-- Deploy tipus:login to pg -- requires: roles -- requires: schema_auth -- requires: schema_tipus -- requires: extension_pgcrypto -- requires: email -- requires: user -- requires: login_attempt -- requires: build_cookie begin; set search_path to tipus, auth; create or replace function login(email email, password text, ip_address inet default null) returns text as $$ declare user_cookie text; begin if not exists (select * from "user" where "user".email = login.email and "user".password = crypt(login.password, "user".password)) then insert into login_attempt (user_name, ip_address, success) values (login.email, login.ip_address, false); return ''; end if; select cookie into user_cookie from "user" where "user".email = login.email and cookie_expires_at > current_timestamp and length(cookie) > 30; if user_cookie is null then select encode(gen_random_bytes(25), 'hex') into user_cookie; end if; update "user" set cookie = user_cookie , cookie_expires_at = current_timestamp + interval '1 year' where "user".email = login.email; insert into login_attempt (user_name, ip_address, success) values (login.email, login.ip_address, true); return build_cookie(email, user_cookie); end; $$ language plpgsql security definer set search_path = auth, tipus, pg_temp; comment on function login(email, text, inet) is 'Tries to logs a user in, recording the attempt, and returns the cookie to send back to the user if the authentication was successfull.'; revoke execute on function login(email, text, inet) from public; grant execute on function login(email, text, inet) to guest; commit;