diff options
author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-02-29 22:45:24 +0100 |
---|---|---|
committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2012-02-29 22:45:24 +0100 |
commit | 30515c14a029c140a82729962b06eecac1745f11 (patch) | |
tree | c823bc018faa30651481aee7d092d5150870dc28 /src/mulk/benki/webutil.clj | |
parent | c36256cb55640fbe452198831cb21cdeb4c570b9 (diff) |
Book Marx: Implement support for page-specific authentication tokens.
Diffstat (limited to 'src/mulk/benki/webutil.clj')
-rw-r--r-- | src/mulk/benki/webutil.clj | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/src/mulk/benki/webutil.clj b/src/mulk/benki/webutil.clj index 37b93a3..3a2cb1e 100644 --- a/src/mulk/benki/webutil.clj +++ b/src/mulk/benki/webutil.clj @@ -8,15 +8,40 @@ [noir.request :as request] [noir.response :as response] [clojure.java.jdbc :as sql]) - (:import [java.text DateFormat])) + (:import [java.text DateFormat] + [java.math BigDecimal])) + + + +(defn authlink [] + (with-dbt + (let [req (request/ring-request) + user *user* + uri (:uri req) + dkey (sql/with-query-results results + ["SELECT * FROM page_keys WHERE \"user\" = ? AND page = ?" + user uri] + (if-let [rec (first results)] + (:key rec) + (let [key (BigDecimal. (genkey))] + (sql/with-query-results results + ["INSERT INTO page_keys(\"user\", page, \"key\") + VALUES (?, ?, ?) + RETURNING \"key\"" + user uri key] + (:key (first results)))))) + key (.toBigIntegerExact dkey)] + (fmt nil "~A?auth=~A" uri (.toString key 36))))) (defpartial login-message [] - (let [user-id (session/get :user) - user (and user-id + (let [user (and *user* (with-dbt (sql/with-query-results results - ["SELECT * FROM users WHERE id = ?" user-id] + ["SELECT * FROM users WHERE id = ?" *user*] (first results))))] - (if user-id - [:div {:class "logged-in-as"} (:first_name user) " " (:last_name user)] + (if *user* + [:div {:class "logged-in-as"} + (:first_name user) " " (:last_name user) + " " + [:a {:href (authlink)} "[authlink]"]] [:div {:class "not-logged-in"} [:a {:href (link :login)} "Log in"]]))) |