kacaii.dev / sigo
๐Ÿ‘ฉโ€๐Ÿš’ Firefighters API written in Gleam!
lustre gleam
fork atom

:passport_control: dont allow user to log in with an inactive account

kacaii.dev 96159187 afcf68a7

verified
+27 -7
+11
server/src/server/auth.gleam
··· 1 1 import gleam/bit_array 2 + import gleam/bool 2 3 import gleam/crypto 3 4 import gleam/list 4 5 import gleam/result ··· 17 18 WrongPassword 18 19 /// User not found in the Databse 19 20 NotFound 21 + /// User account is inactive 22 + AccountDisabled 20 23 } 21 24 22 25 pub const hash_algorithm = crypto.Sha512 ··· 46 49 |> result.replace_error(NotFound), 47 50 ) 48 51 52 + use <- bool.guard(when: !row.is_active, return: Error(AccountDisabled)) 53 + 49 54 let input_bits = 50 55 hash(value: password, salt: ctx.secret_key) 51 56 |> bit_array.from_string ··· 81 86 case err { 82 87 Database(_) -> wisp.internal_server_error() 83 88 NotFound -> wisp.not_found() 89 + 90 + AccountDisabled -> 91 + "Account is disabled" 92 + |> wisp.Text 93 + |> wisp.set_body(wisp.response(401), _) 94 + 84 95 WrongPassword -> 85 96 "Wrong password" 86 97 |> wisp.Text
+9 -3
server/src/server/auth/sql.gleam
··· 15 15 /// > [squirrel package](https://github.com/giacomocavalieri/squirrel). 16 16 /// 17 17 pub type AuthenticateRow { 18 - AuthenticateRow(id: Uuid, password_hash: String) 18 + AuthenticateRow(id: Uuid, password_hash: String, is_active: Bool) 19 19 } 20 20 21 21 /// ๎นณ authenticate an user ··· 30 30 let decoder = { 31 31 use id <- decode.field(0, uuid_decoder()) 32 32 use password_hash <- decode.field(1, decode.string) 33 - decode.success(AuthenticateRow(id:, password_hash:)) 33 + use is_active <- decode.field(2, decode.bool) 34 + decode.success(AuthenticateRow(id:, password_hash:, is_active:)) 34 35 } 35 36 36 37 "-- ๎นณ authenticate an user 37 - select u.id, u.password_hash from public.user_account as u where u.email = $1; 38 + select 39 + u.id, 40 + u.password_hash, 41 + u.is_active 42 + from public.user_account as u 43 + where u.email = $1; 38 44 " 39 45 |> pog.query 40 46 |> pog.parameter(pog.text(arg_1))
+6 -1
server/src/server/auth/sql/authenticate.sql
··· 1 1 -- ๎นณ authenticate an user 2 - select u.id, u.password_hash from public.user_account as u where u.email = $1; 2 + select 3 + u.id, 4 + u.password_hash, 5 + u.is_active 6 + from public.user_account as u 7 + where u.email = $1;
+1 -3
server/src/server/router/login.gleam
··· 71 71 72 72 fn handle_error(err: LoginError) -> Response { 73 73 case err { 74 - Auth(auth.Database(_)) -> wisp.internal_server_error() 75 - Auth(auth.WrongPassword) -> wisp.response(401) 76 - Auth(auth.NotFound) -> wisp.not_found() 74 + Auth(err) -> auth.handle_error(err) 77 75 } 78 76 } 79 77