self-hosted/algora-tv
1
0
Fork 0
mirror of https://github.com/algora-io/tv.git synced 2025-06-12 21:57:28 +02:00
Code Releases Activity

initial commit

Browse Source
This commit is contained in:
zafer
2024-02-29 22:31:42 +03:00
commit e07cf7fd6c
84 changed files with 7383 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
lib/algora_web/controllers/user_auth.ex Normal file
View File

@ -0,0 +1,157 @@
defmodule AlgoraWeb.UserAuth do
use AlgoraWeb, :verified_routes
import Plug.Conn
import Phoenix.Controller
alias Phoenix.LiveView
alias Algora.Accounts
def on_mount(:current_user, _params, session, socket) do
case session do
%{"user_id" => user_id} ->
{:cont,
Phoenix.Component.assign_new(socket, :current_user, fn -> Accounts.get_user(user_id) end)}
%{} ->
{:cont, Phoenix.Component.assign(socket, :current_user, nil)}
end
end
def on_mount(:ensure_authenticated, _params, session, socket) do
case session do
%{"user_id" => user_id} ->
new_socket =
Phoenix.Component.assign_new(socket, :current_user, fn ->
Accounts.get_user!(user_id)
end)
%Accounts.User{} = new_socket.assigns.current_user
{:cont, new_socket}
%{} ->
{:halt, redirect_require_login(socket)}
end
rescue
Ecto.NoResultsError -> {:halt, redirect_require_login(socket)}
end
defp redirect_require_login(socket) do
socket
|> LiveView.put_flash(:error, "Please sign in")
|> LiveView.redirect(to: ~p"/auth/login")
end
@doc """
Logs the user in.
It renews the session ID and clears the whole session
to avoid fixation attacks. See the renew_session
function to customize this behaviour.
It also sets a `:live_socket_id` key in the session,
so LiveView sessions are identified and automatically
disconnected on log out. The line can be safely removed
if you are not using LiveView.
"""
def log_in_user(conn, user) do
user_return_to = get_session(conn, :user_return_to)
conn = assign(conn, :current_user, user)
conn
|> renew_session()
|> put_session(:user_id, user.id)
|> put_session(:live_socket_id, "users_sessions:#{user.id}")
|> redirect(to: user_return_to || signed_in_path(conn))
end
defp renew_session(conn) do
conn
|> configure_session(renew: true)
|> clear_session()
end
@doc """
Logs the user out.
It clears all session data for safety. See renew_session.
"""
def log_out_user(conn) do
if live_socket_id = get_session(conn, :live_socket_id) do
AlgoraWeb.Endpoint.broadcast(live_socket_id, "disconnect", %{})
end
conn
|> renew_session()
|> redirect(to: ~p"/auth/login")
end
@doc """
Authenticates the user by looking into the session.
"""
def fetch_current_user(conn, _opts) do
user_id = get_session(conn, :user_id)
user = user_id && Accounts.get_user(user_id)
token = Phoenix.Token.sign(conn, "user socket", user_id || 0)
conn
|> assign(:current_user, user)
|> assign(:user_token, token)
end
@doc """
Used for routes that require the user to not be authenticated.
"""
def redirect_if_user_is_authenticated(conn, _opts) do
if conn.assigns[:current_user] do
conn
|> redirect(to: signed_in_path(conn))
|> halt()
else
conn
end
end
@doc """
Used for routes that require the user to be authenticated.
If you want to enforce the user email is confirmed before
they use the application at all, here would be a good place.
"""
def require_authenticated_user(conn, _opts) do
if conn.assigns[:current_user] do
conn
else
conn
|> put_flash(:error, "You must log in to access this page.")
|> maybe_store_return_to()
|> redirect(to: ~p"/auth/login")
|> halt()
end
end
def require_authenticated_admin(conn, _opts) do
user = conn.assigns[:current_user]
if user && Algora.Accounts.admin?(user) do
assign(conn, :current_admin, user)
else
conn
|> put_flash(:error, "You must be logged into access that page")
|> maybe_store_return_to()
|> redirect(to: "/")
|> halt()
end
end
defp maybe_store_return_to(%{method: "GET"} = conn) do
%{request_path: request_path, query_string: query_string} = conn
return_to = if query_string == "", do: request_path, else: request_path <> "?" <> query_string
put_session(conn, :user_return_to, return_to)
end
defp maybe_store_return_to(conn), do: conn
def signed_in_path(conn) do
AlgoraWeb.CoreComponents.channel_path(conn.assigns.current_user)
end
end