wip: currently rewriting the project as a full stack application
tangled.org/kacaii.dev/sigo
gleam
:art: pipe values
+59
-86
+25
-44
src/app/domain/user.gleam
+25
-44
src/app/domain/user.gleam
···
87
87
|> result.replace_error(MissingCookie),
88
88
)
89
89
90
-
use user_uuid <- result.try(
91
-
uuid.from_string(maybe_uuid)
92
-
|> result.replace_error(InvalidUUID(maybe_uuid)),
93
-
)
94
-
95
-
Ok(user_uuid)
90
+
uuid.from_string(maybe_uuid)
91
+
|> result.replace_error(InvalidUUID(maybe_uuid))
96
92
}
97
93
98
94
/// Extracts the user UUID from the request and query the DataBase
···
103
99
cookie_name cookie_name: String,
104
100
authorized_roles authorized_roles: List(role.Role),
105
101
) -> Result(#(uuid.Uuid, role.Role), AccessControlError) {
106
-
// Indentify who is sending the request -----------------------------------
102
+
// Indentify who is sending the request
107
103
use user_uuid <- result.try(
108
104
extract_uuid(request:, cookie_name:)
109
105
|> result.map_error(Authentication),
110
106
)
111
107
112
-
// Query the User's role --------------------------------------------------
108
+
// Query the User's role
113
109
use user_role <- result.try(get_user_role(ctx, user_uuid))
114
110
115
-
// Check if that role has authorization -----------------------------------
116
-
use user_role <- result.try(
111
+
// Check if that role has authorization
112
+
use user_role <- result.map(
117
113
list.find(authorized_roles, fn(authorized) { user_role == authorized })
118
114
|> result.replace_error(Authorization(
119
115
user_uuid:,
···
122
118
)),
123
119
)
124
120
125
-
Ok(#(user_uuid, user_role))
121
+
#(user_uuid, user_role)
126
122
}
127
123
128
124
pub fn handle_authentication_error(err: AuthenticationError) {
···
138
134
139
135
pub fn handle_access_control_error(req: wisp.Request, err: AccessControlError) {
140
136
case err {
141
-
Authentication(auth_err) -> handle_authentication_error(auth_err)
142
-
DataBase(db_err) -> web.handle_database_error(db_err)
143
-
RoleNotFound -> {
144
-
// 401 Unauthorized
145
-
let resp = wisp.response(401)
146
-
// Body
147
-
let body =
148
-
wisp.Text("Não foi possível confirmar o Cargo do usuário autenticado")
137
+
Authentication(err) -> handle_authentication_error(err)
138
+
DataBase(err) -> web.handle_database_error(err)
139
+
RoleNotFound ->
140
+
"Não foi possível confirmar o Cargo do usuário autenticado"
141
+
|> wisp.Text
142
+
|> wisp.set_body(wisp.response(401), _)
149
143
150
-
// Send response
151
-
wisp.set_body(resp, body)
144
+
InvalidRole(str) -> {
145
+
let body = "Usuário autenticado possui cargo inválido: " <> str
146
+
wisp.Text(body)
147
+
|> wisp.set_body(wisp.response(401), _)
152
148
}
153
-
154
-
InvalidRole(role_string) ->
155
-
wisp.response(401)
156
-
|> wisp.set_body(wisp.Text(
157
-
"Usuário autenticado possui cargo inválido: " <> role_string,
158
-
))
159
149
160
150
Authorization(user_uuid:, user_role:, authorized_roles:) -> {
161
-
// LOG
162
151
role.log_unauthorized_access_attempt(
163
152
request: req,
164
153
user_uuid:,
···
166
155
required: authorized_roles,
167
156
)
168
157
169
-
// JSON BODY
170
-
let role_to_json = fn(role: role.Role) {
171
-
role.to_string_pt_br(role) |> json.string
172
-
}
173
-
174
-
// Response
175
-
let resp = wisp.response(403)
176
-
let body =
177
-
json.object([
178
-
#("id", json.string(uuid.to_string(user_uuid))),
179
-
#("user_role", json.string(role.to_string_pt_br(user_role:))),
180
-
#("required", json.array(authorized_roles, role_to_json)),
181
-
])
182
-
|> json.to_string
183
-
184
-
wisp.json_response(body, resp.status)
158
+
[
159
+
#("id", json.string(uuid.to_string(user_uuid))),
160
+
#("user_role", json.string(role.to_string_pt_br(user_role:))),
161
+
#("required", json.array(authorized_roles, role.to_json)),
162
+
]
163
+
|> json.object
164
+
|> json.to_string
165
+
|> wisp.json_response(403)
185
166
}
186
167
}
187
168
}
+34
-42
src/app/domain/user/update_user_profile.gleam
+34
-42
src/app/domain/user/update_user_profile.gleam
···
28
28
ctx ctx: Context,
29
29
) -> wisp.Response {
30
30
use <- wisp.require_method(req, http.Put)
31
-
use json_body <- wisp.require_json(req)
31
+
use body <- wisp.require_json(req)
32
32
33
-
case decode.run(json_body, request_body_decoder()) {
33
+
case decode.run(body, body_decoder()) {
34
34
Error(err) -> web.handle_decode_error(err)
35
35
Ok(body) -> handle_body(req, ctx, body)
36
36
}
···
42
42
body: RequestBody,
43
43
) -> wisp.Response {
44
44
case try_update_user(req, ctx, body) {
45
-
Ok(resp) -> wisp.json_response(resp, 200)
46
45
Error(err) -> handle_error(err)
46
+
Ok(resp) -> wisp.json_response(resp, 200)
47
47
}
48
48
}
49
49
50
50
fn handle_error(err: UpdateProfileError) -> wisp.Response {
51
51
case err {
52
-
AccessControl(err) -> user.handle_authentication_error(err)
53
-
UserNotFound(user_uuid) -> {
54
-
let resp = wisp.not_found()
55
-
let body =
56
-
wisp.Text(
57
-
"Usuário não encontrado no Banco de Dados: "
58
-
<> uuid.to_string(user_uuid),
59
-
)
52
+
Authentication(err) -> user.handle_authentication_error(err)
60
53
61
-
wisp.set_body(resp, body)
54
+
NotFound(id) -> {
55
+
let body = "Usuário não encontrado" <> uuid.to_string(id)
56
+
wisp.Text(body)
57
+
|> wisp.set_body(wisp.not_found(), _)
62
58
}
63
-
DatabaseError(err) -> {
59
+
60
+
Database(err) -> {
64
61
case err {
65
62
pog.ConstraintViolated(_, _, constraint: "user_account_email_key") -> {
66
-
let resp = wisp.response(409)
67
-
let body =
68
-
wisp.Text("Email já cadastrado. Por favor, utilize um diferente")
69
-
70
-
wisp.set_body(resp, body)
63
+
"Email já cadastrado. Por favor, utilize um diferente"
64
+
|> wisp.Text
65
+
|> wisp.set_body(wisp.response(409), _)
71
66
}
72
67
73
68
pog.ConstraintViolated(_, _, constraint: "user_account_phone_key") -> {
74
-
let resp = wisp.response(409)
75
-
let body =
76
-
wisp.Text("Telefone já cadastrado. Por favor, utilize um diferente")
77
-
78
-
wisp.set_body(resp, body)
69
+
"Telefone já cadastrado. Por favor, utilize um diferente"
70
+
|> wisp.Text
71
+
|> wisp.set_body(wisp.response(409), _)
79
72
}
80
73
81
74
err -> web.handle_database_error(err)
···
91
84
) -> Result(String, UpdateProfileError) {
92
85
use maybe_id <- result.try(
93
86
user.extract_uuid(req, user.uuid_cookie_name)
94
-
|> result.map_error(AccessControl),
87
+
|> result.map_error(Authentication),
95
88
)
96
89
97
90
use returned <- result.try(
···
102
95
body.email,
103
96
body.phone,
104
97
)
105
-
|> result.map_error(DatabaseError),
98
+
|> result.map_error(Database),
106
99
)
107
100
108
-
case list.first(returned.rows) {
109
-
Error(_) -> Error(UserNotFound(maybe_id))
110
-
Ok(row) -> {
111
-
json.object([
112
-
#("full_name", json.string(row.full_name)),
113
-
#("email", json.string(row.email)),
114
-
#("phone", json.nullable(row.phone, json.string)),
115
-
])
116
-
|> json.to_string
117
-
|> Ok
118
-
}
119
-
}
101
+
use row <- result.map(
102
+
list.first(returned.rows)
103
+
|> result.replace_error(NotFound(maybe_id)),
104
+
)
105
+
106
+
[
107
+
#("full_name", json.string(row.full_name)),
108
+
#("email", json.string(row.email)),
109
+
#("phone", json.nullable(row.phone, json.string)),
110
+
]
111
+
|> json.object
112
+
|> json.to_string
120
113
}
121
114
122
-
/// Updating an user profile can fail
123
115
type UpdateProfileError {
124
116
/// Authentication failed
125
-
AccessControl(user.AuthenticationError)
117
+
Authentication(user.AuthenticationError)
126
118
/// An error occurred when accessing the DataBase
127
-
DatabaseError(pog.QueryError)
119
+
Database(pog.QueryError)
128
120
/// User was not found in the DataBase
129
-
UserNotFound(uuid.Uuid)
121
+
NotFound(uuid.Uuid)
130
122
}
131
123
132
124
type RequestBody {
133
125
RequestBody(full_name: String, email: String, phone: String)
134
126
}
135
127
136
-
fn request_body_decoder() -> decode.Decoder(RequestBody) {
128
+
fn body_decoder() -> decode.Decoder(RequestBody) {
137
129
use full_name <- decode.field("full_name", decode.string)
138
130
use email <- decode.field("email", decode.string)
139
131
use phone <- decode.field("phone", decode.string)