aboutsummaryrefslogtreecommitdiff
path: root/src/server/Secure.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/Secure.hs')
-rw-r--r--src/server/Secure.hs29
1 files changed, 21 insertions, 8 deletions
diff --git a/src/server/Secure.hs b/src/server/Secure.hs
index 1fef713..8565098 100644
--- a/src/server/Secure.hs
+++ b/src/server/Secure.hs
@@ -8,13 +8,15 @@ import Web.Scotty
import Network.HTTP.Types.Status (forbidden403)
-import Database.Persist (Entity)
+import Database.Persist (Entity, entityVal)
-import Model.Database (User, runDb)
import Model.User (getUser)
+import Model.SignIn (getSignInToken, isLastValidToken)
+import Model.Database
import Control.Monad.IO.Class (liftIO)
+import Data.Text (Text)
import qualified Data.Text as T
import qualified Data.Text.IO as TIO
@@ -22,17 +24,28 @@ import qualified LoginSession
loggedAction :: (Entity User -> ActionM ()) -> ActionM ()
loggedAction action = do
- maybeLogin <- LoginSession.get
- case maybeLogin of
- Just login -> do
- maybeUser <- liftIO . runDb $ getUser login
+ maybeToken <- LoginSession.get
+ case maybeToken of
+ Just token -> do
+ maybeUser <- liftIO . runDb . getUserFromToken $ token
case maybeUser of
Just user ->
action user
Nothing -> do
status forbidden403
- liftIO . TIO.putStrLn . T.concat $ ["Could not find the user which login is ", login]
- html "Could not find a user from your login"
+ html "You are not authorized to logged in"
Nothing -> do
status forbidden403
html "You need to be logged in to perform this action"
+
+getUserFromToken :: Text -> Persist (Maybe (Entity User))
+getUserFromToken token = do
+ mbSignIn <- fmap entityVal <$> getSignInToken token
+ case mbSignIn of
+ Just signIn -> do
+ isValid <- isLastValidToken signIn
+ if isValid
+ then getUser (signInEmail signIn)
+ else return Nothing
+ Nothing ->
+ return Nothing