2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE ScopedTypeVariables #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
2020-07-28 15:15:41 +02:00
|
|
|
{-# LANGUAGE NamedFieldPuns #-}
|
2020-07-24 23:46:54 +02:00
|
|
|
{-# LANGUAGE TypeApplications #-}
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
module App where
|
|
|
|
--------------------------------------------------------------------------------
|
2020-07-28 15:15:41 +02:00
|
|
|
import Control.Exception (throwIO)
|
2020-07-24 23:46:54 +02:00
|
|
|
import Control.Monad.IO.Class (liftIO)
|
2020-07-27 16:22:22 +02:00
|
|
|
import Data.Function ((&))
|
2020-07-24 23:46:54 +02:00
|
|
|
import Data.String.Conversions (cs)
|
|
|
|
import Data.Text (Text)
|
2020-07-27 16:22:22 +02:00
|
|
|
import Database.SQLite.Simple
|
2020-07-24 23:46:54 +02:00
|
|
|
import Network.Wai.Handler.Warp as Warp
|
|
|
|
import Servant
|
|
|
|
import API
|
2020-07-28 15:15:41 +02:00
|
|
|
|
|
|
|
import qualified Crypto.KDF.BCrypt as BC
|
|
|
|
import qualified Data.Text.Encoding as TE
|
2020-07-25 00:35:49 +02:00
|
|
|
import qualified Types as T
|
2020-07-24 23:46:54 +02:00
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
|
2020-07-27 16:22:22 +02:00
|
|
|
server :: FilePath -> Server API
|
2020-07-28 11:57:15 +02:00
|
|
|
server dbFile = createAccountH
|
|
|
|
:<|> deleteAccountH
|
|
|
|
:<|> listAccountsH
|
2020-07-28 10:10:54 +02:00
|
|
|
:<|> createTripH
|
2020-07-28 11:14:33 +02:00
|
|
|
:<|> deleteTripH
|
2020-07-28 11:57:15 +02:00
|
|
|
:<|> listTripsH
|
2020-07-28 15:15:41 +02:00
|
|
|
:<|> loginH
|
2020-07-24 23:46:54 +02:00
|
|
|
where
|
2020-07-28 11:57:15 +02:00
|
|
|
createAccountH newUser = liftIO $ createAccount newUser
|
|
|
|
deleteAccountH username = liftIO $ deleteAccount username
|
|
|
|
listAccountsH = liftIO $ listAccounts
|
|
|
|
createTripH trip = liftIO $ createTrip trip
|
|
|
|
deleteTripH tripPK = liftIO $ deleteTrip tripPK
|
|
|
|
listTripsH = liftIO $ listTrips
|
2020-07-28 15:15:41 +02:00
|
|
|
loginH creds = liftIO $ login creds
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-27 16:22:22 +02:00
|
|
|
-- TODO(wpcarro): Handle failed CONSTRAINTs instead of sending 500s
|
2020-07-28 13:49:16 +02:00
|
|
|
createAccount :: T.CreateAccountRequest -> IO NoContent
|
|
|
|
createAccount request = withConnection dbFile $ \conn -> do
|
|
|
|
hashed <- T.hashPassword (T.createAccountRequestPassword request)
|
|
|
|
execute conn "INSERT INTO Accounts (username,password,email,role) VALUES (?,?,?,?)"
|
|
|
|
( T.createAccountRequestUsername request
|
|
|
|
, hashed
|
|
|
|
, T.createAccountRequestEmail request
|
|
|
|
, T.createAccountRequestRole request
|
|
|
|
)
|
|
|
|
pure NoContent
|
2020-07-25 00:35:49 +02:00
|
|
|
|
2020-07-28 11:57:15 +02:00
|
|
|
deleteAccount :: Text -> IO NoContent
|
|
|
|
deleteAccount username = withConnection dbFile $ \conn -> do
|
|
|
|
execute conn "DELETE FROM Accounts WHERE username = ?"
|
|
|
|
(Only (T.Username username))
|
|
|
|
pure NoContent
|
|
|
|
|
|
|
|
listAccounts :: IO [T.User]
|
|
|
|
listAccounts = withConnection dbFile $ \conn -> do
|
|
|
|
accounts <- query_ conn "SELECT * FROM Accounts"
|
|
|
|
pure $ T.userFromAccount <$> accounts
|
2020-07-24 23:46:54 +02:00
|
|
|
|
2020-07-28 11:12:25 +02:00
|
|
|
createTrip :: T.Trip -> IO NoContent
|
2020-07-28 10:10:54 +02:00
|
|
|
createTrip trip = withConnection dbFile $ \conn -> do
|
|
|
|
execute conn "INSERT INTO Trips (username,destination,startDate,endDate,comment) VALUES (?,?,?,?,?)"
|
|
|
|
(trip & T.tripFields)
|
2020-07-28 11:12:25 +02:00
|
|
|
pure NoContent
|
2020-07-28 10:10:54 +02:00
|
|
|
|
2020-07-28 11:13:38 +02:00
|
|
|
listTrips :: IO [T.Trip]
|
2020-07-28 11:57:15 +02:00
|
|
|
listTrips = withConnection dbFile $ \conn ->
|
2020-07-28 11:13:38 +02:00
|
|
|
query_ conn "SELECT * FROM Trips"
|
2020-07-28 11:14:33 +02:00
|
|
|
|
|
|
|
-- TODO(wpcarro): Validate incoming data like startDate.
|
|
|
|
deleteTrip :: T.TripPK -> IO NoContent
|
|
|
|
deleteTrip tripPK =
|
|
|
|
withConnection dbFile $ \conn -> do
|
|
|
|
execute conn "DELETE FROM Trips WHERE username = ? AND destination = ? and startDate = ?"
|
|
|
|
(tripPK & T.tripPKFields)
|
|
|
|
pure NoContent
|
|
|
|
|
2020-07-28 15:15:41 +02:00
|
|
|
-- TODO(wpcarro): Create and store a session token
|
|
|
|
login :: T.AccountCredentials -> IO (Maybe T.Session)
|
|
|
|
login (T.AccountCredentials username password) =
|
|
|
|
withConnection dbFile $ \conn -> do
|
|
|
|
res <- query conn "SELECT * FROM Accounts WHERE username = ?"
|
|
|
|
(Only username)
|
|
|
|
case res of
|
|
|
|
[T.Account{T.accountUsername,T.accountPassword,T.accountRole}] ->
|
|
|
|
if T.passwordsMatch password accountPassword then
|
|
|
|
pure $ Just (T.Session accountUsername accountRole)
|
|
|
|
else
|
|
|
|
-- TODO(wpcarro): Catch and return errors over HTTP
|
|
|
|
throwIO $ err401 { errBody = "Your credentials are invalid" }
|
|
|
|
|
|
|
|
-- In this branch, the user didn't supply a known username.
|
|
|
|
_ -> throwIO $ err401 { errBody = "Your credentials are invalid" }
|
|
|
|
|
2020-07-24 23:46:54 +02:00
|
|
|
mkApp :: FilePath -> IO Application
|
2020-07-27 16:22:22 +02:00
|
|
|
mkApp dbFile = do
|
|
|
|
pure $ serve (Proxy @ API) $ server dbFile
|
2020-07-24 23:46:54 +02:00
|
|
|
|
|
|
|
run :: FilePath -> IO ()
|
|
|
|
run sqliteFile =
|
|
|
|
Warp.run 3000 =<< mkApp sqliteFile
|