xssbook2/db/rest/login/api_login.sql

CREATE FUNCTION api.login(
	username TEXT,
	password TEXT
)
RETURNS sys.JWT
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
	_role NAME;
	_user_id INTEGER;
	_token sys.JWT;
BEGIN
	SELECT role INTO _role
		FROM admin.user u
		WHERE u.username = login.username
		AND u.password = login.password;

	IF _role IS NULL THEN
		PERFORM _api.raise(
			_msg => 'api_invalid_login'
		);
		RETURN NULL;
	END IF;

	SELECT id INTO _user_id
		FROM admin.user u
		WHERE u.username = login.username;

	_token = _api.sign_jwt(
		_role,
		_user_id
	);

	RETURN _token;
END
$BODY$;

GRANT EXECUTE ON FUNCTION api.login(TEXT, TEXT)
	TO rest_anon, rest_user;
GRANT SELECT ON TABLE admin.user
	TO rest_anon, rest_user;
start database (user and post), and initial barebones home page 2024-03-30 02:29:56 +00:00			`CREATE FUNCTION api.login(`
			`username TEXT,`
			`password TEXT`
			`)`
			`RETURNS sys.JWT`
			`LANGUAGE plpgsql VOLATILE`
			`AS $BODY$`
			`DECLARE`
			`_role NAME;`
			`_user_id INTEGER;`
			`_token sys.JWT;`
			`BEGIN`
			`SELECT role INTO _role`
			`FROM admin.user u`
			`WHERE u.username = login.username`
			`AND u.password = login.password;`

			`IF _role IS NULL THEN`
			`PERFORM _api.raise(`
			`_msg => 'api_invalid_login'`
			`);`
			`RETURN NULL;`
			`END IF;`

			`SELECT id INTO _user_id`
			`FROM admin.user u`
			`WHERE u.username = login.username;`

			`_token = _api.sign_jwt(`
			`_role,`
			`_user_id`
			`);`

			`RETURN _token;`
			`END`
			`$BODY$;`

			`GRANT EXECUTE ON FUNCTION api.login(TEXT, TEXT)`
			`TO rest_anon, rest_user;`
			`GRANT SELECT ON TABLE admin.user`
			`TO rest_anon, rest_user;`