Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {-# LANGUAGE OverloadedStrings #-}
- module Auth where
- import API
- import Control.Monad.IO.Class
- import qualified Data.ByteString.Char8 as BS
- import qualified Data.Text as T
- import qualified Data.Text as T
- import Data.Text.Encoding (decodeUtf8)
- import Data.Text.Encoding (decodeUtf8)
- import qualified Database.SQLite.Simple as S
- import Servant
- import System.POSIX.Crypt.SHA512
- initDB :: FilePath -> IO ()
- initDB dbfile = S.withConnection dbfile $ \conn ->
- S.execute_ conn
- "CREATE TABLE IF NOT EXISTS users ( `id` INTEGER PRIMARY KEY AUTOINCREMENT\
- \, `email` TEXT NOT NULL\
- \, `password` TEXT NOT NULL\
- \)"
- checkPassword :: String -> String -> Bool
- checkPassword pass hashed =
- let pass' = (maybe "messed up" (T.unpack . decodeUtf8) $ cryptSHA512 (BS.pack pass) (BS.pack hashed))
- in
- pass' == hashed
- checkBasicAuth :: FilePath -> BasicAuthCheck User
- checkBasicAuth dbfile = BasicAuthCheck $ \basicAuthData ->
- let username = T.unpack $ decodeUtf8 (basicAuthUsername basicAuthData)
- password = T.unpack $ decodeUtf8 (basicAuthPassword basicAuthData)
- queryData = (S.Only username) :: (S.Only String)
- in
- liftIO . S.withConnection dbfile $ \conn -> do
- r <- S.query conn "SELECT id,email,password FROM users WHERE email = ?" queryData :: IO [(Int, String, String)]
- return $ case length r of
- 0 -> BadPassword
- _ -> let (uID, uName, uHash) = head r in
- if checkPassword password (drop 14 uHash)
- then Authorized (User uID uName)
- else BadPassword
Add Comment
Please, Sign In to add comment
