From b98646d8501689072f5624483d258adcbf6fc5c5 Mon Sep 17 00:00:00 2001
From: Cara Salter <cara@devcara.com>
Date: Wed, 20 Jul 2022 08:32:05 -0400
Subject: auth: Set path to root for cookies

---
 Cargo.lock           | 2 ++
 Cargo.toml           | 2 +-
 src/handlers/auth.rs | 4 +++-
 src/main.rs          | 6 +++---
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index dfe189f..6be56e3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -430,8 +430,10 @@ checksum = "94d4706de1b0fa5b132270cddffa8585166037822e260a944fe161acd137ca05"
 dependencies = [
  "aes-gcm",
  "base64",
+ "hmac 0.12.1",
  "percent-encoding",
  "rand",
+ "sha2 0.10.2",
  "subtle",
  "time 0.3.11",
  "version_check",
diff --git a/Cargo.toml b/Cargo.toml
index 9c656f6..b055fd1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ build = "src/build.rs"
 
 [dependencies]
 axum = { version = "0.5.13", features = ["json", "tower-log"] }
-axum-extra = { version = "0.3.6", features = ["spa", "cookie", "cookie-private"] }
+axum-extra = { version = "0.3.6", features = ["spa", "cookie", "cookie-private", "cookie-signed"] }
 color-eyre = "0.6.2"
 hyper = { version = "0.14.20", features = ["full"] }
 serde = { version = "1.0.139", features = ["derive"] }
diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs
index 7e2642c..c00fb8d 100644
--- a/src/handlers/auth.rs
+++ b/src/handlers/auth.rs
@@ -43,7 +43,9 @@ pub async fn login_post(Form(login): Form<LoginForm>, state: Extension<Arc<State
             .execute(&mut conn)
             .await?;
 
-        let updated_jar = jar.add(Cookie::new("user-id", user.id.clone()));
+        let updated_jar = jar.add(Cookie::build("user-id", user.id.clone())
+                                  .path("/")
+                                  .finish());
 
         Ok((updated_jar, Redirect::to("/")))
     } else {
diff --git a/src/main.rs b/src/main.rs
index acc9f9f..ab03fb3 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -9,14 +9,14 @@ use axum::body;
 use axum::extract::Path;
 use axum::{error_handling::HandleErrorLayer, routing::get, BoxError, Extension, Router};
 use axum::response::{Html, IntoResponse, Response};
-use axum_extra::extract::PrivateCookieJar;
+use axum_extra::extract::{PrivateCookieJar, SignedCookieJar};
 use axum_extra::extract::cookie::Key;
 use errors::{StringResult, HtmlResult};
 use hyper::StatusCode;
 use sqlx::{PgPool, postgres::PgPoolOptions};
 use tower::ServiceBuilder;
 use tower_http::trace::TraceLayer;
-use tracing::{error, info, debug};
+use tracing::{error, info, debug, trace};
 use crate::errors::ServiceError;
 use tracing_subscriber::prelude::*;
 use crate::models::DbUser;
@@ -117,7 +117,7 @@ async fn index(state: Extension<Arc<State>>, jar: PrivateCookieJar) -> HtmlResul
 
 async fn statics(Path(name): Path<String>) -> Result<Response, ServiceError> {
     for s in templates::statics::STATICS {
-        debug!("Name: {}\nContents:\n{:?}\n\n", s.name, s.content);
+        trace!("Name: {}\nContents:\n{:?}\n\n", s.name, s.content);
     }
 
     match templates::statics::StaticFile::get(&name) {
-- 
cgit v1.2.3