Bubblegumdrop
/
cl-deck-builder2
1
1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Yu-Gi-Oh! Deck Building and Card Inventory Management web interface written in Common Lisp, utilizing HTMX.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
5.3MB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cl-deck-builder2/src/web/user.lisp

185 lines
7.1KB
Raw Permalink Blame History 

  1. #|

  2. 

  3. src/web/user.lisp

  4. 

  5. User Interaction Frontend

  6. 

  7. |#

  8. 

  9. (in-package :cl-deck-builder2.web)

  10. 

  11. ;; This seems to be okay. The intent of overriding HERMETIC::AUTHORIZE

  12. ;; is we use MITO-AUTH for user authentication and their class isn't

  13. ;; just a password hash. So this is an undocumented way of customizing

  14. ;; authorization method using HERMETIC.

  15. (defun hermetic::authorize (username password)

  16.   (let ((object (funcall hermetic::*user-p* username)))

  17.     (and object

  18.          (string= (mito-auth:password-hash object)

  19.                   (mito-auth::make-password-hash

  20.                    password

  21.                    (mito-auth:password-salt object))))))

  22. 

  23. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

  24. (defun already-logged-in-redirect ()

  25.   "Tell the user they are already logged in, and send them to the home page."

  26.   (progn

  27.     (flash-error (format nil (_ "You are already logged in as: ~a")

  28.                          (user-name)))

  29.     (redirect "/")))

  30. 

  31. (defun user-exists-register-redirect ()

  32.   "Tell the user that email address already is registered, and send them to the registration page."

  33.   (progn

  34.     (flash-error (_ "A user with that email is already registered."))

  35.     (redirect "/user/register" 302)))

  36. 

  37. (defun login-redirect (email password &optional (target "/"))

  38.   "Try to log in using HERMETIC::LOGIN, and display an appropriate message upon success.

  39. 

  40. TARGET may be set to the redirect target, and is provided from :REQUEST-PATH-INFO in *SESSION*."

  41.   (handler-case

  42.       (ratify:with-parsed-forms

  43.           ((:email email)

  44.            (:string password))

  45.         (let ((params (list :|username| email :|password| password)))

  46.           (login params

  47.                  (progn

  48.                    (flash-message (format nil (_ "Hello, ~a!")

  49.                                           (user-name)))

  50.                    (redirect target))

  51.                  (progn

  52.                    (flash-error (_ "Incorrect password."))

  53.                    (redirect "/user/login"))

  54.                  (progn

  55.                    (flash-error (_ "No user corresponding to this email address."))

  56.                    (redirect "/user/login")))))

  57.     (ratify:combined-error (e)

  58.       (flash-error e)

  59.       (redirect "/user/login" 302))))

  60. 

  61. (defun register-new-user (name email password)

  62.   "Try to register a new user by first SELECTing any matching USERs with EMAIL. If there is a match, use USER-EXISTS-REGISTER-REDIRECT.

  63. Otherwise, create a new user, display the appropriate message, and redirect."

  64.   (handler-case

  65.       (ratify:with-parsed-forms

  66.           ((:string name)

  67.            (:string password)

  68.            (:email email))

  69.         (with-connection (db)

  70.           (let ((found (mito:find-dao 'user :email email)))

  71.             ;; Try to select this username, if a username is returned, the

  72.             ;; user already exists, and display error.

  73.             ;; 

  74.             ;; Otherwise, create the user and add to the database.

  75.             ;; Automatically direct to index.html on success.

  76.             (if found

  77.                 (user-exists-register-redirect)

  78.                 (progn

  79.                   (if (create-user name email password)

  80.                       (progn

  81.                         (flash-message (_ "Success! Please log in."))

  82.                         (redirect "/user/login"))

  83.                       (progn

  84.                         (flash-message (_ "Something went wrong. Try again?"))

  85.                         (redirect "/user/register"))))))))

  86.     (ratify:combined-error (e)

  87.       (flash-error e)

  88.       (flash-error (_ "Something went wrong. Try again?"))

  89.       (redirect "/user/register"))))

  90. 

  91. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

  92. (defun render-user-list (&optional (tpl #P"user/index.html"))

  93.   "Helper function. Display User Index page."

  94.   (render-with-env tpl

  95.                    `(:active "/user"

  96.                      :user-list ,(select-dao 'user))))

  97. 

  98. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

  99. (defroute ("/user" :method :GET) ()

  100.   "User Settings Main Index Page."

  101.   (with-logged-in-user

  102.     (render-with-env #P"user/index.html"

  103.                      `(:active "/user"))))

  104. 

  105. (defroute ("/user/login" :method :GET) ()

  106.   "User Login Route - require the user to log in."

  107.   ;; Always display the USER/LOGIN page

  108.   (if (ignore-errors

  109.        (logged-in-p))

  110.       (already-logged-in-redirect)

  111.       (render-with-env #P"user/login.html"

  112.                        `(:active "/user"))))

  113. 

  114. (defroute ("/user/login" :method :POST) (&key _parsed)

  115.   "User Login POST Route. We use HERMETIC:LOGGED-IN-P to do all the heavy lifting. LOGIN-REDIRECT does the redirect."

  116.   (v:info :web "POST /user/login => ~a" _parsed)

  117. 

  118.   ;; (v:info :web "REQUEST-PATH-INFO: ~a SESSION-REQUEST-PATH-INFO: ~a"

  119.   ;;         (lack.request:request-path-info *request*)

  120.   ;;         (gethash :request-path-info *session*))

  121. 

  122.   (if (logged-in-p)

  123.       (already-logged-in-redirect)

  124.       (login-redirect (query-param "email" _parsed)

  125.                       (query-param "password" _parsed)

  126.                       (gethash :request-path-info *session*))))

  127. 

  128. ;; TODO successmessage and errormessages

  129. ;; TODO POST /user/logout ? Currently just GET /user/logout will log you out :P

  130. (defroute "/user/logout" ()

  131.   "User Logout Route. GET request. Querying this from anywhere with the LACK.SESSION cookie set will trigger a logout and redirect."

  132.   (logout

  133.    (flash-message (_ "Logged out."))

  134.    (flash-error (_ "You aren't logged in.")))

  135.   (redirect "/" 302))

  136. 

  137. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

  138. ;; Register

  139. ;; TODO React To Session Cookie In default.html

  140. ;; Not sure what this is about^

  141. (defroute ("/user/register" :method :GET) ()

  142.   "User Registration Main Route. Registration required!"

  143.   (let ((logged-in (logged-in-p)))

  144.     (if logged-in

  145.         (already-logged-in-redirect)

  146.         (render-with-env #P"user/register.html"

  147.                          `(:active "/user")))))

  148. 

  149. (defroute ("/user/register" :method :POST) (&key _parsed)

  150.   "User Registration POST Route. REGISTER-NEW-USER does all the work."

  151.   (v:info :web "POST /user/register => ~a" _parsed)

  152. 

  153.   (let ((logged-in (logged-in-p)))

  154.     (if logged-in

  155.         (already-logged-in-redirect)

  156.         (register-new-user (query-param "name" _parsed)

  157.                            (query-param "email" _parsed)

  158.                            (query-param "password" _parsed)))))

  159. 

  160. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

  161. (defroute ("/user/:id/delete" :method :POST) (&key id)

  162.   "User DELETE Route. ADMIN role only."

  163.   (v:info :user "DELETE /user ~d" id)

  164.   (handler-case

  165.       (ratify:with-parsed-forms

  166.           ((:integer id))

  167.         (auth (:admin)

  168.               (with-connection (db)

  169.                 (mito:delete-by-values 'user :id id)

  170.                 "")))

  171.     (ratify:combined-error (e)

  172.       (flash-error e))))

  173. 

  174. (defroute ("/user/:id/roles" :method :GET) (&key id)

  175.   "User Roles Route. ADMIN role only."

  176.   (auth (:admin)

  177.         (format nil "~{~s~^ ~}"

  178.                 (mapcar #'name-of

  179.                         (user-roles-of (find-dao 'user :id id))))))

  180. 

  181. (defroute ("/user/admin" :method :GET) ()

  182.   "Main User List Route. ADMIN role only."

  183.   (auth (:admin)

  184.         (render-user-list #P"user/admin.html")))