diff options
author | Joris | 2023-08-12 20:05:09 +0200 |
---|---|---|
committer | Joris | 2023-08-12 20:05:09 +0200 |
commit | 8c689db1c8fa06ddb9119e626e7b1149f3493905 (patch) | |
tree | cb4029776162387a03a7a131ceee3628ed1ba4ef /src/controller/login.rs | |
parent | 459016e70dd4933a8082d27748097de81a3e53ff (diff) | |
download | budget-8c689db1c8fa06ddb9119e626e7b1149f3493905.tar.gz budget-8c689db1c8fa06ddb9119e626e7b1149f3493905.tar.bz2 budget-8c689db1c8fa06ddb9119e626e7b1149f3493905.zip |
Sign cookie with secret key
Diffstat (limited to 'src/controller/login.rs')
-rw-r--r-- | src/controller/login.rs | 77 |
1 files changed, 55 insertions, 22 deletions
diff --git a/src/controller/login.rs b/src/controller/login.rs index 09a2786..9757c25 100644 --- a/src/controller/login.rs +++ b/src/controller/login.rs @@ -1,21 +1,24 @@ use bcrypt; +use hyper::header::SET_COOKIE; use hyper::{Body, Response}; use sqlx::sqlite::SqlitePool; use std::collections::HashMap; use tera::{Context, Tera}; use uuid::Uuid; +use crate::controller::utils::with_headers; use crate::controller::wallet::Wallet; use crate::controller::{error, utils}; use crate::db; use crate::model::config::Config; use crate::model::user::User; +use crate::utils::cookie; use crate::validation; pub async fn page( assets: &HashMap<String, String>, templates: &Tera, - error: Option<String>, + error: Option<&str>, ) -> Response<Body> { let connected_user: Option<User> = None; @@ -26,28 +29,23 @@ pub async fn page( utils::template(assets, templates, "login.html", context) } +// TODO rewrite pub async fn login( - config: Config, + config: &Config, assets: &HashMap<String, String>, templates: &Tera, form: HashMap<String, String>, pool: SqlitePool, ) -> Response<Body> { - let not_authorized = page( - assets, - templates, - Some("Vous n’êtes pas autorisé à vous connecter.".to_string()), - ) - .await; - let server_error = - page(assets, templates, Some("Erreur serveur.".to_string())).await; match validation::login::login(&form) { Some(login) => { match db::users::get_password_hash(&pool, login.email.clone()).await { Some(hash) => match bcrypt::verify(login.password, &hash) { Ok(true) => { + // TODO generate truly random instead of uuid let login_token = Uuid::new_v4(); + if db::users::set_login_token( &pool, login.email, @@ -55,31 +53,66 @@ pub async fn login( ) .await { - utils::with_login_cookie( - config, - login_token, - utils::redirect("/"), - ) + match cookie::login(config, login_token) { + Ok(str) => with_headers( + utils::redirect("/"), + vec![(SET_COOKIE, &str)], + ), + Err(msg) => { + server_error( + assets, + templates, + &format!( + "Error generating cookie: {msg}" + ), + ) + .await + } + } } else { - server_error + server_error(assets, templates, "Erreur server") + .await } } - Ok(false) => not_authorized, + Ok(false) => not_authorized(assets, templates).await, Err(err) => { error!("Error verifying bcrypt password: {:?}", err); - server_error + server_error(assets, templates, "Erreur serveur").await } }, - None => not_authorized, + None => not_authorized(assets, templates).await, } } - None => not_authorized, + None => not_authorized(assets, templates).await, } } -pub async fn logout(config: Config, wallet: &Wallet) -> Response<Body> { +async fn server_error( + assets: &HashMap<String, String>, + templates: &Tera, + msg: &str, +) -> Response<Body> { + page(assets, templates, Some(msg)).await +} + +async fn not_authorized( + assets: &HashMap<String, String>, + templates: &Tera, +) -> Response<Body> { + page( + assets, + templates, + Some("Vous n’êtes pas autorisé à vous connecter."), + ) + .await +} + +pub async fn logout(config: &Config, wallet: &Wallet) -> Response<Body> { if db::users::remove_login_token(&wallet.pool, wallet.user.id).await { - utils::with_logout_cookie(config, utils::redirect("/")) + with_headers( + utils::redirect("/"), + vec![(SET_COOKIE, &cookie::logout(config))], + ) } else { error::error(wallet, "Erreur serveur", "Erreur serveur") } |