christian
/
haskweb
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Webanwendung mit FastCGI und Haskell
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
1 Commit
1 Gren
200KB
Gren: master
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'master'
${ noResults }
haskweb/DatabaseData.hs

66 lines
2.1KB
Permalänk Blame Historik 

  1. {-# LANGUAGE OverloadedStrings #-}

  2. {-# OPTIONS -Wall #-}

  3. 

  4. module DatabaseData (

  5.     connect, addUserC, validateC, Connection, Username, Password,

  6.     isLoggedInC, getLoginStringC, isAvailableC

  7. ) where

  8. 

  9. import System.Random (newStdGen, randomRs)

  10. import Control.Monad.Trans (liftIO)

  11. 

  12. import qualified Crypto.Hash as C (SHA3_512, Digest, hash)

  13. import Data.ByteString.Char8 (ByteString, pack)

  14. 

  15. import Database.HDBC

  16. import Database.HDBC.PostgreSQL

  17. 

  18. import Shared

  19. 

  20. type Username = String

  21. type Password = String

  22. type Salt = String

  23. 

  24. connect :: IO Connection

  25. connect = connectPostgreSQL "user=christian dbname=haskweb"

  26. 

  27. addUserC :: Connection -> Username -> Password -> IO ()

  28. addUserC conn username password = do

  29.     gen <- newStdGen

  30.     let salt = take 32 $ randomRs ('a', 'z') gen

  31.         hashed = hash (password ++ salt)

  32.     _ <- run conn

  33.         "INSERT INTO webuser (name, password, salt) VALUES (?, ?, ?)"

  34.         [toSql username, toSql hashed, toSql salt]

  35.     commit conn

  36. 

  37. getLoginC :: Connection -> Username -> MaybeT IO (Password, Salt)

  38. getLoginC conn username = do

  39.     [[pwd, salt]] <- liftIO $ quickQuery' conn

  40.         "SELECT password, salt FROM webuser WHERE name=?"

  41.         [toSql username]

  42.     return (fromSql pwd, fromSql salt)

  43. 

  44. validateC :: Connection -> Username -> Password -> IO Bool

  45. validateC conn username password = defRunMaybeT False (do

  46.     (pwd, salt) <- getLoginC conn username

  47.     return $ pwd == hash (password ++ salt) )

  48. 

  49. isLoggedInC :: Connection -> Username -> String -> IO Bool

  50. isLoggedInC conn username loginString = defRunMaybeT False (do

  51.     (pwd, _) <- getLoginC conn username

  52.     return $ hash (pwd ++ username) == loginString)

  53. 

  54. getLoginStringC :: Connection -> Username -> IO (Maybe String)

  55. getLoginStringC conn username = runMaybeT $ do

  56.     (pwd, _) <- getLoginC conn username

  57.     return $ hash (pwd ++ username)

  58. 

  59. isAvailableC :: Connection -> Username -> IO Bool

  60. isAvailableC conn username = do

  61.     res <- quickQuery' conn "SELECT 1 FROM webuser WHERE name=?" [toSql username]

  62.     return $ length res == 0

  63. 

  64. hash :: String -> String

  65. hash = show . (C.hash :: ByteString -> C.Digest C.SHA3_512) . pack