aboutsummaryrefslogtreecommitdiff
path: root/src/handlers/auth.rs
diff options
context:
space:
mode:
authorCara Salter <cara@devcara.com>2022-07-20 07:59:44 -0400
committerCara Salter <cara@devcara.com>2022-07-20 07:59:44 -0400
commitf42bf29ba97fc808433ae4217fd6b00469a12fae (patch)
tree0e04421da46d41f20d19327a0e1280509957a1e7 /src/handlers/auth.rs
parentc742b752140ab0eee6e353c779bd897042ba6739 (diff)
downloadnccd-f42bf29ba97fc808433ae4217fd6b00469a12fae.tar.gz
nccd-f42bf29ba97fc808433ae4217fd6b00469a12fae.zip
Cookies
Diffstat (limited to 'src/handlers/auth.rs')
-rw-r--r--src/handlers/auth.rs34
1 files changed, 29 insertions, 5 deletions
diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs
index c4672aa..7e2642c 100644
--- a/src/handlers/auth.rs
+++ b/src/handlers/auth.rs
@@ -3,8 +3,8 @@ use std::sync::Arc;
use axum::{response::{IntoResponse, Html, Redirect}, Form, Extension};
use axum_extra::extract::{PrivateCookieJar, cookie::Cookie};
use serde::Deserialize;
-use sqlx::{query, query_as};
-use tracing::debug;
+use sqlx::{query, query_as, pool::PoolConnection, Postgres};
+use tracing::{debug, instrument};
use crate::{errors::ServiceError, State, models::DbUser};
use chrono::prelude::*;
@@ -39,15 +39,17 @@ pub async fn login_post(Form(login): Form<LoginForm>, state: Extension<Arc<State
if bcrypt::verify(login.password, &user.pw_hash)? {
debug!("Logged in ID {} (email {})", user.id, user.email);
- query("UPDATE users SET last_login=$1 WHERE id=$2").bind(Utc::now()).bind(user.id)
+ query("UPDATE users SET last_login=$1 WHERE id=$2").bind(Utc::now()).bind(user.id.clone())
.execute(&mut conn)
.await?;
let updated_jar = jar.add(Cookie::new("user-id", user.id.clone()));
- } else {
+ Ok((updated_jar, Redirect::to("/")))
+ } else {
+ let updated_jar = jar;
+ Ok((updated_jar, Redirect::to("/dash/auth/login")))
}
- Ok((updated_jar, Redirect::to("/")))
}
pub async fn register() -> impl IntoResponse {
@@ -77,3 +79,25 @@ pub async fn register_post(Form(reg): Form<RegisterForm>, state: Extension<Arc<S
Ok(Redirect::to("/dash/auth/login"))
}
+
+#[instrument]
+pub async fn get_user_or_403(jar: PrivateCookieJar, conn: &mut PoolConnection<Postgres>) -> Result<DbUser, ServiceError> {
+ debug!("Starting middleware get_user_or_403");
+ debug!("Displaying all cookies");
+ for c in jar.iter() {
+ debug!("{}={}", c.name(), c.value());
+ }
+ if let Some(id) = jar.get("user-id") {
+ debug!("Found user {}", id);
+
+ let user: DbUser = query_as("SELECT * FROM users WHERE id=$1").bind(id.value())
+ .fetch_one(conn)
+ .await?;
+
+ Ok(user)
+
+ } else {
+ debug!("No user found");
+ Err(ServiceError::NotAuthorized)
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-12 22:51:35 +0000