authentication

Author: mo-sqrd

Application/Migration/1761596722.sql

@@ -0,0 +1,9 @@
+CREATE TABLE users (
+    id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
+    email TEXT NOT NULL,
+    password_hash TEXT NOT NULL,
+    locked_at TIMESTAMP WITH TIME ZONE DEFAULT null,
+    failed_login_attempts INT DEFAULT 0 NOT NULL,
+    logins INT NOT NULL,
+    isconfirmed BOOLEAN DEFAULT false NOT NULL
+);

Application/Schema.sql

@@ -15,12 +15,13 @@ CREATE TABLE comments (
 );
 CREATE INDEX comments_post_id_index ON comments (post_id);
 CREATE INDEX comments_created_at_index ON comments (created_at);
-ALTER TABLE comments ADD CONSTRAINT comments_ref_post_id FOREIGN KEY (post_id) REFERENCES posts (id) ON DELETE NO ACTION;
-
 CREATE TABLE users (
     id UUID DEFAULT uuid_generate_v4() PRIMARY KEY NOT NULL,
     email TEXT NOT NULL,
     password_hash TEXT NOT NULL,
     locked_at TIMESTAMP WITH TIME ZONE DEFAULT NULL,
-    failed_login_attempts INT DEFAULT 0 NOT NULL
+    failed_login_attempts INT DEFAULT 0 NOT NULL,
+    logins INT NOT NULL,
+    "isConfirmed" BOOLEAN DEFAULT false NOT NULL
 );
+ALTER TABLE comments ADD CONSTRAINT comments_ref_post_id FOREIGN KEY (post_id) REFERENCES posts (id) ON DELETE NO ACTION;

Web/Controller/Posts.hs

@@ -9,6 +9,8 @@ import qualified Text.MMark as MMark
 
 
 instance Controller PostsController where
+    beforeAction = ensureIsUser
+
     action PostsAction = do
         posts <- query @Post
             |> orderByDesc #createdAt
@@ -27,6 +29,7 @@ instance Controller PostsController where
 
     action EditPostAction { postId } = do
         post <- fetch postId
+        -- accessDeniedUnless (post.userId == currentUserId)
         render EditView { .. }
 
     action UpdatePostAction { postId } = do

Web/Controller/Sessions.hs

@@ -9,4 +9,22 @@ instance Controller SessionsController where
     action CreateSessionAction = Sessions.createSessionAction @User
     action DeleteSessionAction = Sessions.deleteSessionAction @User
 
-instance Sessions.SessionsControllerConfig User
+
+instance Sessions.SessionsControllerConfig User 
+
+    -- action MyAction = do
+    --     case currentUserOrNothing of
+    --         Just currentUser -> do
+    --             let text = "Hello " <> currentUser.email
+    --             renderPlain text
+    --         Nothing -> renderPlain "Please login first"
+
+
+-- instance Sessions.SessionsControllerConfig User where
+    -- beforeLogin = updateLoginHistory
+
+    -- updateLoginHistory user = do
+    --     user
+    --         |> modify #logins (\count -> count + 1)
+    --         |> updateRecord
+    --     pure ()

Web/Controller/Users.hs

@@ -0,0 +1,75 @@
+module Web.Controller.Users where
+
+import Web.Controller.Prelude
+import Web.View.Users.Index
+import Web.View.Users.New
+import Web.View.Users.Edit
+import Web.View.Users.Show
+
+import qualified Web.Controller.Sessions ()
+
+-- instance Confirmations.ConfirmationsControllerConfig User where
+
+instance Controller UsersController where
+    action UsersAction = do
+        users <- query @User |> fetch
+        render IndexView { .. }
+
+    action NewUserAction = do
+        let user = newRecord
+        render NewView { .. }
+
+    action ShowUserAction { userId } = do
+        user <- fetch userId
+        render ShowView { .. }
+
+    action EditUserAction { userId } = do
+        user <- fetch userId
+        render EditView { .. }
+
+    action UpdateUserAction { userId } = do
+        user <- fetch userId
+        user
+            |> buildUser
+            |> ifValid \case
+                Left user -> render EditView { .. }
+                Right user -> do
+                    user <- user |> updateRecord
+                    setSuccessMessage "User updated"
+                    redirectTo EditUserAction { .. }
+
+    action CreateUserAction = do
+        let user = newRecord @User
+        -- The value from the password confirmation input field.
+        let passwordConfirmation = param @Text "passwordConfirmation"
+        user
+            |> fill @["email", "passwordHash"]
+            -- We ensure that the error message doesn't include
+            -- the entered password.
+            |> validateField #passwordHash (isEqual passwordConfirmation |> withCustomErrorMessage "Passwords don't match")
+            |> validateField #passwordHash nonEmpty
+            |> validateField #email isEmail
+            -- After this validation, since it's operation on the IO, we'll need to use >>=.
+            |> validateIsUnique #email
+            >>= ifValid \case
+                Left user -> render NewView { .. }
+                Right user -> do
+                    hashed <- hashPassword user.passwordHash
+                    user <- user
+                        |> set #passwordHash hashed
+                        |> createRecord
+                    setSuccessMessage "You have registered successfully"
+                    redirectToPath "/"
+
+    action DeleteUserAction { userId } = do
+        user <- fetch userId
+        deleteRecord user
+        setSuccessMessage "User deleted"
+        redirectTo UsersAction
+
+    -- action ConfirmUserAction { userId, confirmationToken } = Confirmations.confirmAction userId confirmationToken
+
+
+buildUser user = user
+    |> fill @'["email", "passwordHash", "failedLoginAttempts", "logins", "isconfirmed"]
+

Web/FrontController.hs

@@ -8,6 +8,7 @@ import IHP.LoginSupport.Middleware
 import Web.Controller.Sessions
 
 -- Controller Imports
+import Web.Controller.Users
 import Web.Controller.Comments
 import Web.Controller.Posts
 import Web.Controller.Static
@@ -16,6 +17,7 @@ instance FrontController WebApplication where
     controllers = 
         [ startPage WelcomeAction
         -- Generator Marker
+        , parseRoute @UsersController
         , parseRoute @CommentsController
         , parseRoute @PostsController
         , parseRoute @SessionsController

Web/Routes.hs

@@ -12,3 +12,6 @@ instance AutoRoute CommentsController
 instance AutoRoute SessionsController
 
 
+
+instance AutoRoute UsersController
+

Web/Types.hs

@@ -41,4 +41,14 @@ data SessionsController
     = NewSessionAction
     | CreateSessionAction
     | DeleteSessionAction
-    deriving (Eq, Show, Data)
+    deriving (Eq, Show, Data)
+data UsersController
+    = UsersAction
+    | NewUserAction
+    | ShowUserAction { userId :: !(Id User) }
+    | CreateUserAction
+    | EditUserAction { userId :: !(Id User) }
+    | UpdateUserAction { userId :: !(Id User) }
+    | DeleteUserAction { userId :: !(Id User) }
+    -- | ConfirmUserAction { userId :: !(Id User), confirmationToken :: !Text } -- <--- ADD THIS ACTION
+    deriving (Eq, Show, Data)

Web/View/Posts/Show.hs

@@ -12,6 +12,8 @@ renderMarkdown text =
 instance View ShowView where
     html ShowView { .. } = [hsx|
         {breadcrumb}
+        <h1>Hello {currentUser.email}</h1>
+
         <h1>{post.title}</h1>
         <p>{post.createdAt |> timeAgo}</p>
         <div>{post.body |> renderMarkdown}</div>
@@ -22,6 +24,8 @@ instance View ShowView where
 
 
 
+
+
 
     |]
         where

Web/View/Static/Welcome.hs

@@ -5,10 +5,10 @@ data WelcomeView = WelcomeView
 
 instance View WelcomeView where
     html WelcomeView = [hsx|
-         <div style="background-color: #657b83; padding: 2rem; color:hsla(196, 13%, 96%, 1); border-radius: 4px">
+         <div style="background-color: #ea8658ff; padding: 2rem; color:hsla(196, 13%, 96%, 1); border-radius: 4px">
               <div style="max-width: 800px; margin-left: auto; margin-right: auto">
                   <h1 style="margin-bottom: 2rem; font-size: 2rem; font-weight: 300; border-bottom: 1px solid white; padding-bottom: 0.25rem; border-color: hsla(196, 13%, 60%, 1)">
-                      IHP
+                      
                   </h1>
 
                   <h2 style="margin-top: 0; margin-bottom: 0rem; font-weight: 900; font-size: 3rem">