path: root/Foundation.hs

{-# LANGUAGE NoCPP #-}
module Foundation where

import Import.NoFoundation
import Database.Persist.Sql (ConnectionPool, runSqlPool)
import qualified Yesod.Auth.Message as AuthMsg
import Text.Hamlet                   (hamletFile)
import Text.Jasmine                  (minifym)
import Yesod.Core.Types              (Logger)
import Yesod.Default.Util            (addStaticContentExternal)
import Yesod.Auth.Email
import Network.Mail.Mime
import Text.Shakespeare.Text         (stext)
import Text.Blaze.Html.Renderer.Utf8 (renderHtml)
import Text.Cassius                  (PixelSize (..))
import Model.Unit                    (Unit (..))
import Model.Amount                  (Amount (..))
import qualified Database.Esqueleto as E
import qualified Yesod.Core.Unsafe as Unsafe

-- | The foundation datatype for your application. This can be a good place to
-- keep settings and values requiring initialization before your application
-- starts running, such as database connections. Every handler will have
-- access to the data present here.
data App = App
    { appNavbar      :: WidgetT App IO ()
    , appSettings    :: AppSettings
    , appStatic      :: Static -- ^ Settings for static file serving.
    , appConnPool    :: ConnectionPool -- ^ Database connection pool.
    , appHttpManager :: Manager
    , appLogger      :: Logger
    }

instance HasHttpManager App where
    getHttpManager = appHttpManager

-- Set up i18n messages. See the message folder.
mkMessage "App" "messages" "en"

getUnitMsg :: (MonadHandler m, RenderMessage (HandlerSite m) AppMessage) => Unit -> m Text
getUnitMsg unit = do
    mr <- getMessageRender
    return $ mr $ unitToMsg unit
  where
    unitToMsg :: Unit -> AppMessage
    unitToMsg Unit = MsgUnitUnit
    unitToMsg Gram = MsgUnitGram
    unitToMsg Litre = MsgUnitLitre

setMessageILevel :: (MonadHandler m, RenderMessage (HandlerSite m) msg) => Text -> msg -> m ()
setMessageILevel level msg = do
    mr <- getMessageRender
    let msgr = mr msg
    setMessage $ [shamlet|
    <div class="alert alert-dismissable #{level}" #message>
        <a class="close" data-dismiss="alert" aria-hidden="true">&times;
        \#{msgr}
|]

isAdmin :: User -> Bool
isAdmin user = userEmail user == "gueux@capeo"

authShopVendor :: ShopId -> User -> HandlerT App IO AuthResult
authShopVendor shopId user
    | isAdmin user = return Authorized
    | otherwise    = do
        shop <- runDB $ get404 shopId
        suser <- runDB $ get404 $ shopVendor shop
        authEqual suser user

authShop :: ShopId -> HandlerT App IO AuthResult
authShop shopId = maybeAuth
    >>= maybe (return AuthenticationRequired)
              (authShopVendor shopId . entityVal)

authShopDelivery :: ShopDeliveryId -> HandlerT App IO AuthResult
authShopDelivery shopdeliveryid = maybeAuth
    >>= maybe (return AuthenticationRequired)
              authShopDeliveryAux
  where
    authShopDeliveryAux euser = do
        shopdelivery <- runDB $ get404 shopdeliveryid
        authShopVendor (shopDeliveryShop shopdelivery) $ entityVal euser

authEqual :: Eq a => a -> a -> HandlerT App IO AuthResult
authEqual a b
   | a == b    = return Authorized
   | otherwise = unauthorizedI MsgNotAuthorized

authUserAux :: UserId -> Entity User -> HandlerT App IO AuthResult
authUserAux userId euser
   | isAdmin user = return Authorized
   | otherwise    = authEqual userId key
 where
   Entity key user = euser

authUser :: UserId -> HandlerT App IO AuthResult
authUser userId = maybeAuth
    >>= maybe (return AuthenticationRequired) (authUserAux userId)

authAuthentified :: HandlerT App IO AuthResult
authAuthentified = maybeAuthId
    >>= maybe (return AuthenticationRequired) (const $ return Authorized)

authNotAuthentified :: HandlerT App IO AuthResult
authNotAuthentified = maybeAuthId
    >>= maybe (return Authorized) (const $ unauthorizedI MsgLogoutFirst)

formLayout :: BootstrapFormLayout
formLayout = BootstrapHorizontalForm {
    bflLabelOffset = ColSm 0
  , bflLabelSize = ColSm 2
  , bflInputOffset = ColSm 0
  , bflInputSize = ColSm 8
}

quantityPrice :: Amount -> Quantity -> Amount
quantityPrice unitprice = (*) unitprice . toAmount

quantityItemPrice :: Item -> CartItem -> Amount
quantityItemPrice i = quantityPrice (itemPrice i) . cartItemQuantity

cartAmount' :: UserId -> HandlerT App IO Amount
cartAmount' userid = do
    cart <- runDB $
        E.select $
        E.from $ \(i, si) -> do
        E.where_ (     si E.^. CartItemCustomer E.==. E.val userid
                 E.&&. si E.^. CartItemItem E.==. i E.^. ItemId
                 )
        return (i, si)
    return $ foldr addCart (Amount 0) cart
  where
    addCart (ei, esi) = (+) $ quantityItemPrice (entityVal ei) (entityVal esi)

getCartId :: UserId -> HandlerT App IO CartId
getCartId userid = runDB (getBy $ UniqueCustomer userid)
    >>= maybe (insertCart userid) (return . entityKey)
  where
    insertCart userid' = do
        date <- liftIO getCurrentTime
        runDB $ insert $ Cart userid' date date (Amount 0)

-- This is where we define all of the routes in our application. For a full
-- explanation of the syntax, please see:
-- http://www.yesodweb.com/book/routing-and-handlers
--
-- Note that this is really half the story; in Application.hs, mkYesodDispatch
-- generates the rest of the code. Please see the linked documentation for an
-- explanation for this split.
mkYesodData "App" $(parseRoutesFile "config/routes")

-- | A convenient synonym for creating forms.
type Form x = Html -> MForm (HandlerT App IO) (FormResult x, Widget)

-- Please see the documentation for the Yesod typeclass. There are a number
-- of settings which can be configured by overriding methods here.
instance Yesod App where
    -- Controls the base of generated URLs. For more information on modifying,
    -- see: https://github.com/yesodweb/yesod/wiki/Overriding-approot
    approot = ApprootMaster $ appRoot . appSettings

    -- Store session data on the client in encrypted cookies,
    -- default session idle timeout is 120 minutes
    makeSessionBackend _ = Just <$> defaultClientSessionBackend
        120    -- timeout in minutes
        "config/client_session_key.aes"

    defaultLayout widget = do
        master <- getYesod
        mmsg <- getMessage
        mr <- getMessageRender
        let thumbnailHeight     = PixelSize $ toRational $ appThumbnailHeight $ appSettings master
            thumbnailWidth      = PixelSize $ toRational $ appThumbnailWidth $ appSettings master
            cartThumbnailHeight = PixelSize $ toRational $ appCartThumbnailHeight $ appSettings master
            cartThumbnailWidth  = PixelSize $ toRational $ appCartThumbnailWidth $ appSettings master
            navbar = appNavbar master

        -- We break up the default layout into two components:
        -- default-layout is the contents of the body tag, and
        -- default-layout-wrapper is the entire page. Since the final
        -- value passed to hamletToRepHtml cannot be a widget, this allows
        -- you to use normal widget features in default-layout.

        pc <- widgetToPageContent $ do
            $(combineStylesheets 'StaticR
                [ css_bootstrap_css
                ])
            $(combineScripts 'StaticR
                [ js_jquery_min_js
                , js_bootstrap_min_js
                ])
            navbar
            $(widgetFile "default-layout")
        withUrlRenderer $(hamletFile "templates/default-layout-wrapper.hamlet")

    -- The page to be redirected to when authentication is required.
    authRoute _ = Just LoginPanelR

    -- Authorizations for various routes
    isAuthorized HomeR _ = return Authorized
    isAuthorized (ShopR _) _ = return Authorized
    isAuthorized ShopListR True = authAuthentified
    isAuthorized ShopListR False = return Authorized
    isAuthorized (ShopAdminR shopid) _ = authShop shopid
    isAuthorized (ShopEditR shopid) writeBool = isAuthorized (ShopAdminR shopid) writeBool
    isAuthorized (ShopDeleteR shopid) writeBool = isAuthorized (ShopEditR shopid) writeBool
    isAuthorized (ItemEditR itemId) writeBool = do
        item <- runDB $ get404 itemId
        shopdelivery <- runDB $ get404 $ itemShopdelivery item
        isAuthorized (ShopAdminR $ shopDeliveryShop shopdelivery) writeBool
    isAuthorized (ItemDeleteR itemid) writeBool = isAuthorized (ItemEditR itemid) writeBool
    isAuthorized (ImageR _) _ = return Authorized
    isAuthorized (ImageListR userid) _ = authUser userid
    isAuthorized (ImageDeleteR userid _) writeBool = isAuthorized (ImageListR userid) writeBool
    isAuthorized CartR _ = authAuthentified
    isAuthorized (CartItemR _) _ = authAuthentified
    isAuthorized (CartItemEditR _) _ = authAuthentified
    isAuthorized (CartItemDeleteR _) _ = authAuthentified
    isAuthorized LoginPanelR _ = authNotAuthentified
    isAuthorized PlaceListR True = authAuthentified
    isAuthorized PlaceListR False = return Authorized
    isAuthorized (PlaceR _) _ = return Authorized
    isAuthorized DeliveryListR True = authAuthentified
    isAuthorized DeliveryListR False = return Authorized
    isAuthorized (DeliveryR _) _ = return Authorized
    isAuthorized (DeliveryPlaceR _) _ = authAuthentified
    isAuthorized (ShopShopDeliveryR shopid) _ = authShop shopid
    isAuthorized (ShopDeliveryR _) _ = return Authorized
    isAuthorized (ShopDeliveryAdminR shopdeliveryid) _ = authShopDelivery shopdeliveryid
    isAuthorized (ShopPlaceListR _) _ = return Authorized
    isAuthorized (UserR userid) _ = authUser userid
    isAuthorized (StaticR _) _ = return Authorized
    isAuthorized (AuthR LogoutR) _ = authAuthentified
    isAuthorized (AuthR LoginR) _ = authNotAuthentified
    isAuthorized (AuthR (PluginR "email" ["register"])) _ = authNotAuthentified
    isAuthorized (AuthR _) _ = return Authorized
    isAuthorized FaviconR _ = return Authorized
    isAuthorized RobotsR _ = return Authorized
    -- Default to Authorized for now.
    isAuthorized _ _ = return Authorized

    -- This function creates static content files in the static folder
    -- and names them based on a hash of their content. This allows
    -- expiration dates to be set far in the future without worry of
    -- users receiving stale content.
    addStaticContent ext mime content = do
        master <- getYesod
        let staticDir = appStaticDir $ appSettings master
        addStaticContentExternal
            minifym
            genFileName
            staticDir
            (StaticR . flip StaticRoute [])
            ext
            mime
            content
      where
        -- Generate a unique filename based on the content itself
        genFileName lbs = "autogen-" ++ base64md5 lbs

    -- What messages should be logged. The following includes all messages when
    -- in development, and warnings and errors in production.
    shouldLog app _source level =
        appShouldLogAll (appSettings app)
            || level == LevelWarn
            || level == LevelError

    makeLogger = return . appLogger

-- How to run database actions.
instance YesodPersist App where
    type YesodPersistBackend App = SqlBackend
    runDB action = do
        master <- getYesod
        runSqlPool action $ appConnPool master
instance YesodPersistRunner App where
    getDBRunner = defaultGetDBRunner appConnPool

instance YesodAuth App where
    type AuthId App = UserId

    -- Where to send a user after successful login
    loginDest _ = HomeR
    -- Where to send a user after logout
    logoutDest _ = HomeR
    -- Override the above two destinations when a Referer: header is present
    redirectToReferer _ = True

    -- getAuthId creds = runDB $ do
    --     x <- getBy $ UniqueUser $ credsIdent creds
    --     case x of
    --         Just (Entity uid _) -> return $ Just uid
    --         Nothing -> Just <$> insert User
    --             { userIdent = credsIdent creds
    --             , userPassword = Nothing
    --             }
    -- Need to find the UserId for the given email address.
    getAuthId creds = do
        date <- liftIO getCurrentTime
        x <- runDB $ insertBy $ User (credsIdent creds) Nothing Nothing False date
        return $ Just $
            case x of
                Left (Entity userid _) -> userid -- newly added user
                Right userid -> userid -- existing user

    -- You can add other plugins like BrowserID, email or OAuth here
    authPlugins _ = [authEmail]

    authHttpManager = getHttpManager

    onLogin = setMessageILevel "alert-info" MsgNowLoggedIn

    onLogout = setMessageILevel "alert-info" MsgNowLoggedOut

instance YesodAuthPersist App

-- This instance is required to use forms. You can modify renderMessage to
-- achieve customized and internationalized form validation messages.
instance RenderMessage App FormMessage where
    renderMessage _ _ = defaultFormMessage

unsafeHandler :: App -> Handler a -> IO a
unsafeHandler = Unsafe.fakeHandlerGetLogger appLogger

-- Note: Some functionality previously present in the scaffolding has been
-- moved to documentation in the Wiki. Following are some hopefully helpful
-- links:
--
-- https://github.com/yesodweb/yesod/wiki/Sending-email
-- https://github.com/yesodweb/yesod/wiki/Serve-static-files-from-a-separate-domain
-- https://github.com/yesodweb/yesod/wiki/i18n-messages-in-the-scaffolding

instance YesodAuthEmail App where
    type AuthEmailId App = UserId

    addUnverified email verkey = do
        date <- liftIO getCurrentTime
        runDB $ insert $ User email Nothing (Just verkey) False date

    sendVerifyEmail email _ verurl = do
        messageRender <- getMessageRender
        let plainPart' = plainPart [stext|#{messageRender MsgVerifyEmailIntro}

#{verurl}

#{messageRender MsgVerifyEmailOutro}
|]
        let htmlPart' = Part {
              partType = "text/html; charset=utf-8"
            , partEncoding = None
            , partFilename = Nothing
            , partHeaders = []
            , partContent = renderHtml
                [shamlet|
                    <p>#{messageRender MsgVerifyEmailIntro}
                    <p>
                        <a href=#{verurl}>#{verurl}
                    <p>#{messageRender MsgVerifyEmailOutro}
                |]
            }
        liftIO $ renderSendMail (emptyMail $ Address Nothing "noreply")
            { mailTo = [Address Nothing email]
            , mailHeaders =
                [ ("Subject", messageRender MsgVerifyEmailSubject)
                ]
            , mailParts = [[plainPart', htmlPart']]
            }

    getVerifyKey = runDB . fmap (join . fmap userVerkey) . get
    setVerifyKey uid key = runDB $ update uid [UserVerkey =. Just key]

    verifyAccount uid = runDB $ do
        mu <- get uid
        case mu of
            Nothing -> return Nothing
            Just _ -> do
                update uid [UserVerified =. True]
                return $ Just uid

    getPassword = runDB . fmap (join . fmap userPassword) . get
    setPassword uid pass = runDB $ update uid [UserPassword =. Just pass]

    getEmailCreds email = runDB $ do
        mu <- getBy $ UniqueUser email
        case mu of
            Nothing -> return Nothing
            Just (Entity uid u) -> return $ Just EmailCreds
                { emailCredsId = uid
                , emailCredsAuthId = Just uid
                , emailCredsStatus = isJust $ userPassword u
                , emailCredsVerkey = userVerkey u
                , emailCredsEmail = userEmail u
                }
    getEmail = runDB . fmap (fmap userEmail) . get

    afterPasswordRoute _ = HomeR

    registerHandler = do
        email <- newIdent
        lift $ authLayout $ do
            setTitleI AuthMsg.RegisterLong
            $(widgetFile "register")

    confirmationEmailSentResponse identifier = do
        mr <- getMessageRender
        selectRep $ do
            provideJsonMessage (mr msg)
            provideRep $ authLayout $ do
              setTitleI AuthMsg.ConfirmationEmailSentTitle
              setMessageILevel "alert-info" msg
              redirectUltDest HomeR
      where
        msg = AuthMsg.ConfirmationEmailSent identifier