Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1
This commit is contained in:
@@ -1,10 +1,11 @@
|
||||
-module(handler_login).
|
||||
-include("records.hrl").
|
||||
|
||||
-behaviour(cowboy_handler).
|
||||
-export([init/2]).
|
||||
|
||||
init(Req, Opts) ->
|
||||
handle(Req, Opts).
|
||||
-include("records.hrl"). %% ← необходим для #session{}
|
||||
|
||||
init(Req0, State) ->
|
||||
handle(Req0, State).
|
||||
|
||||
handle(Req, _Opts) ->
|
||||
case cowboy_req:method(Req) of
|
||||
@@ -18,41 +19,31 @@ handle(Req, _Opts) ->
|
||||
_ ->
|
||||
try jsx:decode(Body, [return_maps]) of
|
||||
#{<<"email">> := Email, <<"password">> := Password} ->
|
||||
case core_user:get_by_email(Email) of
|
||||
{ok, User} ->
|
||||
case logic_auth:verify_password(Password, User#user.password_hash) of
|
||||
{ok, true} ->
|
||||
case User#user.status of
|
||||
active ->
|
||||
Token = logic_auth:generate_jwt(User#user.id, User#user.role),
|
||||
{RefreshToken, ExpiresAt} = logic_auth:generate_refresh_token(User#user.id),
|
||||
save_refresh_token(User#user.id, RefreshToken, ExpiresAt),
|
||||
Response = #{
|
||||
user => #{
|
||||
id => User#user.id,
|
||||
email => User#user.email,
|
||||
role => User#user.role
|
||||
},
|
||||
token => Token,
|
||||
refresh_token => RefreshToken
|
||||
},
|
||||
send_json(Req1, 200, Response);
|
||||
frozen ->
|
||||
send_error(Req1, 403, <<"Account frozen">>);
|
||||
deleted ->
|
||||
send_error(Req1, 403, <<"Account deleted">>)
|
||||
end;
|
||||
_ ->
|
||||
send_error(Req1, 401, <<"Invalid credentials">>)
|
||||
end;
|
||||
{error, not_found} ->
|
||||
case auth:authenticate_user_request(Req1, Email, Password) of
|
||||
{ok, Token, User} ->
|
||||
{RefreshToken, ExpiresAt} = auth:generate_refresh_token(maps:get(id, User)),
|
||||
save_refresh_token(maps:get(id, User), RefreshToken, ExpiresAt),
|
||||
Response = #{
|
||||
user => #{
|
||||
id => maps:get(id, User),
|
||||
email => maps:get(email, User),
|
||||
role => maps:get(role, User)
|
||||
},
|
||||
token => Token,
|
||||
refresh_token => RefreshToken
|
||||
},
|
||||
send_json(Req1, 200, Response);
|
||||
{error, frozen} ->
|
||||
send_error(Req1, 403, <<"Account frozen">>);
|
||||
{error, deleted} ->
|
||||
send_error(Req1, 403, <<"Account deleted">>);
|
||||
{error, _Reason} ->
|
||||
send_error(Req1, 401, <<"Invalid credentials">>)
|
||||
end;
|
||||
_ ->
|
||||
send_error(Req1, 400, <<"Missing email or password">>)
|
||||
catch
|
||||
_:_ ->
|
||||
send_error(Req1, 400, <<"Invalid JSON">>)
|
||||
_:_ -> send_error(Req1, 400, <<"Invalid JSON">>)
|
||||
end
|
||||
end;
|
||||
false ->
|
||||
@@ -63,7 +54,7 @@ handle(Req, _Opts) ->
|
||||
end.
|
||||
|
||||
save_refresh_token(UserId, Token, ExpiresAt) ->
|
||||
Session = #session{
|
||||
Session = #session{ %% record определён в records.hrl
|
||||
token = Token,
|
||||
user_id = UserId,
|
||||
expires_at = ExpiresAt,
|
||||
@@ -73,10 +64,14 @@ save_refresh_token(UserId, Token, ExpiresAt) ->
|
||||
|
||||
send_json(Req, Status, Data) ->
|
||||
Body = jsx:encode(Data),
|
||||
cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
|
||||
cowboy_req:reply(Status, #{
|
||||
<<"content-type">> => <<"application/json">>
|
||||
}, Body, Req),
|
||||
{ok, Body, []}.
|
||||
|
||||
send_error(Req, Status, Message) ->
|
||||
Body = jsx:encode(#{error => Message}),
|
||||
cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req),
|
||||
cowboy_req:reply(Status, #{
|
||||
<<"content-type">> => <<"application/json">>
|
||||
}, Body, Req),
|
||||
{ok, Body, []}.
|
||||
Reference in New Issue
Block a user