/
Hdbc.hs
251 lines (229 loc) · 9.45 KB
/
Hdbc.hs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE ExistentialQuantification #-}
{-# LANGUAGE MultiParamTypeClasses #-}
{-# LANGUAGE FlexibleContexts #-}
module Snap.Snaplet.Auth.Backends.Hdbc where
import Control.Monad.State
import Data.Convertible.Base
import qualified Data.HashMap.Strict as HM
import Data.Lens.Lazy
import Data.List
import qualified Data.Map as DM
import Data.Pool
import Database.HDBC
import Snap.Snaplet
import Snap.Snaplet.Auth
import Snap.Snaplet.Session
import Web.ClientSession
initHdbcAuthManager
:: IConnection conn
=> AuthSettings
-> Lens b (Snaplet SessionManager)
-> IO conn
-> AuthTable
-> Queries
-> SnapletInit b (AuthManager b)
initHdbcAuthManager s l conn tbl qs = initHdbcAuthManager' s l pool tbl qs
where pool = createPool conn disconnect 1 5 1
initHdbcAuthManager'
:: IConnection conn
=> AuthSettings
-> Lens b (Snaplet SessionManager)
-> IO (Pool conn)
-> AuthTable
-> Queries
-> SnapletInit b (AuthManager b)
initHdbcAuthManager' s l pool tbl qs =
makeSnaplet "HdbcAuthManager"
"A snaplet providing user authentication using an HDBC backend"
Nothing $ liftIO $ do
key <- getKey (asSiteKey s)
pl <- pool
return AuthManager {
backend = HdbcAuthManager pl tbl qs
, session = l
, activeUser = Nothing
, minPasswdLen = asMinPasswdLen s
, rememberCookieName = asRememberCookieName s
, rememberPeriod = asRememberPeriod s
, siteKey = key
, lockout = asLockout s
}
data HdbcAuthManager = forall conn. IConnection conn => HdbcAuthManager {
dbpool :: Pool conn
, table :: AuthTable
, qries :: Queries
}
data AuthTable = AuthTable {
tblName :: String
, colId :: String
, colLogin :: String
, colPassword :: String
, colActivatedAt :: String
, colSuspendedAt :: String
, colRememberToken :: String
, colLoginCount :: String
, colFailedLoginCount :: String
, colLockedOutUntil :: String
, colCurrentLoginAt :: String
, colLastLoginAt :: String
, colCurrentLoginIp :: String
, colLastLoginIp :: String
, colCreatedAt :: String
, colUpdatedAt :: String
, colRoles :: String
, colMeta :: String }
defAuthTable :: AuthTable
defAuthTable = AuthTable {
tblName = "users"
, colId = "uid"
, colLogin = "email"
, colPassword = "password"
, colActivatedAt = "activated_at"
, colSuspendedAt = "suspended_at"
, colRememberToken = "remember_token"
, colLoginCount = "login_count"
, colFailedLoginCount = "failed_login_count"
, colLockedOutUntil = "locked_out_until"
, colCurrentLoginAt = "current_login_at"
, colLastLoginAt = "last_login_at"
, colCurrentLoginIp = "current_login_ip"
, colLastLoginIp = "last_login_ip"
, colCreatedAt = "created_at"
, colUpdatedAt = "updated_at"
, colRoles = "roles"
, colMeta = "meta" }
colLst :: [AuthTable -> String]
colLst = [ colLogin
, colPassword
, colActivatedAt
, colSuspendedAt
, colRememberToken
, colLoginCount
, colFailedLoginCount
, colLockedOutUntil
, colCurrentLoginAt
, colLastLoginAt
, colCurrentLoginIp
, colLastLoginIp
, colCreatedAt
, colUpdatedAt
, colRoles
, colMeta ]
data LookupQuery = ByUserId | ByLogin | ByRememberToken
type QueryAndVals = (String, [SqlValue])
type SelectQuery = AuthTable -> LookupQuery -> [SqlValue] -> QueryAndVals
type ModifyQuery = AuthTable -> AuthUser -> QueryAndVals
data Queries = Queries {
selectQuery :: SelectQuery
, saveQuery :: ModifyQuery
, deleteQuery :: ModifyQuery
}
defQueries :: Queries
defQueries = Queries {
selectQuery = defSelectQuery
, saveQuery = defSaveQuery
, deleteQuery = defDeleteQuery }
defSelectQuery :: SelectQuery
defSelectQuery tbl luq sqlVals = case luq of
ByUserId -> (mkSelect colId, sqlVals)
ByLogin -> (mkSelect colLogin, sqlVals)
ByRememberToken -> (mkSelect colRememberToken, sqlVals)
where mkSelect whr = "SELECT * FROM " ++ tblName tbl ++ " WHERE " ++
whr tbl ++ " = ? "
defSaveQuery :: ModifyQuery
defSaveQuery tbl au = (mkQry uid, mkVals uid)
where uid = userId au
mkQry Nothing = "INSERT INTO " ++ tblName tbl ++ " (" ++
intercalate "," (map (\f -> f tbl) colLst)
++ ") VALUES (" ++
intercalate "," (map (const "?") colLst)
++ ")"
mkQry (Just _) = "UPDATE " ++ tblName tbl ++ " SET " ++
intercalate "," (map (\f -> f tbl ++ " = ?") colLst)
++ " WHERE " ++ colId tbl ++ " = ?"
mkVals Nothing = mkVals'
mkVals (Just i) = mkVals' ++ [toSql i]
mkVals' = [ toSql $ userLogin au
, toSql $ userPassword au
, toSql $ userActivatedAt au
, toSql $ userSuspendedAt au
, toSql $ userRememberToken au
, toSql $ userLoginCount au
, toSql $ userFailedLoginCount au
, toSql $ userLockedOutUntil au
, toSql $ userCurrentLoginAt au
, toSql $ userLastLoginAt au
, toSql $ userCurrentLoginIp au
, toSql $ userLastLoginIp au
, toSql $ userCreatedAt au
, toSql $ userUpdatedAt au
, SqlNull -- userRoles au TODO: Implement when ACL system is live
, SqlNull -- userMeta au TODO: What should we store here?
]
defDeleteQuery :: ModifyQuery
defDeleteQuery tbl ausr =
case userId ausr of
Nothing -> error "Cannot delete user without unique ID"
Just uid -> ( "DELETE FROM " ++ tblName tbl ++ " WHERE " ++
colId tbl ++ " = ? "
, [toSql uid])
instance Convertible Password SqlValue where
safeConvert (ClearText bs) = Right $ toSql bs
safeConvert (Encrypted bs) = Right $ toSql bs
instance Convertible UserId SqlValue where
safeConvert (UserId uid) = Right $ toSql uid
instance IAuthBackend HdbcAuthManager where
destroy (HdbcAuthManager pool tbl qs) au = withResource pool $
\conn -> withTransaction conn $ \conn' -> do
let (qry, vals) = deleteQuery qs tbl au
stmt <- prepare conn' qry
_ <- execute stmt vals
return ()
save (HdbcAuthManager pool tbl qs) au = withResource pool $
\conn -> withTransaction conn $ \conn' -> do
let (qry, vals) = saveQuery qs tbl au
stmt <- prepare conn' qry
_ <- execute stmt vals
-- TODO: Retrieve row to populate ID field after an INSERT... by username? By all fields
return au
lookupByUserId mgr@(HdbcAuthManager _ tbl qs) uid = authQuery mgr $
selectQuery qs tbl ByUserId [toSql uid]
lookupByLogin mgr@(HdbcAuthManager _ tbl qs) lgn = authQuery mgr $
selectQuery qs tbl ByLogin [toSql lgn]
lookupByRememberToken mgr@(HdbcAuthManager _ tbl qs) rmb = authQuery mgr $
selectQuery qs tbl ByRememberToken [toSql rmb]
authQuery :: HdbcAuthManager -> QueryAndVals -> IO (Maybe AuthUser)
authQuery (HdbcAuthManager pool tbl _) (qry, vals) = withResource pool $ \conn -> withTransaction conn $
\conn' -> do
stmt <- prepare conn' qry
_ <- execute stmt vals
res <- fetchRowMap stmt
case res of
Nothing -> return Nothing
Just mp -> return $ Just mkUser
where colLU col' = mp DM.! col' tbl
rdSql con col' = case colLU col' of
SqlNull -> Nothing
x -> Just . con $ fromSql x
rdInt col = case colLU col of
SqlNull -> 0
x -> fromSql x
mkUser = AuthUser {
userId = rdSql UserId colId
, userLogin = fromSql $ colLU colLogin
, userPassword = rdSql Encrypted colPassword
, userActivatedAt = rdSql id colActivatedAt
, userSuspendedAt = rdSql id colSuspendedAt
, userRememberToken = rdSql id colRememberToken
, userLoginCount = rdInt colLoginCount
, userFailedLoginCount = rdInt colFailedLoginCount
, userLockedOutUntil = rdSql id colLockedOutUntil
, userCurrentLoginAt = rdSql id colCurrentLoginAt
, userLastLoginAt = rdSql id colLastLoginAt
, userCurrentLoginIp = rdSql id colCurrentLoginIp
, userLastLoginIp = rdSql id colLastLoginIp
, userCreatedAt = rdSql id colCreatedAt
, userUpdatedAt = rdSql id colUpdatedAt
, userRoles = [] -- :: [Role] TODO
, userMeta = HM.empty } -- :: HashMap Text Value TODO