mirror of
https://code.sup39.dev/repos/Wqawg
synced 2025-01-07 20:46:45 +09:00
303 lines
12 KiB
Haskell
303 lines
12 KiB
Haskell
{- This file is part of Vervis.
|
||
-
|
||
- Written in 2016 by fr33domlover <fr33domlover@riseup.net>.
|
||
-
|
||
- ♡ Copying is an act of love. Please copy, reuse and share.
|
||
-
|
||
- The author(s) have dedicated all copyright and related and neighboring
|
||
- rights to this software to the public domain worldwide. This software is
|
||
- distributed without any warranty.
|
||
-
|
||
- You should have received a copy of the CC0 Public Domain Dedication along
|
||
- with this software. If not, see
|
||
- <http://creativecommons.org/publicdomain/zero/1.0/>.
|
||
-}
|
||
|
||
module Vervis.Foundation where
|
||
|
||
import Prelude (init, last)
|
||
|
||
import Database.Persist.Sql (ConnectionPool, runSqlPool)
|
||
import Text.Hamlet (hamletFile)
|
||
--import Text.Jasmine (minifym)
|
||
import Yesod.Auth.HashDB (authHashDB)
|
||
import Yesod.Auth.Message (AuthMessage (IdentifierNotFound))
|
||
import Yesod.Default.Util (addStaticContentExternal)
|
||
import Yesod.Core.Types (Logger)
|
||
|
||
import qualified Yesod.Core.Unsafe as Unsafe
|
||
--import qualified Data.CaseInsensitive as CI
|
||
import Data.Text as T (pack, intercalate)
|
||
--import qualified Data.Text.Encoding as TE
|
||
|
||
import Text.Jasmine.Local (discardm)
|
||
import Vervis.Import.NoFoundation hiding (last)
|
||
import Vervis.Widget (breadcrumbsW, revisionW)
|
||
|
||
-- | The foundation datatype for your application. This can be a good place to
|
||
-- keep settings and values requiring initialization before your application
|
||
-- starts running, such as database connections. Every handler will have
|
||
-- access to the data present here.
|
||
data App = App
|
||
{ appSettings :: AppSettings
|
||
, appStatic :: Static -- ^ Settings for static file serving.
|
||
, appConnPool :: ConnectionPool -- ^ Database connection pool.
|
||
, appHttpManager :: Manager
|
||
, appLogger :: Logger
|
||
}
|
||
|
||
-- This is where we define all of the routes in our application. For a full
|
||
-- explanation of the syntax, please see:
|
||
-- http://www.yesodweb.com/book/routing-and-handlers
|
||
--
|
||
-- Note that this is really half the story; in Application.hs, mkYesodDispatch
|
||
-- generates the rest of the code. Please see the following documentation
|
||
-- for an explanation for this split:
|
||
-- http://www.yesodweb.com/book/scaffolding-and-the-site-template#scaffolding-and-the-site-template_foundation_and_application_modules
|
||
--
|
||
-- This function also generates the following type synonyms:
|
||
-- type Handler = HandlerT App IO
|
||
-- type Widget = WidgetT App IO ()
|
||
mkYesodData "App" $(parseRoutesFile "config/routes")
|
||
|
||
-- | A convenient synonym for creating forms.
|
||
type Form a = Html -> MForm (HandlerT App IO) (FormResult a, Widget)
|
||
|
||
type AppDB = YesodDB App
|
||
|
||
-- Please see the documentation for the Yesod typeclass. There are a number
|
||
-- of settings which can be configured by overriding methods here.
|
||
instance Yesod App where
|
||
-- Controls the base of generated URLs. For more information on modifying,
|
||
-- see: https://github.com/yesodweb/yesod/wiki/Overriding-approot
|
||
approot = ApprootRequest $ \app req ->
|
||
case appRoot $ appSettings app of
|
||
Nothing -> getApprootText guessApproot app req
|
||
Just root -> root
|
||
|
||
-- Store session data on the client in encrypted cookies,
|
||
-- default session idle timeout is 120 minutes
|
||
makeSessionBackend _ =
|
||
-- sslOnlySessions $
|
||
Just <$>
|
||
defaultClientSessionBackend 120 "config/client_session_key.aes"
|
||
|
||
-- Yesod Middleware allows you to run code before and after each handler function.
|
||
-- The defaultYesodMiddleware adds the response header "Vary: Accept, Accept-Language" and performs authorization checks.
|
||
-- The defaultCsrfMiddleware:
|
||
-- a) Sets a cookie with a CSRF token in it.
|
||
-- b) Validates that incoming write requests include that token in either a header or POST parameter.
|
||
-- For details, see the CSRF documentation in the Yesod.Core.Handler module of the yesod-core package.
|
||
yesodMiddleware =
|
||
-- defaultCsrfMiddleware .
|
||
-- sslOnlyMiddleware 120 .
|
||
defaultYesodMiddleware
|
||
|
||
defaultLayout widget = do
|
||
master <- getYesod
|
||
mmsg <- getMessage
|
||
mperson <- maybeAuth
|
||
(title, bcs) <- breadcrumbs
|
||
|
||
-- We break up the default layout into two components:
|
||
-- default-layout is the contents of the body tag, and
|
||
-- default-layout-wrapper is the entire page. Since the final
|
||
-- value passed to hamletToRepHtml cannot be a widget, this allows
|
||
-- you to use normal widget features in default-layout.
|
||
|
||
pc <- widgetToPageContent $ do
|
||
setTitle $ toHtml $
|
||
T.intercalate " :: " (map snd bcs) <> " :: " <> title
|
||
$(widgetFile "default-layout")
|
||
withUrlRenderer $(hamletFile "templates/default-layout-wrapper.hamlet")
|
||
|
||
-- The page to be redirected to when authentication is required.
|
||
authRoute _ = Just $ AuthR LoginR
|
||
|
||
-- Who can access which pages.
|
||
isAuthorized (ProjectNewR user) _ =
|
||
loggedInAs user "You can’t create projects for other users"
|
||
isAuthorized (RepoNewR user) _ =
|
||
loggedInAs user "You can’t create repos for other users"
|
||
isAuthorized (KeysR user) _ =
|
||
loggedInAs user "You can’t watch keys of other users"
|
||
isAuthorized (KeyR user _key) _ =
|
||
loggedInAs user "You can’t watch keys of other users"
|
||
isAuthorized (KeyNewR user) _ =
|
||
loggedInAs user "You can’t add keys for other users"
|
||
isAuthorized (RepoR shar _) True =
|
||
loggedInAs shar "You can’t modify repos for other users"
|
||
isAuthorized (TicketNewR _ _) _ = loggedIn
|
||
isAuthorized (TicketR user _ _) True =
|
||
loggedInAs user "Only project members can modify this ticket"
|
||
isAuthorized (TicketEditR user _ _) _ =
|
||
loggedInAs user "Only project members can modify this ticket"
|
||
isAuthorized _ _ = return Authorized
|
||
|
||
-- This function creates static content files in the static folder
|
||
-- and names them based on a hash of their content. This allows
|
||
-- expiration dates to be set far in the future without worry of
|
||
-- users receiving stale content.
|
||
addStaticContent ext mime content = do
|
||
master <- getYesod
|
||
let staticDir = appStaticDir $ appSettings master
|
||
addStaticContentExternal
|
||
discardm
|
||
genFileName
|
||
staticDir
|
||
(StaticR . flip StaticRoute [])
|
||
ext
|
||
mime
|
||
content
|
||
where
|
||
-- Generate a unique filename based on the content itself
|
||
genFileName lbs = "autogen-" ++ base64md5 lbs
|
||
|
||
-- What messages should be logged. The following includes all messages when
|
||
-- in development, and warnings and errors in production.
|
||
shouldLog app _source level =
|
||
appShouldLogAll (appSettings app)
|
||
|| level == LevelWarn
|
||
|| level == LevelError
|
||
|
||
makeLogger = return . appLogger
|
||
|
||
-- How to run database actions.
|
||
instance YesodPersist App where
|
||
type YesodPersistBackend App = SqlBackend
|
||
runDB action = do
|
||
master <- getYesod
|
||
runSqlPool action $ appConnPool master
|
||
instance YesodPersistRunner App where
|
||
getDBRunner = defaultGetDBRunner appConnPool
|
||
|
||
instance YesodAuth App where
|
||
type AuthId App = PersonId
|
||
|
||
-- Where to send a user after successful login
|
||
loginDest _ = HomeR
|
||
-- Where to send a user after logout
|
||
logoutDest _ = HomeR
|
||
-- Override the above two destinations when a Referer: header is present
|
||
redirectToReferer _ = True
|
||
|
||
authenticate creds = do
|
||
let ident = credsIdent creds
|
||
mpid <- runDB $ getBy $ UniquePersonLogin $ credsIdent creds
|
||
return $ case mpid of
|
||
Nothing -> UserError $ IdentifierNotFound ident
|
||
Just (Entity pid _) -> Authenticated pid
|
||
{-ps <- select $ from $ \ (sharer, person) -> do
|
||
where_ $
|
||
sharer ^. SharerIdent ==. val ident &&.
|
||
sharer ^. SharerId ==. person ^. PersonIdent
|
||
return (person ^. PersonId, person ^. PersonHash)-}
|
||
{-case x of
|
||
Just (Entity uid _) -> return $ Authenticated uid
|
||
Nothing -> Authenticated <$> insert User
|
||
{ userIdent = credsIdent creds
|
||
, userPassword = Nothing
|
||
}-}
|
||
{-return $ case ps of
|
||
[] -> UserError $ IdentifierNotFound ident
|
||
[(pid, phash)] ->
|
||
_ -> ServerError "Data model error, non-unique ident"
|
||
-}
|
||
|
||
-- You can add other plugins like BrowserID, email or OAuth here
|
||
authPlugins _ = [authHashDB $ Just . UniquePersonLogin]
|
||
|
||
authHttpManager = getHttpManager
|
||
|
||
instance YesodAuthPersist App
|
||
|
||
-- This instance is required to use forms. You can modify renderMessage to
|
||
-- achieve customized and internationalized form validation messages.
|
||
instance RenderMessage App FormMessage where
|
||
renderMessage _ _ = defaultFormMessage
|
||
|
||
-- Useful when writing code that is re-usable outside of the Handler context.
|
||
-- An example is background jobs that send email.
|
||
-- This can also be useful for writing code that works across multiple Yesod
|
||
-- applications.
|
||
instance HasHttpManager App where
|
||
getHttpManager = appHttpManager
|
||
|
||
unsafeHandler :: App -> Handler a -> IO a
|
||
unsafeHandler = Unsafe.fakeHandlerGetLogger appLogger
|
||
|
||
-- Note: Some functionality previously present in the scaffolding has been
|
||
-- moved to documentation in the Wiki. Following are some hopefully helpful
|
||
-- links:
|
||
--
|
||
-- https://github.com/yesodweb/yesod/wiki/Sending-email
|
||
-- https://github.com/yesodweb/yesod/wiki/Serve-static-files-from-a-separate-domain
|
||
-- https://github.com/yesodweb/yesod/wiki/i18n-messages-in-the-scaffolding
|
||
|
||
loggedIn :: Handler AuthResult
|
||
loggedIn = do
|
||
mpid <- maybeAuthId
|
||
case mpid of
|
||
Nothing -> return AuthenticationRequired
|
||
Just _pid -> return Authorized
|
||
|
||
loggedInAs :: Text -> Text -> Handler AuthResult
|
||
loggedInAs ident msg = do
|
||
mp <- maybeAuth
|
||
case mp of
|
||
Nothing -> return AuthenticationRequired
|
||
Just (Entity _pid person) -> do
|
||
let sid = personIdent person
|
||
msharer <- runDB $ get sid
|
||
case msharer of
|
||
Nothing -> return $ Unauthorized $
|
||
"Integrity error: User " <>
|
||
personLogin person <>
|
||
" specified a nonexistent sharer ID"
|
||
Just sharer ->
|
||
if ident == sharerIdent sharer
|
||
then return Authorized
|
||
else return $ Unauthorized msg
|
||
|
||
instance YesodBreadcrumbs App where
|
||
breadcrumb route = return $ case route of
|
||
HomeR -> ("Home", Nothing)
|
||
|
||
PeopleR -> ("People", Just HomeR)
|
||
PersonNewR -> ("New", Just PeopleR)
|
||
PersonR shar -> (shar, Just PeopleR)
|
||
|
||
KeysR shar -> ("Keys", Just $ PersonR shar)
|
||
KeyNewR shar -> ("New", Just $ KeysR shar)
|
||
KeyR shar key -> (key, Just $ KeysR shar)
|
||
|
||
ReposR shar -> ("Repos", Just $ PersonR shar)
|
||
RepoNewR shar -> ("New", Just $ ReposR shar)
|
||
RepoR shar repo -> (repo, Just $ ReposR shar)
|
||
RepoSourceR shar repo [] -> ("Files", Just $ RepoR shar repo)
|
||
RepoSourceR shar repo refdir -> ( last refdir
|
||
, Just $
|
||
RepoSourceR shar repo $
|
||
init refdir
|
||
)
|
||
RepoHeadChangesR shar repo -> ("Changes", Just $ RepoR shar repo)
|
||
RepoChangesR shar repo ref -> ( ref
|
||
, Just $ RepoHeadChangesR shar repo
|
||
)
|
||
|
||
ProjectsR shar -> ("Projects", Just $ PersonR shar)
|
||
ProjectNewR shar -> ("New", Just $ ProjectsR shar)
|
||
ProjectR shar proj -> (proj, Just $ ProjectsR shar)
|
||
|
||
TicketsR shar proj -> ( "Tickets"
|
||
, Just $ ProjectR shar proj
|
||
)
|
||
TicketNewR shar proj -> ("New", Just $ TicketsR shar proj)
|
||
TicketR shar proj num -> ( T.pack $ '#' : show num
|
||
, Just $ TicketsR shar proj
|
||
)
|
||
TicketEditR shar proj num -> ( "Edit"
|
||
, Just $ TicketR shar proj num
|
||
)
|
||
|
||
_ -> ("", Nothing)
|