2020-07-29 15:14:47 +02:00
|
|
|
{-# LANGUAGE DataKinds #-}
|
2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE ScopedTypeVariables #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE NamedFieldPuns #-}
|
2020-07-28 22:33:58 +02:00
|
|
|
{-# LANGUAGE RecordWildCards #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE TypeApplications #-}
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
module App where
|
|
|
|
--------------------------------------------------------------------------------
|
2020-07-28 15:15:41 +02:00
|
|
|
import Control.Exception (throwIO)
|
2020-07-24 23:46:54 +02:00
|
|
|
import Control.Monad.IO.Class (liftIO)
|
|
|
|
import Data.String.Conversions (cs)
|
|
|
|
import Data.Text (Text)
|
|
|
|
import Network.Wai.Handler.Warp as Warp
|
|
|
|
import Servant
|
|
|
|
import API
|
2020-07-28 19:46:05 +02:00
|
|
|
import Utils
|
2020-07-29 15:14:47 +02:00
|
|
|
import Web.Cookie
|
2020-07-28 15:15:41 +02:00
|
|
|
|
|
|
|
import qualified Crypto.KDF.BCrypt as BC
|
|
|
|
import qualified Data.Text.Encoding as TE
|
2020-07-25 00:35:49 +02:00
|
|
|
import qualified Types as T
|
2020-07-28 19:38:30 +02:00
|
|
|
import qualified Accounts as Accounts
|
|
|
|
import qualified Trips as Trips
|
2020-07-28 19:48:38 +02:00
|
|
|
import qualified Sessions as Sessions
|
2020-07-28 22:33:58 +02:00
|
|
|
import qualified LoginAttempts as LoginAttempts
|
2020-07-24 23:46:54 +02:00
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
2020-07-27 16:22:22 +02:00
|
|
|
server :: FilePath -> Server API
|
2020-07-28 11:57:15 +02:00
|
|
|
server dbFile = createAccountH
|
|
|
|
:<|> deleteAccountH
|
|
|
|
:<|> listAccountsH
|
2020-07-28 10:10:54 +02:00
|
|
|
:<|> createTripH
|
2020-07-28 11:14:33 +02:00
|
|
|
:<|> deleteTripH
|
2020-07-28 11:57:15 +02:00
|
|
|
:<|> listTripsH
|
2020-07-28 15:15:41 +02:00
|
|
|
:<|> loginH
|
2020-07-29 15:14:47 +02:00
|
|
|
:<|> logoutH
|
2020-07-24 23:46:54 +02:00
|
|
|
where
|
2020-07-29 15:14:47 +02:00
|
|
|
createAccountH newUser = liftIO $ createAccount newUser
|
|
|
|
deleteAccountH cookie username = liftIO $ deleteAccount cookie username
|
|
|
|
listAccountsH cookie = liftIO $ listAccounts cookie
|
|
|
|
createTripH cookie trip = liftIO $ createTrip cookie trip
|
|
|
|
deleteTripH cookie tripPK = liftIO $ deleteTrip cookie tripPK
|
|
|
|
listTripsH = liftIO $ listTrips
|
|
|
|
loginH creds = liftIO $ login creds
|
|
|
|
logoutH cookie = liftIO $ logout cookie
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-27 16:22:22 +02:00
|
|
|
-- TODO(wpcarro): Handle failed CONSTRAINTs instead of sending 500s
|
2020-07-28 13:49:16 +02:00
|
|
|
createAccount :: T.CreateAccountRequest -> IO NoContent
|
2020-07-28 19:38:30 +02:00
|
|
|
createAccount request = do
|
|
|
|
Accounts.create dbFile
|
|
|
|
(T.createAccountRequestUsername request)
|
|
|
|
(T.createAccountRequestPassword request)
|
|
|
|
(T.createAccountRequestEmail request)
|
|
|
|
(T.createAccountRequestRole request)
|
2020-07-28 13:49:16 +02:00
|
|
|
pure NoContent
|
2020-07-25 00:35:49 +02:00
|
|
|
|
2020-07-29 15:14:47 +02:00
|
|
|
deleteAccount :: T.SessionCookie -> Text -> IO NoContent
|
|
|
|
deleteAccount cookie username = do
|
2020-07-28 19:38:30 +02:00
|
|
|
Accounts.delete dbFile (T.Username username)
|
2020-07-28 11:57:15 +02:00
|
|
|
pure NoContent
|
|
|
|
|
2020-07-29 15:14:47 +02:00
|
|
|
listAccounts :: T.SessionCookie -> IO [T.User]
|
|
|
|
listAccounts cookie = Accounts.list dbFile
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-29 15:14:47 +02:00
|
|
|
createTrip :: T.SessionCookie -> T.Trip -> IO NoContent
|
|
|
|
createTrip cookie trip = do
|
2020-07-28 19:38:30 +02:00
|
|
|
Trips.create dbFile trip
|
2020-07-28 11:12:25 +02:00
|
|
|
pure NoContent
|
2020-07-28 10:10:54 +02:00
|
|
|
|
2020-07-28 11:14:33 +02:00
|
|
|
-- TODO(wpcarro): Validate incoming data like startDate.
|
2020-07-29 15:14:47 +02:00
|
|
|
deleteTrip :: T.SessionCookie -> T.TripPK -> IO NoContent
|
|
|
|
deleteTrip cookie tripPK = do
|
2020-07-28 19:38:30 +02:00
|
|
|
Trips.delete dbFile tripPK
|
|
|
|
pure NoContent
|
2020-07-28 11:14:33 +02:00
|
|
|
|
2020-07-29 15:14:47 +02:00
|
|
|
listTrips :: IO [T.Trip]
|
|
|
|
listTrips = Trips.list dbFile
|
|
|
|
|
|
|
|
login :: T.AccountCredentials
|
|
|
|
-> IO (Headers '[Header "Set-Cookie" SetCookie] NoContent)
|
2020-07-28 19:48:38 +02:00
|
|
|
login (T.AccountCredentials username password) = do
|
|
|
|
mAccount <- Accounts.lookup dbFile username
|
|
|
|
case mAccount of
|
2020-07-28 22:33:58 +02:00
|
|
|
Just account@T.Account{..} -> do
|
|
|
|
mAttempts <- LoginAttempts.forUsername dbFile accountUsername
|
|
|
|
case mAttempts of
|
|
|
|
Nothing ->
|
|
|
|
if T.passwordsMatch password accountPassword then do
|
|
|
|
session <- Sessions.findOrCreate dbFile account
|
|
|
|
-- set cookie
|
2020-07-29 15:14:47 +02:00
|
|
|
undefined
|
2020-07-28 22:33:58 +02:00
|
|
|
else do
|
|
|
|
LoginAttempts.increment dbFile username
|
2020-07-29 15:14:47 +02:00
|
|
|
throwIO err401 { errBody = "Your credentials are invalid" }
|
2020-07-28 22:33:58 +02:00
|
|
|
Just attempts ->
|
|
|
|
if attempts > 3 then
|
|
|
|
-- TODO(wpcarro): Prefer 429 error code
|
2020-07-29 15:14:47 +02:00
|
|
|
throwIO err401 { errBody = "Too many failed login attempts" }
|
2020-07-28 22:33:58 +02:00
|
|
|
else if T.passwordsMatch password accountPassword then do
|
|
|
|
session <- Sessions.findOrCreate dbFile account
|
|
|
|
-- set cookie
|
2020-07-29 15:14:47 +02:00
|
|
|
undefined
|
2020-07-28 22:33:58 +02:00
|
|
|
else do
|
|
|
|
LoginAttempts.increment dbFile username
|
|
|
|
-- TODO(wpcarro): Catch and return errors over HTTP
|
2020-07-29 15:14:47 +02:00
|
|
|
throwIO err401 { errBody = "Your credentials are invalid" }
|
2020-07-28 15:15:41 +02:00
|
|
|
|
2020-07-28 19:48:38 +02:00
|
|
|
-- In this branch, the user didn't supply a known username.
|
2020-07-29 15:14:47 +02:00
|
|
|
Nothing -> throwIO err401 { errBody = "Your credentials are invalid" }
|
|
|
|
|
|
|
|
logout :: T.SessionCookie
|
|
|
|
-> IO (Headers '[Header "Set-Cookie" SetCookie] NoContent)
|
|
|
|
logout cookie = undefined
|
|
|
|
-- pull off SessionUUID from the request headers
|
|
|
|
-- delete the SessionUUID from the Sessions table.
|
2020-07-28 15:15:41 +02:00
|
|
|
|
2020-07-24 23:46:54 +02:00
|
|
|
mkApp :: FilePath -> IO Application
|
2020-07-27 16:22:22 +02:00
|
|
|
mkApp dbFile = do
|
|
|
|
pure $ serve (Proxy @ API) $ server dbFile
|
2020-07-24 23:46:54 +02:00
|
|
|
|
|
|
|
run :: FilePath -> IO ()
|
|
|
|
run sqliteFile =
|
|
|
|
Warp.run 3000 =<< mkApp sqliteFile
|