From f42bf29ba97fc808433ae4217fd6b00469a12fae Mon Sep 17 00:00:00 2001
From: Cara Salter <cara@devcara.com>
Date: Wed, 20 Jul 2022 07:59:44 -0400
Subject: Cookies

---
 src/handlers/auth.rs | 34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

(limited to 'src/handlers/auth.rs')

diff --git a/src/handlers/auth.rs b/src/handlers/auth.rs
index c4672aa..7e2642c 100644
--- a/src/handlers/auth.rs
+++ b/src/handlers/auth.rs
@@ -3,8 +3,8 @@ use std::sync::Arc;
 use axum::{response::{IntoResponse, Html, Redirect}, Form, Extension};
 use axum_extra::extract::{PrivateCookieJar, cookie::Cookie};
 use serde::Deserialize;
-use sqlx::{query, query_as};
-use tracing::debug;
+use sqlx::{query, query_as, pool::PoolConnection, Postgres};
+use tracing::{debug, instrument};
 use crate::{errors::ServiceError, State, models::DbUser};
 use chrono::prelude::*;
 
@@ -39,15 +39,17 @@ pub async fn login_post(Form(login): Form<LoginForm>, state: Extension<Arc<State
 
     if bcrypt::verify(login.password, &user.pw_hash)? {
         debug!("Logged in ID {} (email {})", user.id, user.email);
-        query("UPDATE users SET last_login=$1 WHERE id=$2").bind(Utc::now()).bind(user.id)
+        query("UPDATE users SET last_login=$1 WHERE id=$2").bind(Utc::now()).bind(user.id.clone())
             .execute(&mut conn)
             .await?;
 
         let updated_jar = jar.add(Cookie::new("user-id", user.id.clone()));
-    } else {
 
+        Ok((updated_jar, Redirect::to("/")))
+    } else {
+        let updated_jar = jar;
+        Ok((updated_jar, Redirect::to("/dash/auth/login")))
     }
-    Ok((updated_jar, Redirect::to("/")))
 }
 
 pub async fn register() -> impl IntoResponse {
@@ -77,3 +79,25 @@ pub async fn register_post(Form(reg): Form<RegisterForm>, state: Extension<Arc<S
 
     Ok(Redirect::to("/dash/auth/login"))
 }
+
+#[instrument]
+pub async fn get_user_or_403(jar: PrivateCookieJar, conn: &mut PoolConnection<Postgres>) -> Result<DbUser, ServiceError> {
+    debug!("Starting middleware get_user_or_403");
+    debug!("Displaying all cookies");
+    for c in jar.iter() {
+        debug!("{}={}", c.name(), c.value());
+    }
+    if let Some(id) = jar.get("user-id") {
+        debug!("Found user {}", id);
+
+        let user: DbUser = query_as("SELECT * FROM users WHERE id=$1").bind(id.value())
+            .fetch_one(conn)
+            .await?;
+
+        Ok(user)
+
+    } else {
+        debug!("No user found");
+        Err(ServiceError::NotAuthorized)
+    }
+}
-- 
cgit v1.2.3