update main routes

This commit is contained in:
shibao 2022-02-25 21:55:17 -05:00
parent 5138fa1c6e
commit 8cd75c7358
3 changed files with 89 additions and 47 deletions

View File

@ -1,10 +1,13 @@
defmodule Lokal.Accounts.User do defmodule Lokal.Accounts.User do
@moduledoc """ @moduledoc """
Schema for a registered user A Lokal user
""" """
use Ecto.Schema use Ecto.Schema
import Ecto.Changeset import Ecto.Changeset
import LokalWeb.Gettext
alias Ecto.{Changeset, UUID}
alias Lokal.{Accounts.User, Invites.Invite}
@derive {Inspect, except: [:password]} @derive {Inspect, except: [:password]}
@primary_key {:id, :binary_id, autogenerate: true} @primary_key {:id, :binary_id, autogenerate: true}
@ -14,10 +17,27 @@ defmodule Lokal.Accounts.User do
field :password, :string, virtual: true field :password, :string, virtual: true
field :hashed_password, :string field :hashed_password, :string
field :confirmed_at, :naive_datetime field :confirmed_at, :naive_datetime
field :role, Ecto.Enum, values: [:admin, :user], default: :user
has_many :invites, Invite, on_delete: :delete_all
timestamps() timestamps()
end end
@type t :: %User{
id: id(),
email: String.t(),
password: String.t(),
hashed_password: String.t(),
confirmed_at: NaiveDateTime.t(),
role: atom(),
invites: [Invite.t()],
inserted_at: NaiveDateTime.t(),
updated_at: NaiveDateTime.t()
}
@type new_user :: %User{}
@type id :: UUID.t()
@doc """ @doc """
A user changeset for registration. A user changeset for registration.
@ -35,22 +55,39 @@ defmodule Lokal.Accounts.User do
validations on a LiveView form), this option can be set to `false`. validations on a LiveView form), this option can be set to `false`.
Defaults to `true`. Defaults to `true`.
""" """
@spec registration_changeset(t() | new_user(), attrs :: map()) :: Changeset.t(t() | new_user())
@spec registration_changeset(t() | new_user(), attrs :: map(), opts :: keyword()) ::
Changeset.t(t() | new_user())
def registration_changeset(user, attrs, opts \\ []) do def registration_changeset(user, attrs, opts \\ []) do
user user
|> cast(attrs, [:email, :password]) |> cast(attrs, [:email, :password, :role])
|> validate_email() |> validate_email()
|> validate_password(opts) |> validate_password(opts)
end end
@doc """
A user changeset for role.
"""
@spec role_changeset(t(), role :: atom()) :: Changeset.t(t())
def role_changeset(user, role) do
user |> cast(%{"role" => role}, [:role])
end
@spec validate_email(Changeset.t(t() | new_user())) :: Changeset.t(t() | new_user())
defp validate_email(changeset) do defp validate_email(changeset) do
changeset changeset
|> validate_required([:email]) |> validate_required([:email])
|> validate_format(:email, ~r/^[^\s]+@[^\s]+$/, message: "must have the @ sign and no spaces") |> validate_format(:email, ~r/^[^\s]+@[^\s]+$/,
message: dgettext("errors", "must have the @ sign and no spaces")
)
|> validate_length(:email, max: 160) |> validate_length(:email, max: 160)
|> unsafe_validate_unique(:email, Lokal.Repo) |> unsafe_validate_unique(:email, Lokal.Repo)
|> unique_constraint(:email) |> unique_constraint(:email)
end end
@spec validate_password(Changeset.t(t() | new_user()), opts :: keyword()) ::
Changeset.t(t() | new_user())
defp validate_password(changeset, opts) do defp validate_password(changeset, opts) do
changeset changeset
|> validate_required([:password]) |> validate_required([:password])
@ -61,6 +98,8 @@ defmodule Lokal.Accounts.User do
|> maybe_hash_password(opts) |> maybe_hash_password(opts)
end end
@spec maybe_hash_password(Changeset.t(t() | new_user()), opts :: keyword()) ::
Changeset.t(t() | new_user())
defp maybe_hash_password(changeset, opts) do defp maybe_hash_password(changeset, opts) do
hash_password? = Keyword.get(opts, :hash_password, true) hash_password? = Keyword.get(opts, :hash_password, true)
password = get_change(changeset, :password) password = get_change(changeset, :password)
@ -79,13 +118,14 @@ defmodule Lokal.Accounts.User do
It requires the email to change otherwise an error is added. It requires the email to change otherwise an error is added.
""" """
@spec email_changeset(t(), attrs :: map()) :: Changeset.t(t())
def email_changeset(user, attrs) do def email_changeset(user, attrs) do
user user
|> cast(attrs, [:email]) |> cast(attrs, [:email])
|> validate_email() |> validate_email()
|> case do |> case do
%{changes: %{email: _}} = changeset -> changeset %{changes: %{email: _}} = changeset -> changeset
%{} = changeset -> add_error(changeset, :email, "did not change") %{} = changeset -> add_error(changeset, :email, dgettext("errors", "did not change"))
end end
end end
@ -101,19 +141,22 @@ defmodule Lokal.Accounts.User do
validations on a LiveView form), this option can be set to `false`. validations on a LiveView form), this option can be set to `false`.
Defaults to `true`. Defaults to `true`.
""" """
@spec password_changeset(t(), attrs :: map()) :: Changeset.t(t())
@spec password_changeset(t(), attrs :: map(), opts :: keyword()) :: Changeset.t(t())
def password_changeset(user, attrs, opts \\ []) do def password_changeset(user, attrs, opts \\ []) do
user user
|> cast(attrs, [:password]) |> cast(attrs, [:password])
|> validate_confirmation(:password, message: "does not match password") |> validate_confirmation(:password, message: dgettext("errors", "does not match password"))
|> validate_password(opts) |> validate_password(opts)
end end
@doc """ @doc """
Confirms the account by setting `confirmed_at`. Confirms the account by setting `confirmed_at`.
""" """
def confirm_changeset(user) do @spec confirm_changeset(t() | Changeset.t(t())) :: Changeset.t(t())
def confirm_changeset(user_or_changeset) do
now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second) now = NaiveDateTime.utc_now() |> NaiveDateTime.truncate(:second)
change(user, confirmed_at: now) user_or_changeset |> change(confirmed_at: now)
end end
@doc """ @doc """
@ -122,7 +165,8 @@ defmodule Lokal.Accounts.User do
If there is no user or the user doesn't have a password, we call If there is no user or the user doesn't have a password, we call
`Bcrypt.no_user_verify/0` to avoid timing attacks. `Bcrypt.no_user_verify/0` to avoid timing attacks.
""" """
def valid_password?(%Lokal.Accounts.User{hashed_password: hashed_password}, password) @spec valid_password?(t(), String.t()) :: boolean()
def valid_password?(%User{hashed_password: hashed_password}, password)
when is_binary(hashed_password) and byte_size(password) > 0 do when is_binary(hashed_password) and byte_size(password) > 0 do
Bcrypt.verify_pass(password, hashed_password) Bcrypt.verify_pass(password, hashed_password)
end end
@ -135,11 +179,10 @@ defmodule Lokal.Accounts.User do
@doc """ @doc """
Validates the current password otherwise adds an error to the changeset. Validates the current password otherwise adds an error to the changeset.
""" """
@spec validate_current_password(Changeset.t(t()), String.t()) :: Changeset.t(t())
def validate_current_password(changeset, password) do def validate_current_password(changeset, password) do
if valid_password?(changeset.data, password) do if valid_password?(changeset.data, password),
changeset do: changeset,
else else: changeset |> add_error(:current_password, dgettext("errors", "is not valid"))
add_error(changeset, :current_password, "is not valid")
end
end end
end end

View File

@ -1,5 +1,6 @@
defmodule LokalWeb.Router do defmodule LokalWeb.Router do
use LokalWeb, :router use LokalWeb, :router
import Phoenix.LiveDashboard.Router
import LokalWeb.UserAuth import LokalWeb.UserAuth
pipeline :browser do pipeline :browser do
@ -12,6 +13,10 @@ defmodule LokalWeb.Router do
plug :fetch_current_user plug :fetch_current_user
end end
pipeline :require_admin do
plug :require_role, role: :admin
end
pipeline :api do pipeline :api do
plug :accepts, ["json"] plug :accepts, ["json"]
end end
@ -22,39 +27,6 @@ defmodule LokalWeb.Router do
live "/", PageLive live "/", PageLive
end end
# Other scopes may use custom stacks.
# scope "/api", LokalWeb do
# pipe_through :api
# end
# Enables LiveDashboard only for development
#
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
if Mix.env() in [:dev, :test] do
import Phoenix.LiveDashboard.Router
scope "/" do
pipe_through :browser
live_dashboard "/dashboard", metrics: LokalWeb.Telemetry
end
end
# Enables the Swoosh mailbox preview in development.
#
# Note that preview only shows emails that were sent by the same
# node running the Phoenix server.
if Mix.env() == :dev do
scope "/dev" do
pipe_through :browser
forward "/mailbox", Plug.Swoosh.MailboxPreview
end
end
## Authentication routes ## Authentication routes
scope "/", LokalWeb do scope "/", LokalWeb do
@ -75,9 +47,20 @@ defmodule LokalWeb.Router do
get "/users/settings", UserSettingsController, :edit get "/users/settings", UserSettingsController, :edit
put "/users/settings", UserSettingsController, :update put "/users/settings", UserSettingsController, :update
delete "/users/settings/:id", UserSettingsController, :delete
get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email get "/users/settings/confirm_email/:token", UserSettingsController, :confirm_email
end end
scope "/", LokalWeb do
pipe_through [:browser, :require_authenticated_user, :require_admin]
live_dashboard "/dashboard", metrics: LokalWeb.Telemetry, ecto_repos: [Lokal.Repo]
live "/invites", InviteLive.Index, :index
live "/invites/new", InviteLive.Index, :new
live "/invites/:id/edit", InviteLive.Index, :edit
end
scope "/", LokalWeb do scope "/", LokalWeb do
pipe_through [:browser] pipe_through [:browser]
@ -86,4 +69,20 @@ defmodule LokalWeb.Router do
post "/users/confirm", UserConfirmationController, :create post "/users/confirm", UserConfirmationController, :create
get "/users/confirm/:token", UserConfirmationController, :confirm get "/users/confirm/:token", UserConfirmationController, :confirm
end end
# Enables the Swoosh mailbox preview in development.
#
# Note that preview only shows emails that were sent by the same
# node running the Phoenix server.
if Mix.env() == :dev do
scope "/dev" do
pipe_through :browser
forward "/mailbox", Plug.Swoosh.MailboxPreview
end
scope "/dev" do
get "/preview/:id", LokalWeb.EmailController, :preview
end
end
end end

View File

@ -1,6 +1,6 @@
defmodule LokalWeb.Telemetry do defmodule LokalWeb.Telemetry do
@moduledoc """ @moduledoc """
Telemetry genserver Collects telemetry
""" """
use Supervisor use Supervisor