diff --git a/lib/draincloud_core/auth/sessions.ex b/lib/draincloud_core/auth/sessions.ex index 0c65998..827f4ae 100644 --- a/lib/draincloud_core/auth/sessions.ex +++ b/lib/draincloud_core/auth/sessions.ex @@ -1,4 +1,4 @@ -defmodule DrainCloudCore.Auth.SessionsRepo do +defmodule DrainCloudCore.Auth.Session do use Ecto.Schema import Ecto.Changeset import Ecto.Query diff --git a/lib/draincloud_core/auth/sessions_store.ex b/lib/draincloud_core/auth/sessions_store.ex index 9818ffd..cdc89ad 100644 --- a/lib/draincloud_core/auth/sessions_store.ex +++ b/lib/draincloud_core/auth/sessions_store.ex @@ -1,6 +1,9 @@ defmodule DrainCloudCore.Auth.SessionsStore do @behaviour Plug.Session.Store + @token_len 64 + + alias DrainCloudCore.Auth.SessionsRepo alias DrainCloudCore.Repo, as: Repo def init(_opts), do: :ok @@ -17,7 +20,26 @@ defmodule DrainCloudCore.Auth.SessionsStore do end - def initialize_session(conn, user) do + def new_session(conn, user) do + %DrainCloudCore.Auth.Session { + user_id: user.id, + token: new_token(@token_len), + user_agent: user_agent(conn), + created_at: DateTime.utc_now(), + expires_at: DateTime.add(DateTime.utc_now(), 7*24, :hour) + } + end + defp user_agent(conn) do + Enum.find_value(conn.req_headers, "", fn x -> + case x do + {"user-agent", agent} -> agent + _ -> nil + end + end) + end + + defp new_token(length) do + :crypto.strong_rand_bytes(length) |> Base.url_encode64 |> binary_part(0, length) end end diff --git a/lib/draincloud_core_web/controllers/auth_controller/auth_controller.ex b/lib/draincloud_core_web/controllers/auth_controller/auth_controller.ex index 930b5fb..77a6331 100644 --- a/lib/draincloud_core_web/controllers/auth_controller/auth_controller.ex +++ b/lib/draincloud_core_web/controllers/auth_controller/auth_controller.ex @@ -23,11 +23,10 @@ defmodule DrainCloudCoreWeb.AuthController do RegisterRequest.from_request(conn) |> RegisterRequest.to_model |> Repo.add_user - # TODO send cookies and tokens send_resp(conn, 200, Jason.encode! %{ok: true}) rescue e in RuntimeError -> - Log.error("failed to insert new user: #{e}") + Log.error("failed to create new user: #{e}") raise e end end diff --git a/lib/draincloud_core_web/controllers/auth_controller/login_request.ex b/lib/draincloud_core_web/controllers/auth_controller/login_request.ex index 90ed84a..c1368d0 100644 --- a/lib/draincloud_core_web/controllers/auth_controller/login_request.ex +++ b/lib/draincloud_core_web/controllers/auth_controller/login_request.ex @@ -8,9 +8,6 @@ defmodule DraincloudCoreWeb.AuthController.LoginRequest do alias DrainCloudCoreWeb.Errors.InvalidArgumentException, as: InvalidArgumentException def from_request(conn = %Plug.Conn{}) do - # TODO remove Kernel.inspect calls - :logger.debug("[from_request] incoming request: #{Kernel.inspect(conn.params)}") - validate_and_build(conn.params) end diff --git a/lib/draincloud_core_web/endpoint.ex b/lib/draincloud_core_web/endpoint.ex index 2348684..4aa1f25 100644 --- a/lib/draincloud_core_web/endpoint.ex +++ b/lib/draincloud_core_web/endpoint.ex @@ -15,10 +15,6 @@ defmodule DrainCloudCoreWeb.Endpoint do websocket: [connect_info: [session: @session_options]], longpoll: [connect_info: [session: @session_options]] - # Serve at "/" the static files from "priv/static" directory. - # - # You should set gzip to true if you are running phx.digest - # when deploying your static files in production. plug Plug.Static, at: "/", from: :draincloud_core, diff --git a/lib/draincloud_core_web/gettext.ex b/lib/draincloud_core_web/gettext.ex index 5a13399..49a9038 100644 --- a/lib/draincloud_core_web/gettext.ex +++ b/lib/draincloud_core_web/gettext.ex @@ -1,24 +1,3 @@ defmodule DrainCloudCoreWeb.Gettext do - @moduledoc """ - A module providing Internationalization with a gettext-based API. - - By using [Gettext](https://hexdocs.pm/gettext), - your module gains a set of macros for translations, for example: - - import DrainCloudCoreWeb.Gettext - - # Simple translation - gettext("Here is the string to translate") - - # Plural translation - ngettext("Here is the string to translate", - "Here are the strings to translate", - 3) - - # Domain-based translation - dgettext("errors", "Here is the error message to translate") - - See the [Gettext Docs](https://hexdocs.pm/gettext) for detailed usage. - """ use Gettext, otp_app: :draincloud_core end diff --git a/lib/draincloud_core_web/router.ex b/lib/draincloud_core_web/router.ex index 2481daa..f141bf2 100644 --- a/lib/draincloud_core_web/router.ex +++ b/lib/draincloud_core_web/router.ex @@ -3,7 +3,6 @@ defmodule DrainCloudCoreWeb.Router do use Plug.ErrorHandler import Plug.Conn - alias :logger, as: Log alias DrainCloudCoreWeb.ErrorHandler, as: ErrorHandler pipeline :browser do @@ -31,13 +30,7 @@ defmodule DrainCloudCoreWeb.Router do send_resp(conn, 500, ErrorHandler.handle_reason(reason)) end - # Enable LiveDashboard in development if Application.compile_env(:draincloud_core, :dev_routes) do - # If you want to use the LiveDashboard in production, you should put - # it behind authentication and allow only admins to access it. - # If your application does not have an admins-only section yet, - # you can use Plug.BasicAuth to set up some basic authentication - # as long as you are also using SSL (which you should anyway). import Phoenix.LiveDashboard.Router scope "/dev" do