Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementing Middlewares #10

Merged
merged 20 commits into from
Jul 16, 2024
Merged

Implementing Middlewares #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
d3867dd
check if a user already exists
PizieDust Jul 3, 2024
38f54fd
deode_request_body to dedicated function
PizieDust Jul 4, 2024
6970a99
add sign in url
PizieDust Jul 4, 2024
a4ab002
add sign in page
PizieDust Jul 4, 2024
bfe8e75
add sign in logic
PizieDust Jul 4, 2024
930ce92
refactor
PizieDust Jul 4, 2024
b86a248
handle login of users
PizieDust Jul 4, 2024
e0d68a3
fix typo
PizieDust Jul 4, 2024
273dae2
javascript to call login endpoints
PizieDust Jul 6, 2024
6709221
add cookies for users
PizieDust Jul 6, 2024
31e47a0
fix styling issues on frontend sign up
PizieDust Jul 6, 2024
f6dbdf8
stop tracking keys
PizieDust Jul 6, 2024
94d5221
update users on disk
PizieDust Jul 6, 2024
b57f80b
add auth control cookies and middleware checks
PizieDust Jul 6, 2024
3a47dc5
add auth middleware functionality
PizieDust Jul 6, 2024
54a6154
use emile to validate emails
PizieDust Jul 16, 2024
fad51c2
refactor according to reviews
PizieDust Jul 16, 2024
f930792
lint
PizieDust Jul 16, 2024
1f96f68
add a utils module to handle commonly used code
PizieDust Jul 16, 2024
545c1a2
update styles
PizieDust Jul 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ dune-workspace
dune.build
dune.config
Makefile
mirage
mirage
keys
2 changes: 1 addition & 1 deletion assets/style.css
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions config.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ let mollymawk =
package "multipart_form";
package "mirage-crypto-rng";
package "uuidm";
package "emile";
package "paf" ~sublibs:[ "mirage" ] ~min:"0.5.0";
package "oneffs";
]
Expand Down
84 changes: 84 additions & 0 deletions middleware.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
type handler = Httpaf.Reqd.t -> unit Lwt.t
type middleware = handler -> handler

let has_session_cookie (reqd : Httpaf.Reqd.t) : bool =
let headers = (Httpaf.Reqd.request reqd).headers in
match Httpaf.Headers.get headers "Cookie" with
| Some cookies ->
let cookie_list = String.split_on_char ';' cookies in
List.exists
(fun cookie ->
let parts = String.trim cookie |> String.split_on_char '=' in
match parts with
| [ name; _ ] -> String.equal name "molly_session"
| _ -> false)
cookie_list
| _ -> false

let apply_middleware middlewares handler =
List.fold_right (fun middleware acc -> middleware acc) middlewares handler

let redirect_to_login reqd ?(msg = "") () =
let headers = Httpaf.Headers.of_list [ ("location", "/sign-in") ] in
let response = Httpaf.Response.create ~headers `Found in
Httpaf.Reqd.respond_with_string reqd response msg;
Lwt.return_unit

let redirect_to_dashboard reqd ?(msg = "") () =
let headers = Httpaf.Headers.of_list [ ("location", "/dashboard") ] in
let response = Httpaf.Response.create ~headers `Found in
Httpaf.Reqd.respond_with_string reqd response msg;
Lwt.return_unit

let auth_middleware ~users handler reqd =
let headers = (Httpaf.Reqd.request reqd).headers in
match Httpaf.Headers.get headers "Cookie" with
| Some cookies -> (
let cookie_list = String.split_on_char ';' cookies in
let session_cookie =
List.find_opt
(fun cookie ->
let parts = String.trim cookie |> String.split_on_char '=' in
match parts with
| [ name; _ ] -> String.equal name "molly_session"
| _ -> false)
cookie_list
in
match session_cookie with
| Some cookie -> (
let parts = String.trim cookie |> String.split_on_char '=' in
let value = List.nth parts 1 in
match User_model.find_user_by_key value users with
| Some user -> (
let user_session =
List.find_opt
(fun (cookie : User_model.cookie) ->
String.equal cookie.name "molly_session")
user.cookies
in
match user_session with
| Some cookie -> (
match String.equal cookie.value value with
| true -> handler reqd
| false ->
Logs.err (fun m ->
m
"auth-middleware: Session value doesn't match user \
session %s\n"
value);
redirect_to_login reqd ())
| None ->
Logs.err (fun m ->
m "auth-middleware: User doesn't have a session cookie.\n");
redirect_to_login reqd ())
| None ->
Logs.err (fun m ->
m "auth-middleware: Failed to find user with key %s\n" value);
redirect_to_login reqd ())
| None ->
Logs.err (fun m ->
m "auth-middleware: No molly-session in cookie header.");
redirect_to_login reqd ())
| _ ->
Logs.err (fun m -> m "auth-middleware: No Cookie in request headers.\n");
redirect_to_login reqd ()
277 changes: 277 additions & 0 deletions sign_in.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,277 @@
open Tyxml

let login_page ~icon () =
let page =
Html.(
html
(Header_layout.header ~page_title:"Sign in | Mollymawk" ~icon ())
(body
[
section
~a:[ a_class [ "max-w-7xl relative px-5 mx-auto" ] ]
[
div
~a:[ a_class [ "absolute" ] ]
[
img
~a:[ a_class [ "md:w-20 w-14" ] ]
~src:"/images/robur.png" ~alt:"Robur.coop" ();
];
];
main
~a:
[
a_class
[
"w-full grid md:grid-cols-3 grid-cols-1 text-gray-700 \
md:h-screen";
];
]
[
section
~a:
[
a_class
[
"h-full flex justify-center items-center col-span-2 \
md:py-10 py-5";
];
]
[
div
~a:[ a_class [ "w-full max-w-lg mt-16 pb-16 mx-auto" ] ]
[
h1
~a:
[
a_class
[
"font-semibold text-2xl md:text-3xl mb-8 \
text-primary-800 p-6";
];
]
[ txt "Sign in to Your Account" ];
div
~a:[ a_class [ "space-y-6 mt-8 shadow-md p-6" ] ]
[
p ~a:[ a_id "form-alert" ] [];
div
[
label
~a:
[
a_class [ "block text-sm font-medium" ];
a_label_for "email";
]
[ txt "Email Address*" ];
input
~a:
[
a_autocomplete `On;
a_input_type `Text;
a_name "email";
a_id "email";
a_class
[
"ring-primary-100 mt-1.5 transition \
appearance-none block w-full px-3 \
py-3 rounded-xl shadow-sm border \
hover:border-primary-200\n\
\ \
focus:border-primary-300 \
bg-primary-50 bg-opacity-0 \
hover:bg-opacity-50 \
focus:bg-opacity-50 \
ring-primary-200 \
focus:ring-primary-200\n\
\ \
focus:ring-[1px] \
focus:outline-none";
];
]
();
p ~a:[ a_id "email-alert" ] [];
];
div
[
label
~a:
[
a_class [ "block text-sm font-medium" ];
a_label_for "password";
]
[ txt "Password*" ];
input
~a:
[
a_input_type `Password;
a_name "password";
a_id "password";
a_class
[
"ring-primary-100 mt-1.5 transition \
appearance-none block w-full px-3 \
py-3 rounded-xl shadow-sm border \
hover:border-primary-200\n\
\ \
focus:border-primary-300 \
bg-primary-50 bg-opacity-0 \
hover:bg-opacity-50 \
focus:bg-opacity-50 \
ring-primary-200 \
focus:ring-primary-200\n\
\ \
focus:ring-[1px] \
focus:outline-none";
];
]
();
p ~a:[ a_id "password-alert" ] [];
];
div
~a:
[
a_class
[
"flex items-center justify-between \
text-sm font-medium text-primary-500";
];
]
[
a
~a:
[
a_class
[
"hover:text-primary-800 \
transition-colors cursor-pointer";
];
]
[ txt "Forgot Your Password?" ];
a
~a:
[
a_href "/sign-up";
a_class
[
"hover:text-primary-800 \
transition-colors cursor-pointer";
];
]
[ txt "Need an account?" ];
];
div
[
button
~a:
[
a_id "login-button";
a_class
[
"py-3 rounded bg-primary-500 \
hover:bg-primary-800 w-full \
text-gray-50 font-semibold";
];
]
[ txt "Sign In" ];
];
];
];
];
aside
~a:
[
a_class
[ "relative h-full p-16 col-span-1 md:block hidden" ];
]
[
img ~src:"/images/molly_bird.jpeg"
~alt:"Mollymawk delivering unikernels"
~a:
[
a_class
[
"absolute inset-1 max-w-none w-full h-full \
object-cover";
];
]
();
];
];
Footer_layout.footer;
Tyxml.Html.Unsafe.data
"<script>\n\
\ const loginButton = \
document.getElementById('login-button')\n\
\ loginButton.addEventListener('click', async \
function() {\n\
\ const email = \
document.getElementById('email').value.toLowerCase()\n\
\ const password = \
document.getElementById('password').value\n\
\ let form_alert = \
document.getElementById('form-alert')\n\
\ let email_alert = \
document.getElementById('email-alert')\n\
\ let password_alert = \
document.getElementById('password-alert')\n\
\ form_alert.classList.add('hidden')\n\
\ email_alert.classList.add('hidden')\n\
\ password_alert.classList.add('hidden')\n\
\ if (!email || !password) {\n\
\ form_alert.classList.remove('hidden')\n\
\ \
form_alert.classList.add('text-secondary-500', 'block')\n\
\ form_alert.textContent = 'All fields are \
required'\n\
\ return;\n\
\ }\n\
\ const emailPattern = \
/^[a-zA-Z0-9.$_!]+@[a-zA-Z0-9]+\\.[a-z]{2,3}$/;\n\
\ if (!emailPattern.test(email)) {\n\
\ email_alert.classList.remove('hidden')\n\
\ \
email_alert.classList.add('text-secondary-500', 'block')\n\
\ email_alert.textContent = 'Please enter \
a valid email address.'\n\
\ return;\n\
\ }\n\
\ if (password.length < 8) {\n\
\ password_alert.classList.remove('hidden')\n\
\ \
password_alert.classList.add('text-secondary-500', 'block')\n\
\ password_alert.textContent = 'Password \
must be at least 8 characters long.'\n\
\ return;\n\
\ }\n\
\ try {\n\
\ const response = await \
fetch('/api/login', {\n\
\ method: 'POST',\n\
\ headers: {\n\
\ 'Content-Type': \
'application/json',\n\
\ },\n\
\ body: \
JSON.stringify({email, password })\n\
\ })\n\
\ const data = await response.json();\n\
\ if (data.status === 200) {\n\
\ window.location.replace('/dashboard')\n\
\ } else {\n\
\ form_alert.classList.remove('hidden')\n\
\ \
form_alert.classList.add('text-secondary-500', 'block')\n\
\ form_alert.textContent = data.message\n\
\ }\n\
\ } catch (error) {\n\
\ form_alert.classList.remove('hidden')\n\
\ \
form_alert.classList.add('text-secondary-500', 'block')\n\
\ form_alert.textContent = error\n\
\ return;\n\
\ }})\n\
\ </script>";
]))
in
Format.asprintf "%a" (Html.pp ()) page
Loading
Loading