From 4b9d2e8733a4586fae64325df80891a91c50b157 Mon Sep 17 00:00:00 2001
From: Stuce <lefabricesaucy@outlook.com>
Date: Fri, 13 Jun 2025 15:12:47 +0100
Subject: [PATCH] user is no longer hardcoded

---
 src/Handler/TodoEntry.hs | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/src/Handler/TodoEntry.hs b/src/Handler/TodoEntry.hs
index 757d024..4ce96d6 100644
--- a/src/Handler/TodoEntry.hs
+++ b/src/Handler/TodoEntry.hs
@@ -5,6 +5,8 @@
 {-# LANGUAGE TemplateHaskell #-}
 {-# LANGUAGE QuasiQuotes #-}
 {-# LANGUAGE FlexibleContexts #-}
+{-# OPTIONS_GHC -Wno-unrecognised-pragmas #-}
+{-# HLINT ignore "Replace case with fromMaybe" #-}
 module Handler.TodoEntry where
 
 import Import
@@ -41,7 +43,7 @@ postAddGroupR = do
     _ <- runDB $ do
         gId <- insert $ Group g
         success <- insertUnique $ GroupUser user g gId
-        when (isNothing success) $ delete gId 
+        when (isNothing success) $ delete gId
     redirect HomeR
 postAddTodolistR :: GroupId -> Handler Html
 postAddTodolistR groupId = do
@@ -169,10 +171,9 @@ postEditTodolistR groupId = error "not done yet"
 
 getEditGroupR :: Handler Html
 getEditGroupR = do
+    userId <- getUserId
     groups <- runDB $ do
-        -- TODO: using 404 is just a hack to win time, but next it needs better auth handling
-        userId <- getBy404 $ UniqueName getUser
-        selectList [GroupUserUser ==. entityKey userId] [Asc GroupUserGroup]
+        selectList [GroupUserUser ==. userId] [Asc GroupUserGroup]
     mToken <- fmap reqToken getRequest
     defaultLayout $ do
         let a e = pack $ show $ fromSqlKey $ entityKey e ::Text
@@ -231,14 +232,27 @@ getItems text todolistId = map read (lines text)
                                         something -> filter (/= '\r') something
                         TodolistItem todolistId value name
 -- TODO: complete implementation should short circuit if multi user is on but no user exist
-getUser = "Stuce" :: Text
 
+
+-- getUserId :: Handler (Key User)
+-- getUserId = do
+--         mUser <- runDB $ getBy $ UniqueName "Stuce"
+--         case mUser of
+--             Nothing -> runDB $ insert $ User "Stuce"
+--             Just u -> return $ entityKey u
+
+-- TODO: this is kinda ugly, i need to try to find better solution, maybe do a custom auth instance, but i guess it goes for the moment
 getUserId :: Handler (Key User)
 getUserId = do
-        mUser <- runDB $ getBy $ UniqueName getUser
-        case mUser of
-            Nothing -> runDB $ insert $ User getUser
-            Just u -> return $ entityKey u 
+    mName <- lookupHeader "Remote-User"
+    case mName of
+            -- TODO: if this temporary solution stays, we need here a way to use authDummy somehow in developpement
+            Nothing -> permissionDenied "no trusted header found !"
+            Just name -> do
+                mUser <- runDB $ getBy $ UniqueName (decodeUtf8 name)
+                case mUser of
+                    Nothing -> runDB $ insert $ User (decodeUtf8 name)
+                    Just u -> return $ entityKey u
 
 dbIfAuth groupId action = do
     -- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests