Merge: Safe call operator

[nit.git] / lib / popcorn / pop_auth.nit

diff --git a/lib/popcorn/pop_auth.nit b/lib/popcorn/pop_auth.nit
index ca37876..285d032 100644 (file)
--- a/lib/popcorn/pop_auth.nit
+++ b/lib/popcorn/pop_auth.nit
@@ -77,7 +77,8 @@
 # ~~~
 module pop_auth
 
-import pop_handlers
+import pop_json
+import pop_sessions
 import github
 
 # Github OAuth login handler.
@@ -196,12 +197,9 @@ class GithubOAuthCallBack
                        return
                end
 
-               # FIXME reinit curl before next request to avoid weird 404
-               curl = new Curl
-
                # Load github user
                var gh_api = new GithubAPI(access_token)
-               var user = gh_api.load_auth_user
+               var user = gh_api.get_auth_user
                if user == null then
                        res.error 401
                        return
@@ -270,25 +268,60 @@ class GithubLogout
        end
 end
 
-# Get the currently logged in user from session.
-class GithubUser
+# AuthHandler allows access to session user
+#
+# Inherit this handler to access to session user from your custom handler.
+#
+# For example, you need a profile handler that checks if the user is logged
+# before returning it in json format.
+# ~~~
+# import popcorn::pop_auth
+#
+# class ProfileHandler
+#      super AuthHandler
+#
+#      redef fun get(req, res) do
+#              var user = check_session_user(req, res)
+#              if user == null then return
+#              res.json user
+#      end
+# end
+# ~~~
+#
+# By using `check_session_user`, we delegate to the `AuthHandler` the responsability
+# to set the HTTP 403 error.
+# We then check is the user is not null before pursuing.
+abstract class AuthHandler
        super Handler
 
-       # Get user from session or null.
-       fun get_session_user(req: HttpRequest): nullable User do
+       # Returns `user` from `req.session` or null if no user is authenticated.
+       fun session_user(req: HttpRequest): nullable User do
                var session = req.session
                if session == null then return null
                var user = session.user
                return user
        end
 
-       redef fun get(req, res) do
-               var user = get_session_user(req)
+       # Check the session for user and return it.
+       #
+       # If no `user` can be found in session, set res as a HTTP 403 error and return `null`.
+       fun check_session_user(req: HttpRequest, res: HttpResponse): nullable User do
+               var user = session_user(req)
                if user == null then
                        res.error 403
-                       return
                end
-               res.json user.json
+               return user
+       end
+end
+
+# Get the currently logged in user from session.
+class GithubUser
+       super AuthHandler
+
+       redef fun get(req, res) do
+               var user = check_session_user(req, res)
+               if user == null then return
+               res.json user
        end
 end