2022-02-02 19:16:53 +01:00
|
|
|
include Bindings
|
2021-12-22 11:27:53 +01:00
|
|
|
open Db
|
|
|
|
|
|
2021-11-07 00:31:32 +01:00
|
|
|
type t =
|
|
|
|
|
{ nick : string
|
|
|
|
|
; password : string
|
2021-12-09 02:17:48 +01:00
|
|
|
; email : string
|
2021-11-07 18:52:31 +01:00
|
|
|
; bio : string
|
2021-11-08 15:24:10 +01:00
|
|
|
; avatar : string
|
2021-11-07 00:31:32 +01:00
|
|
|
}
|
|
|
|
|
|
2021-12-06 22:44:14 +01:00
|
|
|
module Q = struct
|
|
|
|
|
let create_user_table =
|
|
|
|
|
Caqti_request.exec Caqti_type.unit
|
2021-12-06 23:34:47 +01:00
|
|
|
"CREATE TABLE IF NOT EXISTS user (nick TEXT, password TEXT, email TEXT, \
|
2021-12-07 23:18:07 +01:00
|
|
|
bio TEXT, avatar BLOB, PRIMARY KEY(nick));"
|
|
|
|
|
|
|
|
|
|
let create_plant_user_table =
|
|
|
|
|
Caqti_request.exec Caqti_type.unit
|
|
|
|
|
"CREATE TABLE IF NOT EXISTS plant_user (plant_id TEXT, nick TEXT, \
|
|
|
|
|
PRIMARY KEY(plant_id), FOREIGN KEY(nick) REFERENCES user(nick));"
|
|
|
|
|
|
2021-12-06 22:44:14 +01:00
|
|
|
let get_password =
|
|
|
|
|
Caqti_request.find_opt Caqti_type.string Caqti_type.string
|
|
|
|
|
"SELECT password FROM user WHERE nick=?;"
|
|
|
|
|
|
2021-12-07 00:43:36 +01:00
|
|
|
let is_already_user =
|
2021-12-06 22:44:14 +01:00
|
|
|
Caqti_request.find_opt
|
|
|
|
|
Caqti_type.(tup2 string string)
|
2021-12-07 00:43:36 +01:00
|
|
|
Caqti_type.int
|
2021-12-06 22:44:14 +01:00
|
|
|
"SELECT EXISTS(SELECT 1 FROM user WHERE nick=? OR email=?);"
|
|
|
|
|
|
|
|
|
|
let inser_new_user =
|
|
|
|
|
Caqti_request.exec
|
|
|
|
|
Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))
|
|
|
|
|
"INSERT INTO user VALUES (?, ?, ?, ?, ?);"
|
|
|
|
|
|
|
|
|
|
let list_nicks =
|
|
|
|
|
Caqti_request.collect Caqti_type.unit Caqti_type.string
|
|
|
|
|
"SELECT nick FROM user;"
|
|
|
|
|
|
|
|
|
|
let get_user =
|
|
|
|
|
Caqti_request.find_opt Caqti_type.string
|
|
|
|
|
Caqti_type.(tup4 string string string Caqti_type.(tup2 string string))
|
|
|
|
|
"SELECT * FROM user WHERE nick=?;"
|
|
|
|
|
|
|
|
|
|
let update_bio =
|
|
|
|
|
Caqti_request.exec
|
|
|
|
|
Caqti_type.(tup2 string string)
|
|
|
|
|
"UPDATE user SET bio=? WHERE nick=?;"
|
|
|
|
|
|
|
|
|
|
let get_bio =
|
|
|
|
|
Caqti_request.find_opt Caqti_type.string Caqti_type.string
|
|
|
|
|
"SELECT bio FROM user WHERE nick=?;"
|
|
|
|
|
|
|
|
|
|
let get_avatar =
|
|
|
|
|
Caqti_request.find_opt Caqti_type.string Caqti_type.string
|
|
|
|
|
"SELECT avatar FROM user WHERE nick=?;"
|
|
|
|
|
|
|
|
|
|
let upload_avatar =
|
|
|
|
|
Caqti_request.exec
|
|
|
|
|
Caqti_type.(tup2 string string)
|
|
|
|
|
"UPDATE user SET avatar=? WHERE nick=?;"
|
|
|
|
|
end
|
|
|
|
|
|
2021-11-07 00:31:32 +01:00
|
|
|
let () =
|
2021-12-22 11:27:53 +01:00
|
|
|
let tables = [ Q.create_user_table ] in
|
2021-12-07 23:18:07 +01:00
|
|
|
if
|
|
|
|
|
List.exists Result.is_error
|
|
|
|
|
(List.map (fun query -> Db.exec query ()) tables)
|
2022-02-18 02:40:04 +01:00
|
|
|
then Dream.error (fun log -> log "can't create table")
|
2021-11-05 16:55:19 +01:00
|
|
|
|
2021-11-07 10:21:01 +01:00
|
|
|
let login ~nick ~password request =
|
2022-02-02 19:16:53 +01:00
|
|
|
let^? good_password = Db.find_opt Q.get_password nick in
|
2022-01-14 21:36:25 +01:00
|
|
|
if Bcrypt.verify password (Bcrypt.hash_of_string good_password) then
|
|
|
|
|
let _ =
|
|
|
|
|
let%lwt () = Dream.invalidate_session request in
|
|
|
|
|
Dream.put_session "nick" nick request
|
|
|
|
|
in
|
|
|
|
|
Ok ()
|
2022-02-18 02:40:04 +01:00
|
|
|
else Error "wrong password"
|
2021-11-05 16:55:19 +01:00
|
|
|
|
2021-11-07 00:31:32 +01:00
|
|
|
let register ~email ~nick ~password =
|
2021-11-05 16:55:19 +01:00
|
|
|
(* TODO: remove bad characters (e.g. delthas) *)
|
2021-11-07 00:31:32 +01:00
|
|
|
let valid_nick =
|
|
|
|
|
String.length nick < 64
|
|
|
|
|
&& String.length nick > 0
|
2022-01-14 21:04:52 +01:00
|
|
|
&& Dream.html_escape nick = nick
|
2021-11-07 00:31:32 +01:00
|
|
|
in
|
2021-11-05 16:55:19 +01:00
|
|
|
|
2021-11-07 00:31:32 +01:00
|
|
|
let valid_email =
|
2022-02-18 02:40:04 +01:00
|
|
|
match Emile.of_string email with Ok _ -> true | Error _ -> false
|
2021-11-05 16:55:19 +01:00
|
|
|
in
|
|
|
|
|
|
2021-11-07 00:31:32 +01:00
|
|
|
let valid_password =
|
|
|
|
|
String.length password < 128 && String.length password > 0
|
|
|
|
|
in
|
2021-11-05 16:55:19 +01:00
|
|
|
|
|
|
|
|
let valid = valid_nick && valid_email && valid_password in
|
|
|
|
|
|
2021-11-07 09:47:15 +01:00
|
|
|
let password = Bcrypt.hash password in
|
|
|
|
|
let password = Bcrypt.string_of_hash password in
|
|
|
|
|
|
2022-02-18 02:40:04 +01:00
|
|
|
if not valid then Error "Something is wrong"
|
2021-11-05 16:55:19 +01:00
|
|
|
else
|
2022-02-02 19:16:53 +01:00
|
|
|
let^? nb = Db.find_opt Q.is_already_user (nick, email) in
|
2022-02-18 01:37:25 +01:00
|
|
|
if nb = 0 then
|
2022-02-02 19:16:53 +01:00
|
|
|
let^ () = Db.exec Q.inser_new_user (nick, password, email, ("", "")) in
|
2022-01-14 21:36:25 +01:00
|
|
|
Ok ()
|
2022-02-18 02:40:04 +01:00
|
|
|
else Error "nick or email already exists"
|
2021-11-07 01:32:38 +01:00
|
|
|
|
2021-11-07 01:42:18 +01:00
|
|
|
let list () =
|
2022-02-18 01:37:25 +01:00
|
|
|
let^ users = Db.collect_list Q.list_nicks () in
|
2022-01-14 21:36:25 +01:00
|
|
|
Ok
|
|
|
|
|
(Format.asprintf "<ul>%a</ul>"
|
|
|
|
|
(Format.pp_print_list (fun fmt -> function
|
|
|
|
|
| s -> Format.fprintf fmt {|<li><a href="/user/%s">%s</a></li>|} s s )
|
|
|
|
|
)
|
|
|
|
|
users )
|
2021-11-07 01:42:18 +01:00
|
|
|
|
2022-02-19 18:17:03 +01:00
|
|
|
let public_profile nick =
|
2022-02-07 21:09:39 +01:00
|
|
|
let^? nick, _password, _email, (bio, _) = Db.find_opt Q.get_user nick in
|
2022-01-14 21:36:25 +01:00
|
|
|
let user_info =
|
|
|
|
|
Format.sprintf
|
2022-02-18 02:39:25 +01:00
|
|
|
{|
|
|
|
|
|
<h1>%s</h1>
|
|
|
|
|
<br />
|
|
|
|
|
<div class="row">
|
|
|
|
|
<div class="col-md-6">
|
|
|
|
|
<blockquote>%s</blockquote>
|
|
|
|
|
</div>
|
|
|
|
|
<div class="col-md-6">
|
|
|
|
|
<img src="/user/%s/avatar" class="img-thumbnail" alt="Your avatar picture">
|
|
|
|
|
</div>
|
|
|
|
|
</div>
|
|
|
|
|
|}
|
2022-02-19 12:19:53 +01:00
|
|
|
nick bio nick
|
2022-01-14 21:36:25 +01:00
|
|
|
in
|
|
|
|
|
Ok user_info
|
2021-11-07 10:32:17 +01:00
|
|
|
|
|
|
|
|
let profile request =
|
|
|
|
|
match Dream.session "nick" request with
|
|
|
|
|
| None -> "not logged in"
|
|
|
|
|
| Some nick -> Format.sprintf "Hello %s !" nick
|
2021-11-07 18:52:31 +01:00
|
|
|
|
|
|
|
|
let update_bio bio nick =
|
2022-01-14 21:04:52 +01:00
|
|
|
let bio = Dream.html_escape bio in
|
|
|
|
|
let valid = String.length bio < 10000 in
|
2022-02-18 02:40:04 +01:00
|
|
|
if not valid then Error "Not biologic"
|
2021-11-07 18:52:31 +01:00
|
|
|
else
|
2022-02-02 19:16:53 +01:00
|
|
|
let^ () = Db.exec Q.update_bio (bio, nick) in
|
2022-01-14 21:36:25 +01:00
|
|
|
Ok ()
|
2021-11-07 18:52:31 +01:00
|
|
|
|
|
|
|
|
let get_bio nick =
|
2022-02-02 19:16:53 +01:00
|
|
|
let^? bio = Db.find_opt Q.get_bio nick in
|
2022-01-14 21:36:25 +01:00
|
|
|
Ok bio
|
2021-11-08 15:24:10 +01:00
|
|
|
|
|
|
|
|
let get_avatar nick =
|
2022-02-02 19:16:53 +01:00
|
|
|
let^? avatar = Db.find_opt Q.get_avatar nick in
|
2022-02-18 02:40:04 +01:00
|
|
|
if String.length avatar = 0 then Ok None else Ok (Some avatar)
|
2021-11-08 15:24:10 +01:00
|
|
|
|
|
|
|
|
let upload_avatar files nick =
|
|
|
|
|
match files with
|
|
|
|
|
| [] -> Error "No file provided"
|
2022-01-14 21:36:25 +01:00
|
|
|
| [ (_, content) ] ->
|
2022-02-18 02:40:04 +01:00
|
|
|
if not (is_valid_image content) then Error "Invalid image"
|
2021-11-08 15:24:10 +01:00
|
|
|
else
|
2022-02-02 19:16:53 +01:00
|
|
|
let^ () = Db.exec Q.upload_avatar (content, nick) in
|
2022-01-14 21:36:25 +01:00
|
|
|
Ok ()
|
2021-11-08 15:24:10 +01:00
|
|
|
| _files -> Error "More than one file provided"
|
2022-02-19 18:17:03 +01:00
|
|
|
|
2022-02-20 01:58:33 +01:00
|
|
|
let exists nick = Result.is_ok (Db.find_opt Q.get_user nick)
|
