aboutsummaryrefslogtreecommitdiff
path: root/src/controller
diff options
context:
space:
mode:
Diffstat (limited to 'src/controller')
-rw-r--r--src/controller/error.rs6
-rw-r--r--src/controller/login.rs77
-rw-r--r--src/controller/payments.rs5
-rw-r--r--src/controller/utils.rs80
4 files changed, 80 insertions, 88 deletions
diff --git a/src/controller/error.rs b/src/controller/error.rs
index 8dad16b..2a84255 100644
--- a/src/controller/error.rs
+++ b/src/controller/error.rs
@@ -6,13 +6,13 @@ use tera::{Context, Tera};
use crate::controller::utils;
use crate::controller::wallet::Wallet;
+// TODO error code
pub fn error(wallet: &Wallet, title: &str, message: &str) -> Response<Body> {
- utils::with_header(
+ utils::with_headers(
Response::new(
template(&wallet.assets, &wallet.templates, title, message).into(),
),
- CACHE_CONTROL,
- "no-cache",
+ vec![(CACHE_CONTROL, "no-cache")],
)
}
diff --git a/src/controller/login.rs b/src/controller/login.rs
index 09a2786..9757c25 100644
--- a/src/controller/login.rs
+++ b/src/controller/login.rs
@@ -1,21 +1,24 @@
use bcrypt;
+use hyper::header::SET_COOKIE;
use hyper::{Body, Response};
use sqlx::sqlite::SqlitePool;
use std::collections::HashMap;
use tera::{Context, Tera};
use uuid::Uuid;
+use crate::controller::utils::with_headers;
use crate::controller::wallet::Wallet;
use crate::controller::{error, utils};
use crate::db;
use crate::model::config::Config;
use crate::model::user::User;
+use crate::utils::cookie;
use crate::validation;
pub async fn page(
assets: &HashMap<String, String>,
templates: &Tera,
- error: Option<String>,
+ error: Option<&str>,
) -> Response<Body> {
let connected_user: Option<User> = None;
@@ -26,28 +29,23 @@ pub async fn page(
utils::template(assets, templates, "login.html", context)
}
+// TODO rewrite
pub async fn login(
- config: Config,
+ config: &Config,
assets: &HashMap<String, String>,
templates: &Tera,
form: HashMap<String, String>,
pool: SqlitePool,
) -> Response<Body> {
- let not_authorized = page(
- assets,
- templates,
- Some("Vous n’êtes pas autorisé à vous connecter.".to_string()),
- )
- .await;
- let server_error =
- page(assets, templates, Some("Erreur serveur.".to_string())).await;
match validation::login::login(&form) {
Some(login) => {
match db::users::get_password_hash(&pool, login.email.clone()).await
{
Some(hash) => match bcrypt::verify(login.password, &hash) {
Ok(true) => {
+ // TODO generate truly random instead of uuid
let login_token = Uuid::new_v4();
+
if db::users::set_login_token(
&pool,
login.email,
@@ -55,31 +53,66 @@ pub async fn login(
)
.await
{
- utils::with_login_cookie(
- config,
- login_token,
- utils::redirect("/"),
- )
+ match cookie::login(config, login_token) {
+ Ok(str) => with_headers(
+ utils::redirect("/"),
+ vec![(SET_COOKIE, &str)],
+ ),
+ Err(msg) => {
+ server_error(
+ assets,
+ templates,
+ &format!(
+ "Error generating cookie: {msg}"
+ ),
+ )
+ .await
+ }
+ }
} else {
- server_error
+ server_error(assets, templates, "Erreur server")
+ .await
}
}
- Ok(false) => not_authorized,
+ Ok(false) => not_authorized(assets, templates).await,
Err(err) => {
error!("Error verifying bcrypt password: {:?}", err);
- server_error
+ server_error(assets, templates, "Erreur serveur").await
}
},
- None => not_authorized,
+ None => not_authorized(assets, templates).await,
}
}
- None => not_authorized,
+ None => not_authorized(assets, templates).await,
}
}
-pub async fn logout(config: Config, wallet: &Wallet) -> Response<Body> {
+async fn server_error(
+ assets: &HashMap<String, String>,
+ templates: &Tera,
+ msg: &str,
+) -> Response<Body> {
+ page(assets, templates, Some(msg)).await
+}
+
+async fn not_authorized(
+ assets: &HashMap<String, String>,
+ templates: &Tera,
+) -> Response<Body> {
+ page(
+ assets,
+ templates,
+ Some("Vous n’êtes pas autorisé à vous connecter."),
+ )
+ .await
+}
+
+pub async fn logout(config: &Config, wallet: &Wallet) -> Response<Body> {
if db::users::remove_login_token(&wallet.pool, wallet.user.id).await {
- utils::with_logout_cookie(config, utils::redirect("/"))
+ with_headers(
+ utils::redirect("/"),
+ vec![(SET_COOKIE, &cookie::logout(config))],
+ )
} else {
error::error(wallet, "Erreur serveur", "Erreur serveur")
}
diff --git a/src/controller/payments.rs b/src/controller/payments.rs
index 42d3e3c..2663fa7 100644
--- a/src/controller/payments.rs
+++ b/src/controller/payments.rs
@@ -232,10 +232,9 @@ pub async fn search_category(
) -> Response<Body> {
match db::payments::search_category(&wallet.pool, query.payment_name).await
{
- Some(category_id) => utils::with_header(
+ Some(category_id) => utils::with_headers(
Response::new(format!("{}", category_id).into()),
- CONTENT_TYPE,
- "application/json",
+ vec![(CONTENT_TYPE, "application/json")],
),
None => utils::not_found(),
}
diff --git a/src/controller/utils.rs b/src/controller/utils.rs
index 26db765..fb1d9ad 100644
--- a/src/controller/utils.rs
+++ b/src/controller/utils.rs
@@ -1,23 +1,13 @@
use hyper::header::{
- HeaderName, HeaderValue, CACHE_CONTROL, CONTENT_TYPE, LOCATION, SET_COOKIE,
+ HeaderName, HeaderValue, CACHE_CONTROL, CONTENT_TYPE, LOCATION,
};
use hyper::{Body, Response, StatusCode};
use std::collections::HashMap;
use tera::{Context, Tera};
use tokio::fs::File;
use tokio_util::codec::{BytesCodec, FramedRead};
-use uuid::Uuid;
use crate::controller::error;
-use crate::model::config::Config;
-
-pub fn with_header(
- response: Response<Body>,
- name: HeaderName,
- value: &str,
-) -> Response<Body> {
- with_headers(response, vec![(name, value)])
-}
pub fn with_headers(
response: Response<Body>,
@@ -31,40 +21,6 @@ pub fn with_headers(
response
}
-pub fn with_login_cookie(
- config: Config,
- login_token: Uuid,
- response: Response<Body>,
-) -> Response<Body> {
- let cookie = format!(
- "TOKEN={}; SameSite=Strict; HttpOnly; Max-Age=86400{}",
- login_token,
- if config.secure_cookies {
- "; Secure"
- } else {
- ""
- }
- );
-
- with_header(response, SET_COOKIE, &cookie)
-}
-
-pub fn with_logout_cookie(
- config: Config,
- response: Response<Body>,
-) -> Response<Body> {
- let cookie = format!(
- "TOKEN=; SameSite=Strict; HttpOnly; Max-Age=0{}",
- if config.secure_cookies {
- "; Secure"
- } else {
- ""
- }
- );
-
- with_header(response, SET_COOKIE, &cookie)
-}
-
pub fn template(
assets: &HashMap<String, String>,
templates: &Tera,
@@ -74,24 +30,28 @@ pub fn template(
let mut context = context;
context.insert("assets", assets);
- let response = match templates.render(path, &context) {
- Ok(template) => Response::new(template.into()),
- Err(err) => Response::new(
- error::template(
- assets,
- templates,
- "Erreur serveur",
- &format!(
- "Erreur lors de la préparation de la page : {:?}",
- err
- ),
- )
- .into(),
+ match templates.render(path, &context) {
+ Ok(template) => with_headers(
+ Response::new(template.into()),
+ vec![(CONTENT_TYPE, "text/html"), (CACHE_CONTROL, "no-cache")],
),
- };
+ Err(err) => server_error(
+ assets,
+ templates,
+ &format!("Erreur lors de la préparation de la page : {:?}", err),
+ ),
+ }
+}
+fn server_error(
+ assets: &HashMap<String, String>,
+ templates: &Tera,
+ msg: &str,
+) -> Response<Body> {
with_headers(
- response,
+ Response::new(
+ error::template(assets, templates, "Erreur serveur", msg).into(),
+ ),
vec![(CONTENT_TYPE, "text/html"), (CACHE_CONTROL, "no-cache")],
)
}