refactor to make it easier to navigate

2025-07-02 16:54:52 +01:00 · 2025-07-02 16:54:52 +01:00 · 2353d2fdc9
commit 2353d2fdc9
parent ee514454f7
7 changed files with 330 additions and 303 deletions
--- a/src/Foundation.hs
+++ b/src/Foundation.hs
@ -191,3 +191,25 @@ unsafeHandler = Unsafe.fakeHandlerGetLogger appLogger
 -- https://github.com/yesodweb/yesod/wiki/Sending-email
 -- https://github.com/yesodweb/yesod/wiki/Serve-static-files-from-a-separate-domain
 -- https://github.com/yesodweb/yesod/wiki/i18n-messages-in-the-scaffolding
+
+
+-- TODO: complete implementation should short circuit if multi user is on but no user exist
+getUserId :: HandlerFor App (Key User)
+getUserId = do
+    mName <- lookupHeader "Remote-User"
+    mUser <- case mName of
+            -- TODO: make remote user an argument to make it usable not only with authelia, and maybe do a check for good mesure when nothing is found ?
+            Just name -> runDB $ insertBy $ User (decodeUtf8 name)
+            Nothing -> runDB $ insertBy $ User "single-user"
+    case mUser of
+        Left (Entity userId _) -> return userId
+        Right userId -> return userId
+
+dbIfAuth :: GroupId -> ReaderT SqlBackend (HandlerFor App) b -> HandlerFor App b
+dbIfAuth groupId action = do
+    -- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests
+    -- TODO: optimize the persist implementation anyway
+    user <- getUserId
+    result <- runDB $ selectFirst [GroupUserUser ==. user, GroupUserGroupId ==. groupId] []
+    if isNothing result then permissionDenied "you are not logged in or you dont have access to this group"
+    else runDB action