geochan/src/user.ml

type t =
  { nick : string
  ; password : string
  ; email : string (* TODO: make email optional ? *)
  ; bio : string
  ; avatar : string
  }

module Q = struct
  let create_user_table =
    Caqti_request.exec Caqti_type.unit
      "CREATE TABLE IF NOT EXISTS user (nick TEXT, password TEXT, email TEXT, \
       bio TEXT, avatar BLOB);"

  let get_password =
    Caqti_request.find_opt Caqti_type.string Caqti_type.string
      "SELECT password FROM user WHERE nick=?;"

  let is_already_user =
    Caqti_request.find_opt
      Caqti_type.(tup2 string string)
      Caqti_type.int
      "SELECT EXISTS(SELECT 1 FROM user WHERE nick=? OR email=?);"

  let inser_new_user =
    Caqti_request.exec
      Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))
      "INSERT INTO user VALUES (?, ?, ?, ?, ?);"

  let list_nicks =
    Caqti_request.collect Caqti_type.unit Caqti_type.string
      "SELECT nick FROM user;"

  let get_user =
    Caqti_request.find_opt Caqti_type.string
      Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))
      "SELECT * FROM user WHERE nick=?;"

  let update_bio =
    Caqti_request.exec
      Caqti_type.(tup2 string string)
      "UPDATE user SET bio=? WHERE nick=?;"

  let get_bio =
    Caqti_request.find_opt Caqti_type.string Caqti_type.string
      "SELECT bio FROM user WHERE nick=?;"

  let get_avatar =
    Caqti_request.find_opt Caqti_type.string Caqti_type.string
      "SELECT avatar FROM user WHERE nick=?;"

  let upload_avatar =
    Caqti_request.exec
      Caqti_type.(tup2 string string)
      "UPDATE user SET avatar=? WHERE nick=?;"
end

module Db =
( val Caqti_blocking.connect (Uri.of_string (Filename.concat "sqlite3://" Db.db))
      |> Caqti_blocking.or_fail )

let () =
  let res = Db.exec Q.create_user_table () in
  match res with
  | Ok () -> ()
  | Error e ->
    Dream.warning (fun log ->
        log "can't create table user: %s" (Caqti_error.show e) )

let login ~nick ~password request =
  let good_password = Db.find_opt Q.get_password nick in
  match good_password with
  | Ok foo -> (
    match foo with
    | Some good_password ->
      if Bcrypt.verify password (Bcrypt.hash_of_string good_password) then
        let _ =
          let%lwt () = Dream.invalidate_session request in
          Dream.put_session "nick" nick request
        in
        Ok ()
      else
        Error "wrong password"
    | None -> Error (Format.sprintf "user `%s` doesn't exist" nick) )
  | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))

let register ~email ~nick ~password =
  (* TODO: remove bad characters (e.g. delthas) *)
  let valid_nick =
    String.length nick < 64
    && String.length nick > 0
    && String.escaped nick = nick
  in

  let valid_email =
    match Emile.of_string email with
    | Ok _ -> true
    | Error _ -> false
  in

  let valid_password =
    String.length password < 128 && String.length password > 0
  in

  let valid = valid_nick && valid_email && valid_password in

  let password = Bcrypt.hash password in
  let password = Bcrypt.string_of_hash password in

  if not valid then
    Error "Something is wrong"
  else
    let unique = Db.find_opt Q.is_already_user (nick, email) in
    match unique with
    | Ok unique -> (
      match unique with
      | Some nb -> (
        match nb with
        | 0 -> (
          let res =
            Db.exec Q.inser_new_user (nick, password, email, ("", ""))
          in
          match res with
          | Ok res -> Ok res
          | Error e ->
            Error (Format.sprintf "db error: %s" (Caqti_error.show e)) )
        | _ -> Error "nick or email already exists" )
      | None -> Error "db error" )
    | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))

let list () =
  let users = Db.fold Q.list_nicks (fun nick acc -> nick :: acc) () [] in
  match users with
  | Ok users ->
    Format.asprintf "<ul>%a</ul>"
      (Format.pp_print_list (fun fmt -> function
         | s -> Format.fprintf fmt {|<li><a href="/user/%s">%s</a></li>|} s s )
      )
      users
  | Error e -> Format.sprintf "db error: %s" (Caqti_error.show e)

let public_profile request =
  let nick = Dream.param "user" request in
  let user = Db.find_opt Q.get_user nick in
  match user with
  | Ok user -> (
    match user with
    | Some (nick, password, email, (bio, _)) ->
      Format.sprintf
        {|nick = `%s`; password = `%s`; email = `%s`; bio = '%s';
    <img src="/user/%s/avatar" class="img-thumbnail" alt="Your avatar picture">
|}
        nick password email (Dream.html_escape bio) nick
    | None -> "incoherent db answer" )
  | Error e -> Format.sprintf "db error: %s" (Caqti_error.show e)

let profile request =
  match Dream.session "nick" request with
  | None -> "not logged in"
  | Some nick -> Format.sprintf "Hello %s !" nick

let update_bio bio nick =
  let valid = true in
  (* TODO check bio len and FORBIDEN WORDS *)
  if not valid then
    Error "Not biologic"
  else
    let res = Db.exec Q.update_bio (bio, nick) in
    match res with
    | Ok _ -> Ok ()
    | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))

let get_bio nick =
  let res = Db.find_opt Q.get_bio nick in
  match res with
  | Ok bio -> (
    match bio with
    | Some bio -> Ok bio
    | None -> Error "incoherent db result" )
  | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))

let get_avatar nick =
  let res = Db.find_opt Q.get_avatar nick in
  match res with
  | Ok avatar -> (
    match avatar with
    | Some avatar ->
      if String.length avatar = 0 then
        (* TODO default avatar *)
        Ok None
      else
        Ok (Some avatar)
    | None -> Error "db error:" )
  | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))

let upload_avatar files nick =
  match files with
  | [] -> Error "No file provided"
  | [ (_, content) ] -> (
    (* TODO validate image data with konan etc*)
    (* TODO file_name in db??*)
    let valid = true in
    if not valid then
      Error "Invalid image"
    else
      let res = Db.exec Q.upload_avatar (content, nick) in
      match res with
      | Ok _ -> Ok ()
      | Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e)) )
  | _files -> Error "More than one file provided"
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`type t =`
			`{ nick : string`
			`; password : string`
			`; email : string (* TODO: make email optional ? *)`
add bio in user page, there is a problem with matching on the SELECT btw, idk wtf is the type 2021-11-07 18:52:31 +01:00			`; bio : string`
add avatar upload 2021-11-08 15:24:10 +01:00			`; avatar : string`
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`}`

use caqti 2021-12-06 22:44:14 +01:00			`module Q = struct`
			`let create_user_table =`
			`Caqti_request.exec Caqti_type.unit`
fix \n meh 2021-12-06 23:34:47 +01:00			`"CREATE TABLE IF NOT EXISTS user (nick TEXT, password TEXT, email TEXT, \`
			`bio TEXT, avatar BLOB);"`
use caqti 2021-12-06 22:44:14 +01:00
			`let get_password =`
			`Caqti_request.find_opt Caqti_type.string Caqti_type.string`
			`"SELECT password FROM user WHERE nick=?;"`

fix user exists query 2021-12-07 00:43:36 +01:00			`let is_already_user =`
use caqti 2021-12-06 22:44:14 +01:00			`Caqti_request.find_opt`
			`Caqti_type.(tup2 string string)`
fix user exists query 2021-12-07 00:43:36 +01:00			`Caqti_type.int`
use caqti 2021-12-06 22:44:14 +01:00			`"SELECT EXISTS(SELECT 1 FROM user WHERE nick=? OR email=?);"`

			`let inser_new_user =`
			`Caqti_request.exec`
			`Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))`
			`"INSERT INTO user VALUES (?, ?, ?, ?, ?);"`

			`let list_nicks =`
			`Caqti_request.collect Caqti_type.unit Caqti_type.string`
			`"SELECT nick FROM user;"`

			`let get_user =`
			`Caqti_request.find_opt Caqti_type.string`
			`Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))`
			`"SELECT * FROM user WHERE nick=?;"`

			`let update_bio =`
			`Caqti_request.exec`
			`Caqti_type.(tup2 string string)`
			`"UPDATE user SET bio=? WHERE nick=?;"`

			`let get_bio =`
			`Caqti_request.find_opt Caqti_type.string Caqti_type.string`
			`"SELECT bio FROM user WHERE nick=?;"`

			`let get_avatar =`
			`Caqti_request.find_opt Caqti_type.string Caqti_type.string`
			`"SELECT avatar FROM user WHERE nick=?;"`

			`let upload_avatar =`
			`Caqti_request.exec`
			`Caqti_type.(tup2 string string)`
			`"UPDATE user SET avatar=? WHERE nick=?;"`
			`end`

			`module Db =`
			`( val Caqti_blocking.connect (Uri.of_string (Filename.concat "sqlite3://" Db.db))`
			`\|> Caqti_blocking.or_fail )`

add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`let () =`
use caqti 2021-12-06 22:44:14 +01:00			`let res = Db.exec Q.create_user_table () in`
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`match res with`
			`\| Ok () -> ()`
			`\| Error e ->`
			`Dream.warning (fun log ->`
use caqti 2021-12-06 22:44:14 +01:00			`log "can't create table user: %s" (Caqti_error.show e) )`
login finished XD 2021-11-05 16:55:19 +01:00
set up user session on login 2021-11-07 10:21:01 +01:00			`let login ~nick ~password request =`
use caqti 2021-12-06 22:44:14 +01:00			`let good_password = Db.find_opt Q.get_password nick in`
hash password, add ability to login 2021-11-07 09:47:15 +01:00			`match good_password with`
use caqti 2021-12-06 22:44:14 +01:00			`\| Ok foo -> (`
			`match foo with`
			`\| Some good_password ->`
			`if Bcrypt.verify password (Bcrypt.hash_of_string good_password) then`
			`let _ =`
			`let%lwt () = Dream.invalidate_session request in`
			`Dream.put_session "nick" nick request`
			`in`
			`Ok ()`
			`else`
			`Error "wrong password"`
			\| None -> Error (Format.sprintf "user `%s` doesn't exist" nick) )
			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))`
login finished XD 2021-11-05 16:55:19 +01:00
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`let register ~email ~nick ~password =`
login finished XD 2021-11-05 16:55:19 +01:00			`(* TODO: remove bad characters (e.g. delthas) *)`
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`let valid_nick =`
			`String.length nick < 64`
			`&& String.length nick > 0`
			`&& String.escaped nick = nick`
			`in`
login finished XD 2021-11-05 16:55:19 +01:00
add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`let valid_email =`
			`match Emile.of_string email with`
			`\| Ok _ -> true`
			`\| Error _ -> false`
login finished XD 2021-11-05 16:55:19 +01:00			`in`

add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`let valid_password =`
			`String.length password < 128 && String.length password > 0`
			`in`
login finished XD 2021-11-05 16:55:19 +01:00
			`let valid = valid_nick && valid_email && valid_password in`

hash password, add ability to login 2021-11-07 09:47:15 +01:00			`let password = Bcrypt.hash password in`
			`let password = Bcrypt.string_of_hash password in`

add db, user registering into db, format 2021-11-07 00:31:32 +01:00			`if not valid then`
			`Error "Something is wrong"`
login finished XD 2021-11-05 16:55:19 +01:00			`else`
fix user exists query 2021-12-07 00:43:36 +01:00			`let unique = Db.find_opt Q.is_already_user (nick, email) in`
check nick and email are unique 2021-11-07 00:54:35 +01:00			`match unique with`
use caqti 2021-12-06 22:44:14 +01:00			`\| Ok unique -> (`
			`match unique with`
fix user exists query 2021-12-07 00:43:36 +01:00			`\| Some nb -> (`
			`match nb with`
			`\| 0 -> (`
			`let res =`
			`Db.exec Q.inser_new_user (nick, password, email, ("", ""))`
			`in`
			`match res with`
			`\| Ok res -> Ok res`
			`\| Error e ->`
			`Error (Format.sprintf "db error: %s" (Caqti_error.show e)) )`
			`\| _ -> Error "nick or email already exists" )`
			`\| None -> Error "db error" )`
use caqti 2021-12-06 22:44:14 +01:00			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))`
list users 2021-11-07 01:32:38 +01:00
add user profile page 2021-11-07 01:42:18 +01:00			`let list () =`
use caqti 2021-12-06 22:44:14 +01:00			`let users = Db.fold Q.list_nicks (fun nick acc -> nick :: acc) () [] in`
list users 2021-11-07 01:32:38 +01:00			`match users with`
			`\| Ok users ->`
			`Format.asprintf "<ul>%a</ul>"`
			`(Format.pp_print_list (fun fmt -> function`
use caqti 2021-12-06 22:44:14 +01:00			`\| s -> Format.fprintf fmt {\|<li><a href="/user/%s">%s</a></li>\|} s s )`
			`)`
list users 2021-11-07 01:32:38 +01:00			`users`
use caqti 2021-12-06 22:44:14 +01:00			`\| Error e -> Format.sprintf "db error: %s" (Caqti_error.show e)`
add user profile page 2021-11-07 01:42:18 +01:00
add private profile page 2021-11-07 10:32:17 +01:00			`let public_profile request =`
add user profile page 2021-11-07 01:42:18 +01:00			`let nick = Dream.param "user" request in`
use caqti 2021-12-06 22:44:14 +01:00			`let user = Db.find_opt Q.get_user nick in`
add user profile page 2021-11-07 01:42:18 +01:00			`match user with`
use caqti 2021-12-06 22:44:14 +01:00			`\| Ok user -> (`
			`match user with`
			`\| Some (nick, password, email, (bio, _)) ->`
			`Format.sprintf`
			{\|nick = `%s`; password = `%s`; email = `%s`; bio = '%s';
add avatar upload 2021-11-08 15:24:10 +01:00			`<img src="/user/%s/avatar" class="img-thumbnail" alt="Your avatar picture">`
			`\|}`
use caqti 2021-12-06 22:44:14 +01:00			`nick password email (Dream.html_escape bio) nick`
			`\| None -> "incoherent db answer" )`
			`\| Error e -> Format.sprintf "db error: %s" (Caqti_error.show e)`
add private profile page 2021-11-07 10:32:17 +01:00
			`let profile request =`
			`match Dream.session "nick" request with`
			`\| None -> "not logged in"`
			`\| Some nick -> Format.sprintf "Hello %s !" nick`
add bio in user page, there is a problem with matching on the SELECT btw, idk wtf is the type 2021-11-07 18:52:31 +01:00
			`let update_bio bio nick =`
			`let valid = true in`
			`(* TODO check bio len and FORBIDEN WORDS *)`
			`if not valid then`
			`Error "Not biologic"`
			`else`
use caqti 2021-12-06 22:44:14 +01:00			`let res = Db.exec Q.update_bio (bio, nick) in`
add bio in user page, there is a problem with matching on the SELECT btw, idk wtf is the type 2021-11-07 18:52:31 +01:00			`match res with`
			`\| Ok _ -> Ok ()`
use caqti 2021-12-06 22:44:14 +01:00			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))`
add bio in user page, there is a problem with matching on the SELECT btw, idk wtf is the type 2021-11-07 18:52:31 +01:00
			`let get_bio nick =`
use caqti 2021-12-06 22:44:14 +01:00			`let res = Db.find_opt Q.get_bio nick in`
add bio in user page, there is a problem with matching on the SELECT btw, idk wtf is the type 2021-11-07 18:52:31 +01:00			`match res with`
use caqti 2021-12-06 22:44:14 +01:00			`\| Ok bio -> (`
			`match bio with`
			`\| Some bio -> Ok bio`
			`\| None -> Error "incoherent db result" )`
			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))`
add avatar upload 2021-11-08 15:24:10 +01:00
			`let get_avatar nick =`
use caqti 2021-12-06 22:44:14 +01:00			`let res = Db.find_opt Q.get_avatar nick in`
add avatar upload 2021-11-08 15:24:10 +01:00			`match res with`
use caqti 2021-12-06 22:44:14 +01:00			`\| Ok avatar -> (`
			`match avatar with`
			`\| Some avatar ->`
			`if String.length avatar = 0 then`
			`(* TODO default avatar *)`
			`Ok None`
			`else`
			`Ok (Some avatar)`
			`\| None -> Error "db error:" )`
			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e))`
add avatar upload 2021-11-08 15:24:10 +01:00
			`let upload_avatar files nick =`
			`match files with`
			`\| [] -> Error "No file provided"`
			`\| [ (_, content) ] -> (`
			`(* TODO validate image data with konan etc*)`
			`(* TODO file_name in db??*)`
			`let valid = true in`
			`if not valid then`
			`Error "Invalid image"`
			`else`
use caqti 2021-12-06 22:44:14 +01:00			`let res = Db.exec Q.upload_avatar (content, nick) in`
add avatar upload 2021-11-08 15:24:10 +01:00			`match res with`
			`\| Ok _ -> Ok ()`
use caqti 2021-12-06 22:44:14 +01:00			`\| Error e -> Error (Format.sprintf "db error: %s" (Caqti_error.show e)) )`
add avatar upload 2021-11-08 15:24:10 +01:00			`\| _files -> Error "More than one file provided"`