53 lines
1.6 KiB
Elixir
53 lines
1.6 KiB
Elixir
defmodule Localiser.Web.Controllers.SessionController do
|
|
use Phoenix.Controller, formats: [:json]
|
|
use OpenApiSpex.ControllerSpecs
|
|
|
|
alias Localiser.Domain.Users
|
|
alias Localiser.Web.Token
|
|
alias Localiser.Web.Schemas
|
|
|
|
tags ["Auth"]
|
|
security []
|
|
|
|
operation :create,
|
|
summary: "Log in and receive a JWT",
|
|
request_body: {"Login params", "application/json", Schemas.SessionParams, required: true},
|
|
responses: [
|
|
ok: {"JWT + user", "application/json", Schemas.TokenResponse},
|
|
bad_request: {"Missing username/password", "application/json", Schemas.Error},
|
|
unauthorized: {"Invalid credentials", "application/json", Schemas.Error}
|
|
]
|
|
|
|
operation :delete,
|
|
summary: "Log out (client discards token)",
|
|
responses: [no_content: "Logged out"]
|
|
|
|
def create(conn, %{"username" => username, "password" => password}) do
|
|
case Users.authenticate_user(username, password) do
|
|
{:ok, user} ->
|
|
token = Token.generate(%{"sub" => user.id, "username" => user.username, "is_admin" => user.is_admin})
|
|
json(conn, %{token: token, user: render_user(user)})
|
|
|
|
{:error, :invalid_credentials} ->
|
|
conn
|
|
|> put_status(:unauthorized)
|
|
|> json(%{error: "invalid credentials"})
|
|
end
|
|
end
|
|
|
|
def create(conn, _params) do
|
|
conn
|
|
|> put_status(:bad_request)
|
|
|> json(%{error: "username and password are required"})
|
|
end
|
|
|
|
def delete(conn, _params) do
|
|
# JWT is stateless; client discards token
|
|
send_resp(conn, :no_content, "")
|
|
end
|
|
|
|
defp render_user(user) do
|
|
%{id: user.id, username: user.username, is_admin: user.is_admin}
|
|
end
|
|
end
|