aboutsummaryrefslogtreecommitdiff
path: root/server/src/Secure.hs
diff options
context:
space:
mode:
authorJoris2020-01-30 11:35:31 +0000
committerJoris2020-01-30 11:35:31 +0000
commit960fa7cb7ae4c57d01306f78cd349f3a8337d0ab (patch)
tree5077cc720525fb025e4dba65a9a8b631862cbcc8 /server/src/Secure.hs
parent14bdbc8c937f5d0b35c61350dba28cb41c3737cd (diff)
parent6a04e640955051616c3ad0874605830c448f2d75 (diff)
Merge branch 'with-ghcjs' into 'master'
Use Haskell on the frontend See merge request guyonvarch/shared-cost!2
Diffstat (limited to 'server/src/Secure.hs')
-rw-r--r--server/src/Secure.hs31
1 files changed, 31 insertions, 0 deletions
diff --git a/server/src/Secure.hs b/server/src/Secure.hs
new file mode 100644
index 0000000..a30941f
--- /dev/null
+++ b/server/src/Secure.hs
@@ -0,0 +1,31 @@
+module Secure
+ ( loggedAction
+ ) where
+
+import Control.Monad.IO.Class (liftIO)
+import qualified Data.Text.Lazy as TL
+import qualified Network.HTTP.Types.Status as HTTP
+import Web.Scotty
+
+import Common.Model (User)
+import qualified Common.Msg as Msg
+
+import qualified LoginSession
+import qualified Model.Query as Query
+import qualified Persistence.User as UserPersistence
+
+loggedAction :: (User -> ActionM ()) -> ActionM ()
+loggedAction action = do
+ maybeToken <- LoginSession.get
+ case maybeToken of
+ Just token -> do
+ maybeUser <- liftIO . Query.run . UserPersistence.get $ token
+ case maybeUser of
+ Just user ->
+ action user
+ Nothing -> do
+ status HTTP.forbidden403
+ html . TL.fromStrict . Msg.get $ Msg.Secure_Unauthorized
+ Nothing -> do
+ status HTTP.forbidden403
+ html . TL.fromStrict . Msg.get $ Msg.Secure_Forbidden