2020-07-30 19:38:46 +02:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
|
|
|
{-# LANGUAGE RecordWildCards #-}
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
module PendingAccounts where
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
import Database.SQLite.Simple
|
|
|
|
|
|
|
|
import qualified Types as T
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
create :: FilePath
|
|
|
|
-> T.RegistrationSecret
|
|
|
|
-> T.Username
|
|
|
|
-> T.ClearTextPassword
|
|
|
|
-> T.Role
|
|
|
|
-> T.Email
|
|
|
|
-> IO ()
|
|
|
|
create dbFile secret username password role email = withConnection dbFile $ \conn -> do
|
|
|
|
hashed <- T.hashPassword password
|
|
|
|
execute conn "INSERT INTO PendingAccounts (secret,username,password,role,email) VALUES (?,?,?,?,?)"
|
|
|
|
(secret, username, hashed, role, email)
|
|
|
|
|
|
|
|
get :: FilePath -> T.Username -> IO (Maybe T.PendingAccount)
|
|
|
|
get dbFile username = withConnection dbFile $ \conn -> do
|
Prefer SELECT (a,b,c) to SELECT *
"SELECT *" in SQL may not guarantee the order in which a record's columns are
returned. For example, in my FromRow instances for Account, I make successive call
The following scenario silently and erroneously assigns:
firstName, lastName = lastName, firstName
```sql
CREATE TABLE People (
firstName TEXT NOT NULL,
lastName TEXT NOT NULL,
age INTEGER NOT NULL,
PRIMARY KEY (firstName, lastName)
)
```
```haskell
data Person = Person { firstName :: String, lastName :: String, age :: Integer }
fromRow = do
firstName <- field
lastName <- field
age <- field
pure Person{..}
getPeople :: Connection -> IO [Person]
getPeople conn = query conn "SELECT * FROM People"
```
This silently fails because both firstName and lastName are Strings, and so the
FromRow Person instance type-checks, but you should expect to receive a list of
names like "Wallace William" instead of "William Wallace".
The following won't break the type-checker, but will result in a runtime parsing
error:
```haskell
-- all code from the previous example remains the same except for:
fromRow = do
age <- field
firstName <- field
lastName <- field
```
The "SELECT *" will return records like (firstName,lastName,age), but the
FromRow instance for Person will attempt to parse firstName as
Integer.
So... what have we learned? Prefer "SELECT (firstName,lastName,age)" instead of
"SELECT *".
2020-07-30 19:52:45 +02:00
|
|
|
res <- query conn "SELECT (secret,username,password,role,email) FROM PendingAccounts WHERE username = ?" (Only username)
|
2020-07-30 19:38:46 +02:00
|
|
|
case res of
|
|
|
|
[x] -> pure (Just x)
|
|
|
|
_ -> pure Nothing
|
|
|
|
|
|
|
|
delete :: FilePath -> T.Username -> IO ()
|
|
|
|
delete dbFile username = withConnection dbFile $ \conn ->
|
|
|
|
execute conn "DELETE FROM PendingAccounts WHERE username = ?" (Only username)
|