diff options
Diffstat (limited to 'src/handlers/auth.rs')
| -rw-r--r-- | src/handlers/auth.rs | 117 |
1 files changed, 0 insertions, 117 deletions
diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs deleted file mode 100644 index ab72bc8..0000000 --- a/src/handlers/auth.rs +++ /dev/null @@ -1,117 +0,0 @@ -use std::sync::Arc; - -use axum::{response::{IntoResponse, Html, Redirect}, Form, Extension}; -use axum_extra::extract::{PrivateCookieJar, cookie::Cookie}; -use serde::Deserialize; -use sqlx::{query, query_as, pool::PoolConnection, Postgres}; -use tracing::{debug, instrument}; -use crate::{errors::ServiceError, State, models::DbUser}; -use chrono::prelude::*; - -#[derive(Deserialize, Debug)] -pub struct RegisterForm { - pub email: String, - pub prefname: String, - pub password: String, - #[serde(rename="password-confirm")] - pub password_confirm: String -} - -#[derive(Deserialize)] -pub struct LoginForm { - pub email: String, - pub password: String, -} - -pub async fn login() -> impl IntoResponse { - let mut buf = Vec::new(); - crate::templates::login_html(&mut buf).unwrap(); - - Html(buf) -} - -pub async fn login_post(Form(login): Form<LoginForm>, state: Extension<Arc<State>>, jar: PrivateCookieJar) -> Result<(PrivateCookieJar, Redirect), ServiceError> { - let mut conn = state.conn.acquire().await?; - - let user: DbUser = query_as("SELECT * FROM users WHERE email=$1").bind(login.email) - .fetch_one(&mut conn) - .await?; - - if bcrypt::verify(login.password, &user.pw_hash)? { - debug!("Logged in ID {} (email {})", user.id, user.email); - query("UPDATE users SET last_login=$1 WHERE id=$2").bind(Utc::now()).bind(user.id.clone()) - .execute(&mut conn) - .await?; - - let updated_jar = jar.add(Cookie::build("user-id", user.id.clone()) - .path("/") - .finish()); - - Ok((updated_jar, Redirect::to("/"))) - } else { - let updated_jar = jar; - Ok((updated_jar, Redirect::to("/dash/auth/login"))) - } -} - -pub async fn register() -> impl IntoResponse { - let mut buf = Vec::new(); - crate::templates::register_html(&mut buf).unwrap(); - - Html(buf) -} - -pub async fn register_post(Form(reg): Form<RegisterForm>, state: Extension<Arc<State>>) -> impl IntoResponse { - if reg.password_confirm == reg.password { - let hash = match bcrypt::hash(reg.password, bcrypt::DEFAULT_COST) { - Ok(h) => h, - Err(e) => { - return Err(ServiceError::NotAuthorized); - } - }; - - let mut conn = state.conn.acquire().await?; - let ulid = ulid::Ulid::new(); - - query("INSERT INTO users (id, email, pref_name, pw_hash, last_login) VALUES ($1, $2, $3, $4, $5)").bind(ulid.to_string()).bind(reg.email.clone()).bind(reg.prefname).bind(hash).bind(Utc::now()) - .execute(&mut conn) - .await?; - - } - - Ok(Redirect::to("/dash/auth/login")) -} - -pub async fn logout_post(jar: PrivateCookieJar) -> Result<(PrivateCookieJar, Redirect), ServiceError> { - if let Some(id) = jar.get("user-id") { - debug!("Found user {}", id); - - let updated_jar = jar.remove(id); - - Ok((updated_jar, Redirect::to("/dash/auth/login"))) - } else { - Ok((jar, Redirect::to("/"))) - } -} - -#[instrument] -pub async fn get_user_or_403(jar: PrivateCookieJar, conn: &mut PoolConnection<Postgres>) -> Result<DbUser, ServiceError> { - debug!("Starting middleware get_user_or_403"); - debug!("Displaying all cookies"); - for c in jar.iter() { - debug!("{}={}", c.name(), c.value()); - } - if let Some(id) = jar.get("user-id") { - debug!("Found user {}", id); - - let user: DbUser = query_as("SELECT * FROM users WHERE id=$1").bind(id.value()) - .fetch_one(conn) - .await?; - - Ok(user) - - } else { - debug!("No user found"); - Err(ServiceError::NotAuthorized) - } -} |