(in-package #:vampire)

(wknd:defendpoint create.session
  :post :to "login"
  :parameters
  (name string)
  (password string)
  :properties
  (user user)
  :authenticate (authenticate-user-login name password)
  :handle (wknd:endpoint-redirect 'home.html))

(defun authenticate-user-login (name password)
  (do>
    found-user :when= (user-with-name name)
    :when (equal (user-pwhash found-user)
		 (hash-string password (user-pwsalt found-user)))
    session := (db:with-transaction () (make-instance 'session :user found-user))
    (wknd:set-cookie +session-cookie+ :value (key session))))

(wknd:defendpoint destroy.session
  :using user-known
  :post :to "logout"
  :handle (do>
	    session := (object-with-key (wknd:get-cookie +session-cookie+))
	    (db:delete-object session)
	    (wknd:set-cookie +session-cookie+ :value nil)
	    (wknd:endpoint-redirect 'login.html)))