Add login API.

Author: ForNeVeR

project.clj

@@ -4,6 +4,7 @@
                  [clj-liquibase "0.5.2"]
                  [com.h2database/h2 "1.3.173"]
                  [crypto-password "0.1.3"]
+                 [crypto-random "1.2.0"]
                  [log4j/log4j "1.2.17"]
                  [metosin/ring-swagger "0.13.0"]
                  [metosin/compojure-api "0.16.0"]

src/hyperspace/server/database/migrations.clj

@@ -7,7 +7,8 @@
                       [(ch/create-table :users
                                         [[:id :int :null false :pk true :autoinc true]
                                          [:login [:varchar 128] :unique true :null false]
-                                         [:password [:varchar 128] :null false]])
+                                         [:password [:varchar 128] :null false]
+                                         [:session [:varchar 16] :null true :unique true]])
                        (ch/create-index :users [:login])]])
 
 (defchangelog changelog "hyperspace-server" [add-users-table])

src/hyperspace/server/database/user.clj

@@ -1,13 +1,32 @@
 (ns hyperspace.server.database.user
-  (:require [crypto.password.scrypt :as password])
-  (:use [azql.core :only [select from insert! values]]
+  (:import (java.util UUID))
+  (:require [crypto.password.scrypt :as password]
+            [crypto.random :as random])
+  (:use [azql.core]
         [hyperspace.server.database.datasource :only [db-spec]]))
 
 (defn create [{login :login password :password}]
   (insert! db-spec :users
            (values [{:login    login
                      :password (password/encrypt password)}])))
 
+(defn- generate-session []
+  ;; 8 random bytes = 16 hex digits should be enough for duplicates to be almost impossible with probability of about
+  ;; 10^-12
+  (random/hex 8))
+
 (defn login [{login :login password :password}]
-  ;; TODO: log in and save session
-  nil)
+  (with-connection [c db-spec]
+    (transaction c
+      (let [user (fetch-one c
+                   (select (fields [:login :password])
+                           (from :u :users)
+                           (where (= :u.login login))))
+            user-id (:id user)]
+        (if (password/check password (:password user))
+          (let [session (generate-session)]
+            (update! c :users
+              (setf :session session)
+              (where (= :id user-id)))
+            session)
+          nil)))))