blob: da48878c2ed1a8754e638a3a5087999b43f2cfe3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
{-# LANGUAGE OverloadedStrings #-}
module Secure
( loggedAction
, getUserFromToken
) where
import Control.Monad.IO.Class (liftIO)
import Data.Text (Text)
import Data.Text.Lazy (fromStrict)
import Network.HTTP.Types.Status (forbidden403)
import Web.Scotty
import Model.Message (getMessage)
import Model.Query (Query)
import Model.User (User)
import qualified LoginSession
import qualified Model.Message.Key as Key
import qualified Model.Query as Query
import qualified Model.SignIn as SignIn
import qualified Model.User as User
loggedAction :: (User -> ActionM ()) -> ActionM ()
loggedAction action = do
maybeToken <- LoginSession.get
case maybeToken of
Just token -> do
maybeUser <- liftIO . Query.run . getUserFromToken $ token
case maybeUser of
Just user ->
action user
Nothing -> do
status forbidden403
html . fromStrict . getMessage $ Key.UnauthorizedSignIn
Nothing -> do
status forbidden403
html . fromStrict . getMessage $ Key.Forbidden
getUserFromToken :: Text -> Query (Maybe User)
getUserFromToken token = do
mbSignIn <- SignIn.getSignIn token
case mbSignIn of
Just signIn ->
User.getUser (SignIn.email signIn)
Nothing ->
return Nothing
|
