Commit graph

13 commits

Author SHA1 Message Date
William Carroll
f051b0be0b Check passwords in /login
TL;DR:
- Since POST /login is more rigorous, our accounts.csv needs to contain validly
  hashed passwords; you can use tests/create-accounts.sh to create dummy
  accounts

I still need to test the login flow and support:
- Tracking failed attempts (three maximum)
- Verifying accounts by sending emails to the users
2020-07-28 18:48:38 +01:00
William Carroll
b355664858 Support /login
Support basic authentication.

Note the TODOs that this commit introduces to track some of the remaining work.
2020-07-28 14:15:41 +01:00
William Carroll
b170be9375 Hash passwords when creating accounts
TL;DR:
- introduce the Cryptonite library
- Remove the redundant language extensions, imports, deps from Persistent
- Prefer NoContent return type for POST /accounts
- Define custom {To,From}JSON instances for Role
2020-07-28 12:51:17 +01:00
William Carroll
2398f1bd40 Distinguish b/w Account and User
Additionally: supporting more CRUDL methods for the Accounts and Trips tables.
2020-07-28 10:57:15 +01:00
William Carroll
6d9e76313d Partially support DELETE /trips
Allow a user to delete a trip entry from the Trips table using the Primary
Key. While this type-checks and compiles, it doesn't appear to be working as
intended. Perhaps I should use an auto-incrementing integer as the Primary
Key. I'm not sure how I want to handle this, so I'm punting for now.
2020-07-28 10:14:33 +01:00
William Carroll
0637da36cc Support GET /trips
In the spirit of support CRUDL, I added a GET /trips, which lists all of the
trips in the Trips table.
2020-07-28 10:13:38 +01:00
William Carroll
2f73d1db6c Prefer NoContent response to Bool
When I first wrote this handler I wasn't aware of the NoContent response
option.
2020-07-28 10:12:25 +01:00
William Carroll
52ac4d79bd Allow API users to create Trip entries
Next up:
- list trips
- update existing trip entries
- delete existing trip entries
2020-07-28 09:12:55 +01:00
William Carroll
974c63a679 Remove unnecessary language extensions
Attempting to abide by the Principle of Least Power. Also: the smaller the
headers in each module are, the happier I am.
2020-07-27 11:35:10 +01:00
William Carroll
d011616564 Change the name User to Account
Next I'll need to add / remove fields from the Account type.
2020-07-25 18:18:59 +01:00
William Carroll
718152ec14 Return a Session
Define the Session type and return it for the POST /user endpoint
2020-07-24 23:35:49 +01:00
William Carroll
1d47e94bbe Integrate Persistent with Servant
Query my SQLite database from within my Servant handlers. Nothing I've written
is domain-specific to the business logic yet -- I'm just making sure everything
integrates.
2020-07-24 22:48:08 +01:00
William Carroll
660b8d43e5 Support a basic API
Use Servant to create a REST API supporting the following routes:
- GET /number
- POST /other

The server interacts with a SQLite database.
2020-07-24 19:00:29 +01:00