start database (user and post), and initial barebones home page

author: Freya Murphy <freya@freyacat.org> 2024-03-29 22:29:56 -0400
committer: Freya Murphy <freya@freyacat.org> 2024-03-29 22:29:56 -0400
commit: 944b6b0526032ad8c1b4a2612d6723bec75e0e4c (patch)
tree: d3da5584df33a7878c087622b4fc2ec2883cf880 /db/rest/login/api_login.sql
download: xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.tar.gz
xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.tar.bz2
xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.zip
1 files changed, 41 insertions, 0 deletions
diff --git a/db/rest/login/api_login.sql b/db/rest/login/api_login.sql
new file mode 100644
index 0000000..0cf0535
--- /dev/null
+++ b/db/rest/login/api_login.sql
@@ -0,0 +1,41 @@
+CREATE FUNCTION api.login(
+	username TEXT,
+	password TEXT
+)
+RETURNS sys.JWT
+LANGUAGE plpgsql VOLATILE
+AS $BODY$
+DECLARE
+	_role NAME;
+	_user_id INTEGER;
+	_token sys.JWT;
+BEGIN
+	SELECT role INTO _role
+		FROM admin.user u
+		WHERE u.username = login.username
+		AND u.password = login.password;
+
+	IF _role IS NULL THEN
+		PERFORM _api.raise(
+			_msg => 'api_invalid_login'
+		);
+		RETURN NULL;
+	END IF;
+
+	SELECT id INTO _user_id
+		FROM admin.user u
+		WHERE u.username = login.username;
+
+	_token = _api.sign_jwt(
+		_role,
+		_user_id
+	);
+
+	RETURN _token;
+END
+$BODY$;
+
+GRANT EXECUTE ON FUNCTION api.login(TEXT, TEXT)
+	TO rest_anon, rest_user;
+GRANT SELECT ON TABLE admin.user
+	TO rest_anon, rest_user;
author	Freya Murphy <freya@freyacat.org>	2024-03-29 22:29:56 -0400
committer	Freya Murphy <freya@freyacat.org>	2024-03-29 22:29:56 -0400
commit	944b6b0526032ad8c1b4a2612d6723bec75e0e4c (patch)
tree	d3da5584df33a7878c087622b4fc2ec2883cf880 /db/rest/login/api_login.sql
download	xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.tar.gz xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.tar.bz2 xssbook2-944b6b0526032ad8c1b4a2612d6723bec75e0e4c.zip