timestamper/src/ts_user.erl

-module(ts_user).
%-export([create_table/1, new/1, update/1, lookup/1, list/2]).
-compile(export_all).

-include("ts_db_records.hrl").
-include_lib("stdlib/include/qlc.hrl").

create_table(TableOpts) ->
    mnesia:create_table(ts_user,
        TableOpts ++ [{attributes, record_info(fields, ts_user)},
                      {type, ordered_set}]).

new(UR = #ts_user{}) -> 
    case mnesia:dirty_read(ts_user, UR#ts_user.username) of
        [ExistingRecord] -> {error, {record_exists, ExistingRecord}};
        [] -> mnesia:dirty_write(hash_input_record(UR))
    end.

update(UR = #ts_user{}) -> 
    case mnesia:dirty_read(ts_user, UR#ts_user.username) of
        [] -> no_record;
        [_Record] -> mnesia:dirty_write(hash_input_record(UR))
    end.

lookup(Username) ->
    case mnesia:dirty_read(ts_user, Username) of
        [] -> no_record;
        [User] -> User
    end.    

list(Start, Length) -> ts_common:list(ts_user, Start, Length).

hash_input_record(User=#ts_user{}) ->
    % create a new User record
    Salt = generate_salt(),
    HashedPwd = hash_pwd(User#ts_user.pwd, Salt),
    User#ts_user{pwd = HashedPwd, pwd_salt = Salt}.
    
generate_salt() -> crypto:rand_bytes(36).

hash_pwd(Password, Salt) -> crypto:sha(Password ++ Salt).

check_credentials(Username, Password) ->
    User = lookup(Username),
    HashedInput = hash_pwd(Password, User#ts_user.pwd_salt),

    HashedInput == User#ts_user.pwd.
Continuing work on the API. The id_counter module now includes the record directly in the source. Fixed many typos and small syntax errors. Added ts_api:dispatch_user/2 to handle different HTTP methods. Added method placeholder stubs to ts_api. Implemented ts_api:list_entries/3. Added ts_user record and ts_user module. Implemented ts_entry:list/4, the more generic guts of the other list functions. Created ts_entry:list_asc/3 and ts_entry:list_desc/3. Fixed ts_json:encode_datetime/1. 2011-02-02 16:57:58 -06:00			`-module(ts_user).`
Redesigned API URL structure. Updated ts_api to implement this. Implemented ts_api:list_timelines/2. Adjusted ts_timeline:list/3 to be 0-indexed. Changed ts_user password hash to use a random salt + SHA1 Added some skeleton testing code. 2011-02-04 17:19:53 -06:00			`%-export([create_table/1, new/1, update/1, lookup/1, list/2]).`
			`-compile(export_all).`
Continuing work on the API. The id_counter module now includes the record directly in the source. Fixed many typos and small syntax errors. Added ts_api:dispatch_user/2 to handle different HTTP methods. Added method placeholder stubs to ts_api. Implemented ts_api:list_entries/3. Added ts_user record and ts_user module. Implemented ts_entry:list/4, the more generic guts of the other list functions. Created ts_entry:list_asc/3 and ts_entry:list_desc/3. Fixed ts_json:encode_datetime/1. 2011-02-02 16:57:58 -06:00
			`-include("ts_db_records.hrl").`
			`-include_lib("stdlib/include/qlc.hrl").`

			`create_table(TableOpts) ->`
			`mnesia:create_table(ts_user,`
			`TableOpts ++ [{attributes, record_info(fields, ts_user)},`
			`{type, ordered_set}]).`

Implemented ts_api:get_user/2, ts_api:put_user/1, and ts_api:post_user/1. Created a utility function for OK results, ts_api:make_json_200/2 Created ts_common:new/1 and ts_common:update/1 to generalize record creation and update. Refactored ts_timeline:new/1 and ts_timeline:update/1 to use the ts_common functions. Implemented ts_json:record_to_ejson/1 and ts_json:ejson_to_record/1 for ts_user records. Implemented ts_user module. 2011-02-03 17:23:40 -06:00			`new(UR = #ts_user{}) ->`
			`case mnesia:dirty_read(ts_user, UR#ts_user.username) of`
			`[ExistingRecord] -> {error, {record_exists, ExistingRecord}};`
			`[] -> mnesia:dirty_write(hash_input_record(UR))`
			`end.`

			`update(UR = #ts_user{}) ->`
			`case mnesia:dirty_read(ts_user, UR#ts_user.username) of`
			`[] -> no_record;`
			`[_Record] -> mnesia:dirty_write(hash_input_record(UR))`
			`end.`

			`lookup(Username) ->`
			`case mnesia:dirty_read(ts_user, Username) of`
			`[] -> no_record;`
			`[User] -> User`
			`end.`

			`list(Start, Length) -> ts_common:list(ts_user, Start, Length).`

			`hash_input_record(User=#ts_user{}) ->`
			`% create a new User record`
Implemented cookie-based authentication to the API. Created timestamper module to start the application. Added cookie-based authentication to ts_api. Added utility methods to ts_api: * make_json_400/1 and make_json_400/1 * make_json_401/1 and make_json_401/2 * parse_json_body/1 reads a JSON object from a HTTP request body. Implemented ts_api_session module to manage api user sessions. Fixed ts_entry:list* methods to be 0-indexed. Removed the ts_json:ejson_to_record/1 implementation for ts_user records. Decided that ts_user records are never trusted from the client, manipulation of fields such as pwd, username will be restricted to app pages. Changed the password hashing algorithm. Now uses SHA1(pwd + 256bit salt). Want to use bcrypt, investingating cross-platform bcrypt implementation. Fixed yaws.conf config file. 2011-02-07 08:56:07 -06:00			`Salt = generate_salt(),`
			`HashedPwd = hash_pwd(User#ts_user.pwd, Salt),`
Implemented ts_api:get_user/2, ts_api:put_user/1, and ts_api:post_user/1. Created a utility function for OK results, ts_api:make_json_200/2 Created ts_common:new/1 and ts_common:update/1 to generalize record creation and update. Refactored ts_timeline:new/1 and ts_timeline:update/1 to use the ts_common functions. Implemented ts_json:record_to_ejson/1 and ts_json:ejson_to_record/1 for ts_user records. Implemented ts_user module. 2011-02-03 17:23:40 -06:00			`User#ts_user{pwd = HashedPwd, pwd_salt = Salt}.`

Redesigned API URL structure. Updated ts_api to implement this. Implemented ts_api:list_timelines/2. Adjusted ts_timeline:list/3 to be 0-indexed. Changed ts_user password hash to use a random salt + SHA1 Added some skeleton testing code. 2011-02-04 17:19:53 -06:00			`generate_salt() -> crypto:rand_bytes(36).`
Implemented ts_api:get_user/2, ts_api:put_user/1, and ts_api:post_user/1. Created a utility function for OK results, ts_api:make_json_200/2 Created ts_common:new/1 and ts_common:update/1 to generalize record creation and update. Refactored ts_timeline:new/1 and ts_timeline:update/1 to use the ts_common functions. Implemented ts_json:record_to_ejson/1 and ts_json:ejson_to_record/1 for ts_user records. Implemented ts_user module. 2011-02-03 17:23:40 -06:00
Implemented cookie-based authentication to the API. Created timestamper module to start the application. Added cookie-based authentication to ts_api. Added utility methods to ts_api: * make_json_400/1 and make_json_400/1 * make_json_401/1 and make_json_401/2 * parse_json_body/1 reads a JSON object from a HTTP request body. Implemented ts_api_session module to manage api user sessions. Fixed ts_entry:list* methods to be 0-indexed. Removed the ts_json:ejson_to_record/1 implementation for ts_user records. Decided that ts_user records are never trusted from the client, manipulation of fields such as pwd, username will be restricted to app pages. Changed the password hashing algorithm. Now uses SHA1(pwd + 256bit salt). Want to use bcrypt, investingating cross-platform bcrypt implementation. Fixed yaws.conf config file. 2011-02-07 08:56:07 -06:00			`hash_pwd(Password, Salt) -> crypto:sha(Password ++ Salt).`

			`check_credentials(Username, Password) ->`
			`User = lookup(Username),`
			`HashedInput = hash_pwd(Password, User#ts_user.pwd_salt),`

			`HashedInput == User#ts_user.pwd.`