numerus/deploy/check_cookie.sql

-- Deploy numerus:check_cookie to pg
-- requires: schema_auth
-- requires: user

begin;

set search_path to numerus, auth, public;

create or replace function check_cookie(input_cookie text) returns record as
$$
declare
	value record;
begin
	select email::text, role
	into value
	from "user"
	where email = split_part(input_cookie, '/', 2)
	  and cookie_expires_at > current_timestamp
	  and length(password) > 0
	  and cookie = split_part(input_cookie, '/', 1)
	;
	if value is null then
		select '', 'guest'::name into value;
	end if;
	return value;
end;
$$
language plpgsql
security definer
stable
set search_path = auth, numerus, pg_temp;

comment on function check_cookie(text) is
'Checks whether a given cookie is for a valid users, returning its email and role';

revoke execute on function check_cookie(text) from public;
grant execute on function check_cookie(text) to authenticator;

commit;
Implement login cookie, its verification, and logout At first i thought that i would need to implement sessions, the ones that keep small files onto the disk, to know which user is talking to the server, but then i realized that, for now at least, i only need a very large number, plus the email address, to be used as a lookup, and that can be stored in the user table, in a separate schema. Had to change login to avoid raising exceptions when login failed because i now keep a record of login attemps, and functions are always run in a single transaction, thus the exception would prevent me to insert into login_attempt. Even if i use a separate procedure, i could not keep the records. I did not want to add a parameter to the logout function because i was afraid that it could be called from separate users. I do not know whether it is possible with the current approach, since the settings variable is also set by the same applications; time will tell. 2023-01-17 19:48:50 +00:00			`-- Deploy numerus:check_cookie to pg`
			`-- requires: schema_auth`
			`-- requires: user`

			`begin;`

			`set search_path to numerus, auth, public;`

			`create or replace function check_cookie(input_cookie text) returns record as`
			`$$`
			`declare`
			`value record;`
			`begin`
			`select email::text, role`
			`into value`
			`from "user"`
			`where email = split_part(input_cookie, '/', 2)`
			`and cookie_expires_at > current_timestamp`
			`and length(password) > 0`
			`and cookie = split_part(input_cookie, '/', 1)`
			`;`
			`if value is null then`
			`select '', 'guest'::name into value;`
			`end if;`
			`return value;`
			`end;`
			`$$`
			`language plpgsql`
			`security definer`
			`stable`
			`set search_path = auth, numerus, pg_temp;`

			`comment on function check_cookie(text) is`
			`'Checks whether a given cookie is for a valid users, returning its email and role';`

			`revoke execute on function check_cookie(text) from public;`
			`grant execute on function check_cookie(text) to authenticator;`

			`commit;`