2020-07-29 15:14:47 +02:00
|
|
|
{-# LANGUAGE DataKinds #-}
|
2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE ScopedTypeVariables #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE NamedFieldPuns #-}
|
2020-07-28 22:33:58 +02:00
|
|
|
{-# LANGUAGE RecordWildCards #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE TypeApplications #-}
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
module App where
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
import Control.Monad.IO.Class (liftIO)
|
|
|
|
import Data.String.Conversions (cs)
|
|
|
|
import Data.Text (Text)
|
|
|
|
import Network.Wai.Handler.Warp as Warp
|
|
|
|
import Servant
|
2020-07-29 21:26:23 +02:00
|
|
|
import Servant.Server.Internal.ServerError
|
2020-07-24 23:46:54 +02:00
|
|
|
import API
|
2020-07-28 19:46:05 +02:00
|
|
|
import Utils
|
2020-07-29 15:14:47 +02:00
|
|
|
import Web.Cookie
|
2020-07-28 15:15:41 +02:00
|
|
|
|
|
|
|
import qualified Crypto.KDF.BCrypt as BC
|
|
|
|
import qualified Data.Text.Encoding as TE
|
2020-07-29 21:26:23 +02:00
|
|
|
import qualified Data.UUID as UUID
|
|
|
|
import qualified Data.UUID.V4 as UUID
|
2020-07-25 00:35:49 +02:00
|
|
|
import qualified Types as T
|
2020-07-28 19:38:30 +02:00
|
|
|
import qualified Accounts as Accounts
|
2020-07-29 21:26:23 +02:00
|
|
|
import qualified Auth as Auth
|
2020-07-28 19:38:30 +02:00
|
|
|
import qualified Trips as Trips
|
2020-07-28 19:48:38 +02:00
|
|
|
import qualified Sessions as Sessions
|
2020-07-28 22:33:58 +02:00
|
|
|
import qualified LoginAttempts as LoginAttempts
|
2020-07-24 23:46:54 +02:00
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
err429 :: ServerError
|
|
|
|
err429 = ServerError
|
|
|
|
{ errHTTPCode = 429
|
|
|
|
, errReasonPhrase = "Too many requests"
|
|
|
|
, errBody = ""
|
|
|
|
, errHeaders = []
|
|
|
|
}
|
|
|
|
|
2020-07-30 14:58:50 +02:00
|
|
|
server :: T.Config -> Server API
|
|
|
|
server T.Config{..} = createAccount
|
|
|
|
:<|> deleteAccount
|
|
|
|
:<|> listAccounts
|
|
|
|
:<|> createTrip
|
|
|
|
:<|> deleteTrip
|
|
|
|
:<|> listTrips
|
|
|
|
:<|> login
|
|
|
|
:<|> logout
|
2020-07-24 23:46:54 +02:00
|
|
|
where
|
2020-07-30 11:23:55 +02:00
|
|
|
-- Admit Admins + whatever the predicate `p` passes.
|
|
|
|
adminsAnd cookie p = Auth.assert dbFile cookie (\acct@T.Account{..} -> accountRole == T.Admin || p acct)
|
|
|
|
-- Admit Admins only.
|
|
|
|
adminsOnly cookie = adminsAnd cookie (const True)
|
|
|
|
|
2020-07-27 16:22:22 +02:00
|
|
|
-- TODO(wpcarro): Handle failed CONSTRAINTs instead of sending 500s
|
2020-07-29 21:26:23 +02:00
|
|
|
createAccount :: T.CreateAccountRequest -> Handler NoContent
|
2020-07-28 19:38:30 +02:00
|
|
|
createAccount request = do
|
2020-07-29 21:26:23 +02:00
|
|
|
liftIO $ Accounts.create dbFile
|
2020-07-28 19:38:30 +02:00
|
|
|
(T.createAccountRequestUsername request)
|
|
|
|
(T.createAccountRequestPassword request)
|
|
|
|
(T.createAccountRequestEmail request)
|
|
|
|
(T.createAccountRequestRole request)
|
2020-07-28 13:49:16 +02:00
|
|
|
pure NoContent
|
2020-07-25 00:35:49 +02:00
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
deleteAccount :: T.SessionCookie -> Text -> Handler NoContent
|
2020-07-30 11:23:55 +02:00
|
|
|
deleteAccount cookie username = adminsOnly cookie $ do
|
|
|
|
liftIO $ Accounts.delete dbFile (T.Username username)
|
|
|
|
pure NoContent
|
2020-07-28 11:57:15 +02:00
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
listAccounts :: T.SessionCookie -> Handler [T.User]
|
2020-07-30 11:23:55 +02:00
|
|
|
listAccounts cookie = adminsOnly cookie $ do
|
|
|
|
liftIO $ Accounts.list dbFile
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
createTrip :: T.SessionCookie -> T.Trip -> Handler NoContent
|
2020-07-30 11:23:55 +02:00
|
|
|
createTrip cookie trip@T.Trip{..} =
|
|
|
|
adminsAnd cookie (\T.Account{..} -> accountUsername == tripUsername) $ do
|
|
|
|
liftIO $ Trips.create dbFile trip
|
|
|
|
pure NoContent
|
2020-07-28 10:10:54 +02:00
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
deleteTrip :: T.SessionCookie -> T.TripPK -> Handler NoContent
|
2020-07-30 11:23:55 +02:00
|
|
|
deleteTrip cookie tripPK@T.TripPK{..} =
|
|
|
|
adminsAnd cookie (\T.Account{..} -> accountUsername == tripPKUsername) $ do
|
2020-07-29 21:26:23 +02:00
|
|
|
liftIO $ Trips.delete dbFile tripPK
|
2020-07-28 19:38:30 +02:00
|
|
|
pure NoContent
|
2020-07-28 11:14:33 +02:00
|
|
|
|
2020-07-29 21:26:23 +02:00
|
|
|
listTrips :: Handler [T.Trip]
|
|
|
|
listTrips = liftIO $ Trips.list dbFile
|
2020-07-29 15:14:47 +02:00
|
|
|
|
|
|
|
login :: T.AccountCredentials
|
2020-07-29 21:26:23 +02:00
|
|
|
-> Handler (Headers '[Header "Set-Cookie" SetCookie] NoContent)
|
2020-07-28 19:48:38 +02:00
|
|
|
login (T.AccountCredentials username password) = do
|
2020-07-29 21:26:23 +02:00
|
|
|
mAccount <- liftIO $ Accounts.lookup dbFile username
|
2020-07-28 19:48:38 +02:00
|
|
|
case mAccount of
|
2020-07-28 22:33:58 +02:00
|
|
|
Just account@T.Account{..} -> do
|
2020-07-29 21:26:23 +02:00
|
|
|
mAttempts <- liftIO $ LoginAttempts.forUsername dbFile accountUsername
|
2020-07-28 22:33:58 +02:00
|
|
|
case mAttempts of
|
|
|
|
Nothing ->
|
|
|
|
if T.passwordsMatch password accountPassword then do
|
2020-07-29 21:26:23 +02:00
|
|
|
uuid <- liftIO $ Sessions.findOrCreate dbFile account
|
|
|
|
pure $ addHeader (Auth.mkCookie uuid) NoContent
|
2020-07-28 22:33:58 +02:00
|
|
|
else do
|
2020-07-29 21:26:23 +02:00
|
|
|
liftIO $ LoginAttempts.increment dbFile username
|
|
|
|
throwError err401 { errBody = "Your credentials are invalid" }
|
2020-07-28 22:33:58 +02:00
|
|
|
Just attempts ->
|
|
|
|
if attempts > 3 then
|
2020-07-29 21:26:23 +02:00
|
|
|
throwError err429
|
2020-07-28 22:33:58 +02:00
|
|
|
else if T.passwordsMatch password accountPassword then do
|
2020-07-29 21:26:23 +02:00
|
|
|
uuid <- liftIO $ Sessions.findOrCreate dbFile account
|
|
|
|
pure $ addHeader (Auth.mkCookie uuid) NoContent
|
2020-07-28 22:33:58 +02:00
|
|
|
else do
|
2020-07-29 21:26:23 +02:00
|
|
|
liftIO $ LoginAttempts.increment dbFile username
|
|
|
|
throwError err401 { errBody = "Your credentials are invalid" }
|
2020-07-28 15:15:41 +02:00
|
|
|
|
2020-07-28 19:48:38 +02:00
|
|
|
-- In this branch, the user didn't supply a known username.
|
2020-07-29 21:26:23 +02:00
|
|
|
Nothing -> throwError err401 { errBody = "Your credentials are invalid" }
|
2020-07-29 15:14:47 +02:00
|
|
|
|
|
|
|
logout :: T.SessionCookie
|
2020-07-29 21:26:23 +02:00
|
|
|
-> Handler (Headers '[Header "Set-Cookie" SetCookie] NoContent)
|
|
|
|
logout cookie = do
|
|
|
|
case Auth.uuidFromCookie cookie of
|
|
|
|
Nothing ->
|
|
|
|
pure $ addHeader Auth.emptyCookie NoContent
|
|
|
|
Just uuid -> do
|
|
|
|
liftIO $ Sessions.delete dbFile uuid
|
|
|
|
pure $ addHeader Auth.emptyCookie NoContent
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-30 14:58:50 +02:00
|
|
|
run :: T.Config -> IO ()
|
|
|
|
run config =
|
|
|
|
Warp.run 3000 (serve (Proxy @ API) $ server config)
|