middleware: rename has_cookie to cookie

also introduce User_model.session_cookie and User_model.csrf_cookie

middleware.ml

@@ -8,11 +8,12 @@ let header header_name reqd =
 let user_agent reqd = header "User-Agent" reqd
 
 let generate_csrf_cookie now reqd =
-  User_model.generate_cookie ~name:"molly_csrf" ~user_agent:(user_agent reqd)
+  User_model.generate_cookie ~name:User_model.csrf_cookie
+    ~user_agent:(user_agent reqd)
     ~uuid:(Uuidm.to_string (User_model.generate_uuid ()))
     ~created_at:now ~expires_in:3600 ()
 
-let has_cookie cookie_name (reqd : Httpaf.Reqd.t) =
+let cookie cookie_name (reqd : Httpaf.Reqd.t) =
   match header "Cookie" reqd with
   | Some cookies ->
       let cookie_list = String.split_on_char ';' cookies in
@@ -32,8 +33,8 @@ let redirect_to_login reqd ?(msg = "") () =
   let header_list =
     [
       ( "Set-Cookie",
-        "molly_session=;Path=/;HttpOnly=true;Expires=2023-10-27T11:00:00.778Z"
-      );
+        User_model.session_cookie
+        ^ "=;Path=/;HttpOnly=true;Expires=2023-10-27T11:00:00.778Z" );
       ("location", "/sign-in");
       ("Content-Length", string_of_int (String.length msg));
     ]
@@ -47,8 +48,8 @@ let redirect_to_register reqd ?(msg = "") () =
   let header_list =
     [
       ( "Set-Cookie",
-        "molly_session=;Path=/;HttpOnly=true;Expires=2023-10-27T11:00:00.778Z"
-      );
+        User_model.session_cookie
+        ^ "=;Path=/;HttpOnly=true;Expires=2023-10-27T11:00:00.778Z" );
       ("location", "/sign-up");
       ("Content-Length", string_of_int (String.length msg));
     ]
@@ -132,7 +133,7 @@ let user_from_auth_cookie cookie users =
   | None -> Error (`Msg "User not found")
 
 let get_cookie_from_request reqd =
-  match has_cookie "molly_session" reqd with
+  match cookie User_model.session_cookie reqd with
   | Some auth_cookie -> (
       match cookie_value auth_cookie with
       | Ok cookie_value -> Ok cookie_value
@@ -175,7 +176,7 @@ let user_of_cookie users now reqd =
       Error (`Msg err)
 
 let session_cookie_value reqd =
-  match has_cookie "molly_session" reqd with
+  match cookie User_model.session_cookie reqd with
   | Some cookie -> (
       match cookie_value cookie with
       | Ok "" -> Ok None
@@ -211,7 +212,7 @@ let is_user_admin_middleware api_meth now users handler reqd =
 let csrf_match ~input_csrf ~check_csrf = String.equal input_csrf check_csrf
 
 let csrf_cookie_verification form_csrf reqd =
-  match has_cookie "molly_csrf" reqd with
+  match cookie User_model.csrf_cookie reqd with
   | Some cookie -> (
       match cookie_value cookie with
       | Ok token -> csrf_match ~input_csrf:form_csrf ~check_csrf:token
@@ -228,7 +229,7 @@ let csrf_verification users now form_csrf handler reqd =
       let user_csrf_token =
         List.find_opt
           (fun (cookie : User_model.cookie) ->
-            String.equal cookie.name "molly_csrf")
+            String.equal cookie.name User_model.csrf_cookie)
           user.User_model.cookies
       in
       match user_csrf_token with

unikernel.ml

@@ -97,7 +97,7 @@ struct
         Logs.warn (fun m -> m "Failed to parse JSON: %s" err);
         Lwt.return (Error (`Msg err))
     | Ok json -> (
-        match Yojson.Basic.Util.member "molly_csrf" json with
+        match Yojson.Basic.Util.member User_model.csrf_cookie json with
         | `String token -> Lwt.return (Ok (token, json))
         | _ -> Lwt.return (Error (`Msg "Couldn't find CSRF token")))
 
@@ -300,7 +300,7 @@ struct
                               let cookie =
                                 List.find
                                   (fun (c : User_model.cookie) ->
-                                    c.name = "molly_session")
+                                    c.name = User_model.session_cookie)
                                   user.cookies
                               in
                               let cookie_value =
@@ -392,7 +392,7 @@ struct
                             let cookie =
                               List.find_opt
                                 (fun (c : User_model.cookie) ->
-                                  c.name = "molly_session")
+                                  c.name = User_model.session_cookie)
                                 user.cookies
                             in
                             match cookie with
@@ -720,7 +720,7 @@ struct
               cookie
               :: List.filter
                    (fun (cookie : User_model.cookie) ->
-                     not (String.equal cookie.name "molly_session"))
+                     not (String.equal cookie.name User_model.session_cookie))
                    user.cookies
             in
             let updated_user =
@@ -1018,7 +1018,7 @@ struct
                 let user_csrf_token =
                   List.find_opt
                     (fun (cookie : User_model.cookie) ->
-                      String.equal cookie.name "molly_csrf")
+                      String.equal cookie.name User_model.csrf_cookie)
                     user.User_model.cookies
                 in
                 match user_csrf_token with

user_account.ml

@@ -320,7 +320,7 @@ let user_account_layout ~csrf (user : User_model.user)
                              ])
                          (List.filter
                             (fun (cookie : User_model.cookie) ->
-                              String.equal cookie.name "molly_session")
+                              String.equal cookie.name User_model.session_cookie)
                             user.cookies));
                     div
                       ~a:[ a_class [ "my-4 w-1/2 text-center" ] ]

user_model.ml

@@ -34,6 +34,8 @@ type user = {
 }
 
 let week = 604800 (* a week = 7 days * 24 hours * 60 minutes * 60 seconds *)
+let session_cookie = "molly_session"
+let csrf_cookie = "molly_csrf"
 
 let get key assoc =
   match List.find_opt (fun (k, _) -> String.equal k key) assoc with
@@ -525,7 +527,7 @@ let create_user_session_map (users : user list) : (string * user) list =
        (fun user ->
          let session_cookies =
            List.filter
-             (fun (cookie : cookie) -> String.equal cookie.name "molly_session")
+             (fun (cookie : cookie) -> String.equal cookie.name session_cookie)
              user.cookies
          in
          List.map (fun c -> (c.value, user)) session_cookies)
@@ -544,7 +546,7 @@ let create_user ~name ~email ~password ~created_at ~active ~super_user
   let password = hash_password ~password ~uuid in
   let auth_token = generate_token ~created_at () in
   let session =
-    generate_cookie ~name:"molly_session" ~expires_in:week ~uuid ~created_at
+    generate_cookie ~name:session_cookie ~expires_in:week ~uuid ~created_at
       ~user_agent ()
   in
   (* auth sessions should expire after a week (24hrs * 7days * 60mins * 60secs) *)
@@ -632,13 +634,13 @@ let verify_email_token users token timestamp =
 let user_auth_cookie_from_user cookie_value (user : user) =
   List.find_opt
     (fun (cookie : cookie) ->
-      String.equal cookie.name "molly_session"
+      String.equal cookie.name session_cookie
       && String.equal cookie_value cookie.value)
     user.cookies
 
 let clear_csrfs user =
   List.filter
-    (fun (cookie : cookie) -> String.equal cookie.name "molly_session")
+    (fun (cookie : cookie) -> String.equal cookie.name session_cookie)
     user.cookies
 
 let login_user ~email ~password ~user_agent users now =
@@ -654,8 +656,8 @@ let login_user ~email ~password ~user_agent users now =
         match String.equal u.password pass with
         | true ->
             let new_session =
-              generate_cookie ~name:"molly_session" ~expires_in:week
-                ~uuid:u.uuid ~created_at:now ~user_agent ()
+              generate_cookie ~name:session_cookie ~expires_in:week ~uuid:u.uuid
+                ~created_at:now ~user_agent ()
             in
             let cookies = new_session :: clear_csrfs u in
             let updated_user = update_user u ~cookies () in