user is no longer hardcoded

2025-06-13 15:12:47 +01:00 · 2025-06-13 15:12:47 +01:00 · 4b9d2e8733
commit 4b9d2e8733
parent 113990ac54
1 changed files with 23 additions and 9 deletions
--- a/src/Handler/TodoEntry.hs
+++ b/src/Handler/TodoEntry.hs
@ -5,6 +5,8 @@
 {-# LANGUAGE TemplateHaskell #-}
 {-# LANGUAGE QuasiQuotes #-}
 {-# LANGUAGE FlexibleContexts #-}
+{-# OPTIONS_GHC -Wno-unrecognised-pragmas #-}
+{-# HLINT ignore "Replace case with fromMaybe" #-}
 module Handler.TodoEntry where

 import Import
@ -169,10 +171,9 @@ postEditTodolistR groupId = error "not done yet"

 getEditGroupR :: Handler Html
 getEditGroupR = do
+    userId <- getUserId
    groups <- runDB $ do
-        -- TODO: using 404 is just a hack to win time, but next it needs better auth handling
-        userId <- getBy404 $ UniqueName getUser
-        selectList [GroupUserUser ==. entityKey userId] [Asc GroupUserGroup]
+        selectList [GroupUserUser ==. userId] [Asc GroupUserGroup]
    mToken <- fmap reqToken getRequest
    defaultLayout $ do
        let a e = pack $ show $ fromSqlKey $ entityKey e ::Text
@ -231,14 +232,27 @@ getItems text todolistId = map read (lines text)
                                        something -> filter (/= '\r') something
                        TodolistItem todolistId value name
 -- TODO: complete implementation should short circuit if multi user is on but no user exist
-getUser = "Stuce" :: Text

+
+-- getUserId :: Handler (Key User)
+-- getUserId = do
+--         mUser <- runDB $ getBy $ UniqueName "Stuce"
+--         case mUser of
+--             Nothing -> runDB $ insert $ User "Stuce"
+--             Just u -> return $ entityKey u
+
+-- TODO: this is kinda ugly, i need to try to find better solution, maybe do a custom auth instance, but i guess it goes for the moment
 getUserId :: Handler (Key User)
 getUserId = do
-        mUser <- runDB $ getBy $ UniqueName getUser
-        case mUser of
-            Nothing -> runDB $ insert $ User getUser
-            Just u -> return $ entityKey u 
+    mName <- lookupHeader "Remote-User"
+    case mName of
+            -- TODO: if this temporary solution stays, we need here a way to use authDummy somehow in developpement
+            Nothing -> permissionDenied "no trusted header found !"
+            Just name -> do
+                mUser <- runDB $ getBy $ UniqueName (decodeUtf8 name)
+                case mUser of
+                    Nothing -> runDB $ insert $ User (decodeUtf8 name)
+                    Just u -> return $ entityKey u

 dbIfAuth groupId action = do
    -- TODO: decide if we prefer fast (rawSql) or safe (type safe persist query) after in production latency tests