From 7adcf4073b1e42a7a2a7baf2a0ffb14d76bdc660 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Tue, 13 Oct 2015 21:28:48 -0400
Subject: Authenticatiof of all API methods.

---
 src/Main.hs    | 32 ++++++++++++++++----------------
 web/index.html | 17 ++++++-----------
 2 files changed, 22 insertions(+), 27 deletions(-)

diff --git a/src/Main.hs b/src/Main.hs
index 187a9a6..97c849c 100644
--- a/src/Main.hs
+++ b/src/Main.hs
@@ -43,11 +43,15 @@ data RenameRequest = RenameRequest
 instance FromJSON RenameRequest
 instance ToJSON RenameError
 
+type WithAuthentication = Header "X-Token" String
 type PhotoApi =
-       "albums" :> Get '[JSON] [Album]
-  :<|> "rename" :> ReqBody '[JSON] RenameRequest :> Post '[JSON] (Either RenameError ())
-  :<|> "test"   :> Header "X-Token" String :> Get '[JSON] String
--- Introduce request header containing auth information.
+       "albums"
+           :> WithAuthentication
+           :> Get '[JSON] [Album]
+  :<|> "rename"
+           :> WithAuthentication
+           :> ReqBody '[JSON] RenameRequest
+           :> Post '[JSON] (Either RenameError ())
 
 type Token = String
 
@@ -60,24 +64,20 @@ config = Config
   , photosPath = flags_photos_path
   }
 
-whenAuthenticated :: Maybe Token -> EitherT ServantErr IO a -> EitherT ServantErr IO a
-whenAuthenticated (Just token) action = liftIO (isAuthenticated token) >>= \case
-  True -> action
+checkAuthenticated :: Maybe Token -> EitherT ServantErr IO ()
+checkAuthenticated (Just token) = liftIO (isAuthenticated token) >>= \case
+  True  -> return ()
   False -> left err503 { errBody = "Not authenticated" }
-whenAuthenticated Nothing _ = left err503 { errBody = "Missing token" }
+checkAuthenticated Nothing = left err503 { errBody = "Missing token" }
 
 server :: Server PhotoApi
 server = albums
     :<|> rename
-    :<|> test
-  where albums = liftIO (getAlbums config)
+  where albums token = checkAuthenticated token >> liftIO (getAlbums config)
 
-        rename :: RenameRequest -> EitherT ServantErr IO (Either RenameError ())
-        rename (RenameRequest from to) = liftIO $
-          runEitherT (renameAlbum config from to)
-
-        test = (`whenAuthenticated` test')
-        test' = return "Yay"
+        rename token (RenameRequest from to) = do
+          _ <- checkAuthenticated token
+          liftIO $ runEitherT (renameAlbum config from to)
 
 photoApi :: Proxy PhotoApi
 photoApi = Proxy
diff --git a/web/index.html b/web/index.html
index a17562e..3655b59 100644
--- a/web/index.html
+++ b/web/index.html
@@ -12,6 +12,8 @@
   <link rel="stylesheet" href="style.css">
   <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js"></script>
   <script>
+    var authentication_token = null;
+
     function addPending(albumName) {
       function makeElement(name) {
         return $('<li>' + name + ' (<a href="javascript:void(0)">edit</a>)</li>');
@@ -45,6 +47,7 @@
     function fetchAlbums() {
       $.ajax({
         url: "/api/albums",
+        headers: {'X-Token': authentication_token},
         success: function(data) {
           $('#pending-error').empty();
           $('#pending-container').empty();
@@ -80,6 +83,7 @@
       };
       $.ajax({
         url: '/api/rename',
+        headers: {'X-Token': authentication_token},
         type: 'POST',
         contentType: 'application/json',
         data: JSON.stringify(request),
@@ -100,21 +104,12 @@
       console.log("Name: " + profile.getName());
       console.log("Image URL: " + profile.getImageUrl());
       console.log("Email: " + profile.getEmail());
-
+      authentication_token = googleUser.getAuthResponse().id_token;
       // The ID token you need to pass to your backend:
       var id_token = googleUser.getAuthResponse().id_token;
       console.log("ID Token: " + id_token);
       $('.g-signin2').remove();
-      $.ajax({
-        url: '/api/test',
-        headers: {'X-Token': id_token},
-        success: function(data) {
-          console.log('Success:', data);
-        },
-        error: function(data) {
-          console.log('Failure:', data);
-        }
-      });
+      fetchAlbums();
     };
   </script>
 </head>
-- 
cgit v1.2.3