Hash passwords when creating accounts

TL;DR:
- introduce the Cryptonite library
- Remove the redundant language extensions, imports, deps from Persistent
- Prefer NoContent return type for POST /accounts
- Define custom {To,From}JSON instances for Role

1 files changed, 10 insertions, 8 deletions

diff --git a/src/App.hs b/src/App.hs
index 8e169f9f8d26..e9c528ec4eac 100644
--- a/src/App.hs
+++ b/src/App.hs
@@ -33,14 +33,16 @@ server dbFile = createAccountH
     listTripsH              = liftIO $ listTrips
 
     -- TODO(wpcarro): Handle failed CONSTRAINTs instead of sending 500s
-    createAccount :: T.Account -> IO (Maybe T.Session)
-    createAccount account = withConnection dbFile $ \conn -> do
-      execute conn "INSERT INTO Accounts (username,password,email,role,profilePicture) VALUES (?,?,?,?,?)"
-        (account & T.accountFields)
-      T.Session{ T.username = T.accountUsername account
-               , T.password = T.accountPassword account
-               , T.role = T.accountRole account
-               } & Just & pure
+    createAccount :: T.CreateAccountRequest -> IO NoContent
+    createAccount request = withConnection dbFile $ \conn -> do
+      hashed <- T.hashPassword (T.createAccountRequestPassword request)
+      execute conn "INSERT INTO Accounts (username,password,email,role) VALUES (?,?,?,?)"
+        ( T.createAccountRequestUsername request
+        , hashed
+        , T.createAccountRequestEmail request
+        , T.createAccountRequestRole request
+        )
+      pure NoContent
 
     deleteAccount :: Text -> IO NoContent
     deleteAccount username = withConnection dbFile $ \conn -> do