wip

(#18 ) Creating tokens
#20 Update privacy settings on channels (#22 )
2018-08-28 22:24:54 +03:00 · 2018-08-28 22:16:13 +03:00 · 2018-08-15 23:25:06 +03:00 · 2018-08-15 22:38:36 +03:00 · 2018-08-15 22:11:30 +03:00 · 2018-08-14 23:50:01 +03:00
13 changed files with 257 additions and 47 deletions
--- a/ebook-manager.cabal
+++ b/ebook-manager.cabal
@ -73,6 +73,7 @@ executable ebook-manager
                     , servant-server
                     , text
                     , transformers
                     , uuid
                     , wai
                     , warp
                     , x509
--- a/migrations/V1.1__Channel_visibility.sql
+++ b/migrations/V1.1__Channel_visibility.sql
@ -0,0 +1 @@
 alter table channels add column visibility text NOT NULL default 'Private';
--- a/migrations/V1.2__User_token.sql
+++ b/migrations/V1.2__User_token.sql
@ -0,0 +1 @@
 alter table users add column token text null;
--- a/src/API/Books.hs
+++ b/src/API/Books.hs
@ -21,9 +21,9 @@ import ClassyPrelude
 import Server.Auth
 import Servant.Auth as SA
 import Data.Aeson
 import API.Channels (JsonChannel(..))
 import Database.Book
 import Database.Channel
 import Database.Tag
 import Database
 import Control.Lens
 import Data.Generics.Product
@ -38,13 +38,15 @@ data JsonBook = JsonBook { identifier :: BookID
                         , contentType :: Text
                         , title :: Maybe Text
                         , description :: Maybe Text
-                         , channels :: [JsonChannel] }
+                         , channels :: [Text]
                         , tags :: [Text] }
              deriving (Generic, Show)
 data PostBook = PostBook { contentType :: Text
                         , title :: Maybe Text
                         , description :: Maybe Text
-                         , channels :: [JsonChannel] }
+                         , channels :: [Text]
                         , tags :: [Text] }
              deriving (Generic, Show)
@ -53,7 +55,7 @@ instance FromJSON JsonBook
 instance ToJSON PostBook
 instance FromJSON PostBook
-type API = Auth '[SA.BasicAuth, SA.JWT] SafeUser :> BaseAPI
+type API = Auth '[TokenCheck, SA.BasicAuth, SA.JWT] SafeUser :> BaseAPI
 type BaseAPI = "books" :> Get '[JSON] [JsonBook]
       :<|> "books" :> ReqBody '[JSON] PostBook :> Post '[JSON] JsonBook
@ -95,9 +97,9 @@ postBookMetaHandler auth PostBook{..} = flip requireLoggedIn auth $ \SafeUser{us
 putBookMetaHandler :: AuthResult SafeUser -> BookID -> JsonBook -> AppM JsonBook
-putBookMetaHandler auth bookId b@JsonBook{..}
+putBookMetaHandler auth bookId JsonBook{..}
  | bookId == identifier = requireBookOwner auth bookId $ \SafeUser{username=owner} ->
-        maybe (throwM err403) (const (return b)) =<< runDB (updateBook UpdateBook{..})
+        maybe (throwM err403) (return . view (super @JsonBook)) =<< runDB (updateBook UpdateBook{..})
  | otherwise = throwM err403
 listBooksHandler :: AuthResult SafeUser -> AppM [JsonBook]
@ -105,5 +107,6 @@ listBooksHandler = requireLoggedIn $ \user -> do
  runDB (usersBooks (view (field @"username") user) >>= mapM augment)
    where
      augment Book{identifier=bookId,contentType,title,description} = do
-        channels <- fmap (\Channel{..} -> JsonChannel{..}) <$> booksChannels bookId
+        channels <- fmap (view (field @"channel")) <$> booksChannels bookId
        tags <- fmap (view (field @"tag")) <$> booksTags bookId
        pure JsonBook{identifier=bookId,..}
--- a/src/API/Channels.hs
+++ b/src/API/Channels.hs
@ -11,6 +11,8 @@
 {-# Language FlexibleInstances #-}
 {-# Language TypeApplications #-}
 {-# Language DataKinds #-}
 {-# Language DuplicateRecordFields #-}
 {-# Language NamedFieldPuns #-}
 module API.Channels (API, handler, JsonChannel(..)) where
 import Servant
@ -25,18 +27,37 @@ import Data.Aeson
 import Control.Lens
 import Data.Generics.Product
-data JsonChannel = JsonChannel { channel :: Text } deriving (Show, Generic)
+data JsonChannel = JsonChannel { channel :: Text
                               , visibility :: Visibility }
                 deriving (Show, Generic)
 data UpdateChannel = UpdateChannel { identifier :: ChannelID
                                   , channel :: Text
                                   , visibility :: Visibility }
                 deriving (Show, Generic)
 instance ToJSON JsonChannel
 instance FromJSON JsonChannel
 instance ToJSON UpdateChannel
 instance FromJSON UpdateChannel
 type API = Auth '[SA.BasicAuth, SA.Cookie, SA.JWT] SafeUser :> BaseAPI
-type BaseAPI = "channels" :> ReqBody '[JSON] JsonChannel :> Put '[JSON] JsonChannel
+type BaseAPI = "channels" :> ReqBody '[JSON] JsonChannel :> Post '[JSON] UpdateChannel
          :<|> "channels" :> Capture "channel_id" ChannelID :> ReqBody '[JSON] UpdateChannel :> Put '[JSON] UpdateChannel
          :<|> "channels" :> Get '[JSON] [JsonChannel]
 handler :: ServerT API AppM
-handler user = newChannelHandler user :<|> listChannelsHandler user
+handler user = newChannelHandler user :<|> updateChannelHandler user :<|> listChannelsHandler user
 requireChannelOwner :: AuthResult SafeUser -> ChannelID -> (SafeUser -> AppM a) -> AppM a
 requireChannelOwner auth channelId f = flip requireLoggedIn auth $ \u@SafeUser{username} -> do
  unlessM (runDB . channelExists $ channelId) $ throwM err404
  runDB (isChannelOwner channelId username) >>= \o -> if o then f u else throwM err403
 updateChannelHandler :: AuthResult SafeUser -> ChannelID -> UpdateChannel -> AppM UpdateChannel
 updateChannelHandler auth channelId UpdateChannel{visibility} = requireChannelOwner auth channelId $ \_ -> do
  mChannel <- fmap toChannel <$> runDB (updateChannelPrivacy channelId visibility)
  maybe (throwM err403) return mChannel
 listChannelsHandler :: AuthResult SafeUser -> AppM [JsonChannel]
 listChannelsHandler = requireLoggedIn $ \user ->
@ -44,8 +65,11 @@ listChannelsHandler = requireLoggedIn $ \user ->
  -- use the 'channel' accessor somehow or export it
  fmap (\Channel{..} -> JsonChannel{..}) <$> runDB (userChannels (view (field @"username") user))
-newChannelHandler :: AuthResult SafeUser -> JsonChannel -> AppM JsonChannel
+newChannelHandler :: AuthResult SafeUser -> JsonChannel -> AppM UpdateChannel
-newChannelHandler auth ch@JsonChannel{..} = flip requireLoggedIn auth $ \user -> do
+newChannelHandler auth JsonChannel{..} = flip requireLoggedIn auth $ \user -> do
  $logInfo $ "Creating channel for user " <> pack (show user)
-  runDB (insertChannel (view (field @"username") user) channel)
+  mChannel <- fmap toChannel <$> runDB (insertChannel (view (field @"username") user) channel visibility)
-  return ch
+  maybe (throwM err403{errBody="Could not create the channel"}) return mChannel
 toChannel :: Channel -> UpdateChannel
 toChannel Channel{..} = UpdateChannel{..}
--- a/src/API/Users.hs
+++ b/src/API/Users.hs
@ -5,6 +5,8 @@
 {-# Language TypeOperators #-}
 {-# Language DuplicateRecordFields #-}
 {-# Language TypeApplications #-}
 {-# Language GeneralizedNewtypeDeriving #-}
 {-# Language NamedFieldPuns #-}
 module API.Users  where
 import Servant
@ -40,12 +42,16 @@ instance FromJSON RegisterStatus
 instance FromForm RegisterForm
 instance ToForm RegisterForm
 type API = Auth '[SA.BasicAuth, SA.JWT] SafeUser :> "login" :> Get '[JSON] LoginStatus
      :<|> "register" :> ReqBody '[JSON, FormUrlEncoded] RegisterForm :> Post '[JSON] RegisterStatus
      :<|> Auth '[SA.BasicAuth] SafeUser :> "token" :> Post '[JSON, PlainText] Token
 handler :: ServerT API AppM
-handler = loginHandler :<|> registerHandler
+handler = loginHandler :<|> registerHandler :<|> newTokenHandler
 newTokenHandler :: AuthResult SafeUser -> AppM Token
 newTokenHandler = requireLoggedIn $ \SafeUser{username} ->
  runDB (createToken username)
 loginHandler :: AuthResult SafeUser -> AppM LoginStatus
 loginHandler (Authenticated u) = return (LoginStatus (Just u))
--- a/src/Database.hs
+++ b/src/Database.hs
@ -11,6 +11,7 @@ module Database
  , fromRel
  , fromRels
  , toRel
  , transaction
  , SeldaT )
  where
@ -18,7 +19,7 @@ import Data.Generics.Product
 import Control.Lens (view)
 import Data.Pool (Pool, withResource)
 import Database.Selda.Backend (SeldaConnection, runSeldaT, SeldaT)
-import Database.Selda (query, select)
+import Database.Selda (query, select, transaction)
 import Database.Selda.Generic (gen, fromRel, fromRels, toRel)
 import ClassyPrelude
--- a/src/Database/Book.hs
+++ b/src/Database/Book.hs
@ -18,11 +18,17 @@ module Database.Book
  , BookID) where
 import ClassyPrelude
-import Database.Schema
+import Database.Schema (books, users, Username, Book(..), BookID(..), UserID, HashDigest(..))
 import Database
 import Database.Selda
 import Database.Selda.Generic
 import Control.Lens (view)
 import Data.Generics.Product
 import Database.Tag (booksTags, attachTag, clearTags)
 import Database.Channel (booksChannels, attachChannel, clearChannels)
 usersBooks :: (MonadSelda m, MonadMask m, MonadIO m) => Username -> m [Book]
 usersBooks username = fromRels <$> query q
  where
@ -64,7 +70,10 @@ data UpdateBook = UpdateBook { identifier :: BookID
                             , contentType :: Text
                             , title :: Maybe Text
                             , description :: Maybe Text
-                             , owner :: Username }
+                             , owner :: Username
                             , tags :: [Text]
                             , channels :: [Text] }
                deriving (Show, Generic)
 bookExists :: (MonadSelda m, MonadMask m, MonadIO m) => BookID -> m Bool
 bookExists identifier = not . null <$> query q
@ -87,17 +96,32 @@ bookOwner' identifier username = do
  return (userId :*: bookId)
 updateBook :: (MonadSelda m, MonadMask m, MonadIO m) => UpdateBook -> m (Maybe UpdateBook)
-updateBook book@UpdateBook{..} = do
+updateBook UpdateBook{..} = do
  clearTags identifier >> connectTags
  clearChannels identifier >> connectChannels
  updateBook'
  getUpdateBook identifier owner
  where
    connectTags = mapM_ (attachTag owner identifier) tags
    connectChannels = mapM_ (attachChannel owner identifier) channels
    updateBook' = do
      mUserId <- query (bookOwner' identifier owner)
-  forM (listToMaybe mUserId) $ \_userId -> do
+      forM_ (listToMaybe mUserId) $ \_userId -> do
        update_ (gen books) predicate (\b -> b `with` [ pContentType := literal contentType
                                                      , pTitle := literal title
                                                      , pDescription := literal description ])
    return book
  where
    _ :*: _ :*: pContentType :*: pTitle :*: pDescription :*: _ = selectors (gen books)
    predicate (bookId :*: _) = bookId .== literal identifier
 getUpdateBook :: (MonadMask m, MonadIO m, MonadSelda m) => BookID -> Username -> m (Maybe UpdateBook)
 getUpdateBook bookId username = do
  mBook <- getBook bookId username
  forM mBook $ \Book{..} -> do
    channels <- map (view (field @"channel")) <$> booksChannels bookId
    tags <- map (view (field @"tag")) <$> booksTags bookId
    return UpdateBook{owner=username,..}
 setContent :: (MonadSelda m, MonadMask m, MonadIO m) => BookID -> Username -> HashDigest -> m ()
 setContent identifier owner digest = do
  mOwner <- query (bookOwner' identifier owner)
--- a/src/Database/Channel.hs
+++ b/src/Database/Channel.hs
@ -1,8 +1,15 @@
 {-# Language TypeApplications #-}
 {-# Language DataKinds #-}
 {-# Language NamedFieldPuns #-}
 module Database.Channel
  ( userChannels
  , insertChannel
  , channelExists
  , isChannelOwner
  , updateChannelPrivacy
  , attachChannel
  , Visibility(..)
  , clearChannels
  , booksChannels
  , Channel(..)
  , ChannelID )
@ -12,30 +19,68 @@ import ClassyPrelude
 import Database.Schema
 import Database
 import Database.Selda
 import Database.Selda.Generic
 import Control.Monad.Trans.Maybe
 getChannel :: (MonadSelda m, MonadMask m, MonadIO m) => ChannelID -> m (Maybe Channel)
 getChannel identifier = listToMaybe . fromRels <$> query q
  where
    q = do
      ch@(channelId :*: _) <- select (gen channels)
      restrict (channelId .== literal identifier)
      return ch
 channelExists :: (MonadSelda m, MonadMask m, MonadIO m) => ChannelID -> m Bool
 channelExists identifier = not . null <$> getChannel identifier
 isChannelOwner :: (MonadSelda m, MonadIO m, MonadMask m) => ChannelID -> Username -> m Bool
 isChannelOwner identifier username = not . null <$> query q
  where
    q = do
      userId :*: _ :*: username' :*: _ <- select (gen users)
      channelId :*: _ :*: channelOwner :*: _ <- select (gen channels)
      restrict (userId .== channelOwner)
      restrict (username' .== literal username)
      restrict (channelId .== literal identifier)
      return channelId
 userChannels :: (MonadMask m, MonadIO m) => Username -> SeldaT m [Channel]
 userChannels username = fromRels <$> query q
  where
    q = do
      userId :*: _ :*: username' :*: _ <- select (gen users)
-      channel@(_ :*: _ :*: owner) <- select (gen channels)
+      channel@(_ :*: _ :*: owner :*: _) <- select (gen channels)
      restrict (owner .== userId)
      restrict (username' .== literal username)
      return channel
-insertChannel :: (MonadMask m, MonadIO m) => Username -> Text -> SeldaT m ()
+updateChannelPrivacy :: (MonadMask m, MonadIO m, MonadSelda m) => ChannelID -> Visibility -> m (Maybe Channel)
-insertChannel username channel = do
+updateChannelPrivacy channelId visibility = do
-  mUserId <- listToMaybe <$> getUser
+  void $ update (gen channels) predicate (\channel -> channel `with` [pVis := literal visibility])
-  void $ forM mUserId $ \userId ->
+  getChannel channelId
    insertUnless (gen channels) (doesNotExist userId) [ def :*: channel :*: userId ]
  where
-    doesNotExist userId (_ :*: channel' :*: userId') = channel' .== literal channel .&& userId' .== literal userId
+    predicate (channelId' :*: _) = channelId' .== literal channelId
    _ :*: _ :*: _ :*: pVis = selectors (gen channels)
 insertChannel :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> Text -> Visibility -> m (Maybe Channel)
 insertChannel username channel visibility = runMaybeT $ do
  userId <- MaybeT (listToMaybe <$> getUser)
  channelId <- toChannelId <$> MaybeT (insertUnless (gen channels) (doesNotExist userId) [ def :*: channel :*: userId :*: visibility ])
  MaybeT (listToMaybe . fromRels <$> query (q channelId))
  where
    q channelId = do
      ch@(channelId' :*: _) <- select (gen channels)
      restrict (channelId' .== literal channelId)
      return ch
    toChannelId = ChannelID . fromRowId
    doesNotExist userId (_ :*: channel' :*: userId' :*: _) = channel' .== literal channel .&& userId' .== literal userId
    getUser = query $ do
      userId :*: _ :*: user :*: _ <- select (gen users)
      restrict (user .== literal username)
      return userId
-booksChannels :: (MonadMask m, MonadIO m) => BookID -> SeldaT m [Channel]
+booksChannels :: (MonadSelda m, MonadMask m, MonadIO m) => BookID -> m [Channel]
 booksChannels bookId = fromRels <$> query q
  where
    q = do
@ -44,3 +89,25 @@ booksChannels bookId = fromRels <$> query q
      restrict (channelId .== channelId')
      restrict (bookId' .== literal bookId)
      return ch
 attachChannel :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> BookID -> Text -> m ()
 attachChannel username bookId channel = do
  mCh <- fromRels <$> query channelQ
  forM_ mCh $ \Channel{identifier} ->
    whenM (null <$> query (attachQ identifier)) $
      void $ insertGen bookChannels [BookChannel identifier bookId]
  where
    attachQ channelId = do
      (channelId' :*: bookId') <- select (gen bookChannels)
      restrict (channelId' .== literal channelId .&& bookId' .== literal bookId)
      return channelId'
    channelQ = do
      userId :*: _ :*: username' :*: _ <- select (gen users)
      ch@(_ :*: channel' :*: owner :*: _) <- select (gen channels)
      restrict (username' .== literal username)
      restrict (owner .== userId)
      restrict (channel' .== literal channel)
      return ch
 clearChannels :: (MonadMask m, MonadIO m, MonadSelda m) => BookID -> m Int
 clearChannels bookId = deleteFrom (gen bookChannels) (\(_ :*: bookId') -> bookId' .== literal bookId)
--- a/src/Database/Schema.hs
+++ b/src/Database/Schema.hs
@ -3,6 +3,7 @@
 {-# Language OverloadedStrings #-}
 {-# Language DuplicateRecordFields #-}
 {-# Language GeneralizedNewtypeDeriving #-}
 {-# Language MultiParamTypeClasses #-}
 module Database.Schema where
 import ClassyPrelude
@ -13,6 +14,11 @@ import Database.Selda.Backend
 import Data.Aeson
 import Web.HttpApiData
 import Data.UUID (UUID)
 import qualified Data.UUID as UUID
 import Servant (MimeRender(..), PlainText)
 -- | User type
 newtype PlainPassword = PlainPassword Text deriving (Show, ToJSON, FromJSON, ToHttpApiData, FromHttpApiData, Eq)
 newtype HashedPassword = HashedPassword {unHashed :: ByteString}
@ -44,7 +50,7 @@ newtype UserID = UserID {unUserID :: Int} deriving (Show)
 newtype BookID = BookID {unBookID :: Int} deriving (Show, ToJSON, FromJSON, FromHttpApiData, Eq, Ord)
-newtype ChannelID = ChannelID {unChannelID :: Int} deriving (Show, ToHttpApiData, FromHttpApiData)
+newtype ChannelID = ChannelID {unChannelID :: Int} deriving (Show, ToHttpApiData, FromHttpApiData, ToJSON, FromJSON)
 newtype TagID = TagID {unTagID :: Int} deriving (Show)
@ -70,11 +76,24 @@ instance SqlType TagID where
  fromSql _ = error "fromSql: Bad tagid"
  defaultValue = mkLit (TagID (-1))
 newtype Token = Token { unToken :: UUID } deriving (Show, ToJSON)
 instance MimeRender PlainText Token where
  mimeRender _ = UUID.toLazyASCIIBytes . unToken
 instance SqlType Token where
  mkLit = LCustom . LText . UUID.toText . unToken
  fromSql (SqlString x) = maybe (error "fromSql: Could not parse token") Token . UUID.fromText $ x
  fromSql _ = error "fromSql: Could not parse token"
  defaultValue = mkLit (Token UUID.nil)
 data User pass = User { identifier :: UserID
                      , email :: Email
                      , username :: Username
                      , role :: Role
-                      , password :: pass }
+                      , token :: Maybe Token
                      , password :: pass
                      }
          deriving (Show, Generic)
 data Role = UserRole | AdminRole deriving (Show, Read, Enum, Bounded, Typeable, Generic)
@ -124,9 +143,22 @@ data Tag = Tag { identifier :: TagID
               , owner :: UserID }
         deriving (Show, Generic)
 data Visibility = Public | Private | Followers
                deriving (Show, Read, Generic)
 instance ToJSON Visibility
 instance FromJSON Visibility
 instance SqlType Visibility where
  mkLit = LCustom . LText . pack . show
  fromSql (SqlString x) = fromMaybe (error "fromSql: Not a valid visibility token") . readMay . unpack $ x
  fromSql _             = error "fromSql: Not a valid visibility token"
  defaultValue = mkLit Private
 data Channel = Channel { identifier :: ChannelID
                       , channel :: Text
-                       , owner :: UserID }
+                       , owner :: UserID
                       , visibility :: Visibility }
             deriving (Show, Generic)
 tags :: GenTable Tag
--- a/src/Database/Tag.hs
+++ b/src/Database/Tag.hs
@ -2,25 +2,27 @@
 {-# Language TypeOperators #-}
 {-# Language DataKinds #-}
 {-# Language DuplicateRecordFields #-}
 {-# Language NamedFieldPuns #-}
 module Database.Tag
  ( def
  , booksTags
  , attachTag
  , upsertTag
  , clearTags
  , Tag(..) ) where
 import ClassyPrelude
 import Database.Schema
 import Database
 import Database.Selda
 import Database.Selda.Generic
 import Control.Monad.Trans.Maybe
-upsertTag :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> Text -> m Tag
+upsertTag :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> Text -> m (Maybe Tag)
-upsertTag username tag = transaction $ do
+upsertTag username tag = runMaybeT $ do
-  -- I want this to error out if some data is invariant is wrong and roll back
+  userId <- MaybeT (listToMaybe <$> query userQ)
-  -- the transaction
+  void $ lift $ upsert (gen tags) (predicate userId) id [toRel (Tag def tag userId)]
-  [userId] <- query userQ
+  MaybeT (listToMaybe . fromRels <$> query (tagQ userId))
  void $ upsert (gen tags) (predicate userId) id [toRel (Tag def tag userId)]
  [t] <- fromRels <$> query (tagQ userId)
  return t
  where
    predicate userId (_ :*: tag' :*: owner) = tag' .== literal tag .&& owner .== literal userId
    tagQ userId = do
@ -41,3 +43,19 @@ booksTags bookId = fromRels <$> query q
      restrict (tagId .== tagId')
      restrict (bookId' .== literal bookId)
      return tag
 attachTag :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> BookID -> Text -> m ()
 attachTag username bookId tag = do
  maybeT <- upsertTag username tag
  forM_ maybeT $ \Tag{identifier} -> do
    whenM (null <$> query (tagQ identifier)) $
      void $ insertGen bookTags [BookTag identifier bookId]
  where
    tagQ tagId = do
      (tagId' :*: bookId') <- select (gen bookTags)
      restrict (tagId' .== literal tagId .&& bookId' .== literal bookId)
      return tagId'
 clearTags :: (MonadMask m, MonadIO m, MonadSelda m) => BookID -> m Int
 clearTags bookId = deleteFrom (gen bookTags) (\(_ :*: bookId') -> bookId' .== literal bookId)
--- a/src/Database/User.hs
+++ b/src/Database/User.hs
@ -2,7 +2,15 @@
 {-# Language TypeApplications #-}
 {-# Language DataKinds #-}
 {-# Language TemplateHaskell #-}
-module Database.User where
+{-# Language FlexibleContexts #-}
 module Database.User
  ( Token
  , insertUser
  , getUser
  , validateUser
  , createToken
  , invalidateToken )
  where
 import ClassyPrelude
 import Database
@ -14,10 +22,12 @@ import Crypto.KDF.BCrypt
 import Crypto.Random.Types (MonadRandom)
 import Control.Monad.Logger
 import Control.Monad (mfilter)
 import qualified Data.UUID.V4 as UUID
 data UserExistsError = UserExistsError
 insertUser :: (MonadLogger m, MonadIO m, MonadMask m, MonadRandom m) => Username -> Email -> PlainPassword -> SeldaT m (Either UserExistsError (User NoPassword))
 insertUser username email (PlainPassword password) =
  getUser' username >>= maybe insert' (const (return $ Left UserExistsError))
@ -26,7 +36,7 @@ insertUser username email (PlainPassword password) =
    insertAs role = do
      lift $ $logInfo $ "Inserting new user as " <> pack (show role)
      let bytePass = encodeUtf8 password
-      user <- User def email username role . HashedPassword <$> lift (hashPassword 12 bytePass)
+      user <- User def email username role Nothing . HashedPassword <$> lift (hashPassword 12 bytePass)
      insert_ (gen users) [toRel user] >> return (over (field @"password") (const NoPassword) user)
 adminExists :: (MonadMask m, MonadLogger m, MonadIO m) => SeldaT m Bool
@ -58,3 +68,21 @@ getUser' name = listToMaybe . fmap fromRel <$> query q
      u@(_ :*: _ :*: username :*: _ ) <- select (gen users)
      restrict (username .== literal name)
      return u
 createToken :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> m Token
 createToken username = do
  token <- Token <$> liftIO UUID.nextRandom
  void $ update (gen users) predicate (updateToken token)
  return token
  where
    _ :*: _ :*: pUsername :*: _ :*: pToken :*: _ = selectors (gen users)
    predicate user = user ! pUsername .== literal username
    updateToken token user= user `with` [pToken := literal (Just token)]
 invalidateToken :: (MonadMask m, MonadIO m, MonadSelda m) => Username -> m ()
 invalidateToken username = do
  void $ update (gen users) predicate updateToken
  where
    _ :*: _ :*: pUsername :*: _ :*: pToken :*: _ = selectors (gen users)
    predicate user = user ! pUsername .== literal username
    updateToken user= user `with` [pToken := literal Nothing]
--- a/src/Server/Auth.hs
+++ b/src/Server/Auth.hs
@ -6,10 +6,12 @@
 {-# Language DuplicateRecordFields #-}
 {-# Language TypeApplications #-}
 {-# Language TemplateHaskell #-}
 {-# Language FlexibleContexts #-}
 module Server.Auth
  ( SafeUser(..)
  , authCheck
  , AuthResult(..)
  , TokenCheck
  , requireLoggedIn)
  where
@ -56,3 +58,5 @@ authCheck app (BasicAuthData username password) = flip runReaderT app $
 requireLoggedIn :: (MonadLogger m, MonadThrow m, Monad m) => (SafeUser -> m a) -> AuthResult SafeUser -> m a
 requireLoggedIn f (Authenticated user) = f user
 requireLoggedIn _ u = $logError (pack (show u)) >> throwM err401
 data TokenCheck
Author	SHA1	Message	Date
Mats Rauhala	8d8b4e0453	wip	2018-08-28 22:24:54 +03:00
Mats Rauhala	526a2e7ebc	(#18 ) Creating tokens	2018-08-28 22:16:13 +03:00
MasseR	0037d4691e	#20 Update privacy settings on channels (#22 ) - Closes #20	2018-08-15 23:25:06 +03:00
MasseR	e61fb66c06	#13 Add visibility information to channels (#21 ) - closes #13	2018-08-15 22:38:36 +03:00
MasseR	8b04f3760e	Complete functions (#15 )	2018-08-15 22:11:30 +03:00
Mats Rauhala	5ff629902c	#12 Attach channels to books - Closes #12	2018-08-14 23:50:01 +03:00
Mats Rauhala	3d7f40eac9	#8 Attach tags to books	2018-08-14 23:50:01 +03:00
		`@ -0,0 +1 @@`
							`alter table channels add column visibility text NOT NULL default 'Private';`
		`@ -0,0 +1 @@`
							`alter table users add column token text null;`