{User, _} = dudeswave_auth:auth_cookies(Req),
|
||||||
{Email, Desc, Name, Req0} = dudeswave_auth:read_update_user_data(Req),
|
|
||||||
|
{ok, Data, Req0} = cowboy_req:read_body(Req),
|
||||||
|
#{<<"email">> := Email, <<"description">> := Desc,
|
||||||
|
<<"name">> := Name} = json:decode(Data),
|
||||||
|
|
||||||
case dudeswave_auth:update(User, Name, Email, Desc) of
|
case dudeswave_auth:update(User, Name, Email, Desc) of
|
||||||
ok -> {true, Req0, []};
|
ok -> {true, Req0, []};
|
||||||
|
|
Loading…
Reference in New Issue