Compare commits

...

2 Commits

Author SHA1 Message Date
efb2c485a5 feat: minimal user session management 2024-08-10 19:35:27 -05:00
19289e8b36 feat: minimal, naive login 2024-08-10 18:33:46 -05:00
6 changed files with 171 additions and 22 deletions

View File

@ -2,6 +2,13 @@
create table person(
person_id serial primary key,
person_email varchar(100),
person_password varchar(100)
person_email varchar(100) not null,
person_password varchar(100) not null
);
-- Sessions
create table session(
session_id serial primary key,
session_person_id integer not null,
session_created_at timestamp with time zone not null
);

View File

@ -1,8 +1,15 @@
use std::time::Duration;
use maud::Markup;
use rocket::{form::Form, http::Status, response::Redirect, tokio::time::sleep};
use rocket::{
form::Form,
http::{CookieJar, Status},
response::Redirect,
};
use session::new_session;
use utils::RS_SESSION_ID;
use crate::db;
mod session;
mod utils;
#[get("/")]
@ -11,8 +18,10 @@ pub fn homepage() -> Markup {
}
#[get("/new")]
pub fn new_definition(_user: utils::User) -> (Status, Markup) {
todo!()
pub fn new_definition(user: utils::Person) -> (Status, String) {
log::info!("reached /new");
(Status::Ok, format!("User: {}", user.person_id))
}
#[get("/new", rank = 2)]
@ -27,20 +36,46 @@ pub struct LoginData {
pub login_password: String,
}
#[get("/login")]
pub fn login_page() -> Markup {
crate::view::login::login()
}
#[post("/login", data = "<data>")]
pub async fn login(data: Form<LoginData>) -> (Status, String) {
pub async fn login(data: Form<LoginData>, cookies: &CookieJar<'_>) -> (Status, String) {
println!("begin request: {}", data.login_email);
let db = match db().await {
Ok(handle) => handle,
Err(reason) => return (Status::InternalServerError, reason),
};
let result = sqlx::query!(
"select * from person where person_email = $1 and person_password = $2",
&data.login_email,
&data.login_password,
)
.fetch_all(db)
.await;
// Simulate trip to db
sleep(Duration::new(5, 0)).await;
println!("end request: {}", data.login_password);
(Status::Ok, ":D".into())
let re = match result {
Ok(r) => r,
Err(reason) => return (Status::InternalServerError, format!("{:?}", reason)),
};
if re.len() == 1 {
// TODO: generate a session id and assign
let person = &re[0];
let session_id = match new_session(person.person_id).await {
Ok(s) => s,
Err(error) => return (Status::Unauthorized, error),
};
cookies.add_private((RS_SESSION_ID, session_id.to_string()));
(Status::Ok, "<div _='init go to url /new'></div>".into())
} else {
(Status::Unauthorized, "Correo o contraseña invalida".into())
}
}

64
src/controller/session.rs Normal file
View File

@ -0,0 +1,64 @@
use sqlx::types::chrono::Local;
use crate::db;
/// 30 minutes
const SESSION_LEN: i64 = 1000 * 60 * 30;
/// Checks that the session signaled by session_id
/// is valid, and returns its person_id
pub async fn check_session(session_id: i32) -> Result<i32, String> {
let db = match db().await {
Ok(handle) => handle,
Err(e) => return Err(e),
};
// TODO: return the user info on the same trip
let result = sqlx::query!("select * from session where session_id = $1", session_id,)
.fetch_one(db)
.await;
let result = match result {
Ok(r) => r,
Err(e) => return Err(format!("{:?}", e)),
};
let person_id = result.session_person_id;
let created_at = result.session_created_at.timestamp_millis();
let current_time = Local::now().to_utc().timestamp_millis();
let time_difference = current_time - created_at;
if time_difference < SESSION_LEN {
Ok(person_id)
} else {
// TODO: also remove all expired sessions
Err("Expired".into())
}
}
/// Creates a new session for the person_id. Deletes any
/// previous session.
pub async fn new_session(person_id: i32) -> Result<i32, String> {
let db = match db().await {
Ok(handle) => handle,
Err(e) => return Err(e),
};
let now = Local::now().to_utc();
let result = sqlx::query!(
"insert into session (session_person_id, session_created_at) values
($1, $2) returning session_id",
person_id,
now,
)
.fetch_one(db)
.await;
match result {
Ok(r) => Ok(r.session_id),
Err(reason) => return Err(format!("{:?}", reason)),
}
}

View File

@ -3,26 +3,61 @@ use rocket::{
request::{FromRequest, Outcome, Request},
};
/// Name of the header that stores the session ID of an user
const RS_SESSION_ID: &str = "x-rs-session-id";
use super::session::check_session;
pub struct User {}
/// Name of the header that stores the session ID of an user
pub const RS_SESSION_ID: &str = "x-rs-session-id";
pub struct Person {
pub person_id: i32,
}
#[rocket::async_trait]
impl<'r> FromRequest<'r> for User {
impl<'r> FromRequest<'r> for Person {
type Error = String;
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let session_cookie = req.cookies().get_private(RS_SESSION_ID);
let _session_cookie = match session_cookie {
let session_cookie = match session_cookie {
Some(cookie) => cookie.value().to_string(),
None => return Outcome::Forward(Status::Unauthorized),
None => {
// remove cookie
req.cookies().remove_private(RS_SESSION_ID);
return Outcome::Forward(Status::Unauthorized);
}
};
// Check if session cookie is valid
// TODO
// If the session cookie is not valid,
// remove it and forward to login
Outcome::Success(User {})
let session_id: i32 = match session_cookie.parse() {
Ok(v) => v,
Err(e) => {
// remove cookie
req.cookies().remove_private(RS_SESSION_ID);
log::error!(
"Error converting session_id to i32 ({}):\n{:?}",
session_cookie,
e
);
return Outcome::Error((
Status::Unauthorized,
"Invalid session id: not a number".into(),
));
}
};
match check_session(session_id).await {
Ok(person_id) => Outcome::Success(Person { person_id }),
Err(reason) => {
// remove cookie
req.cookies().remove_private(RS_SESSION_ID);
log::info!("session check fail: {}", reason);
Outcome::Forward(Status::Unauthorized)
}
}
}
}

View File

@ -8,12 +8,15 @@ pub fn login() -> Markup {
"Jerguero"
}
div class="flex items-center h-screen w-full" {
div class="container mx-auto" {
div class="container mx-auto" "hx-ext"="response-targets" {
p class="my-4 p-2 rounded bg-c-bg-2 text-c-on-bg" {
"¡Iniciá sesión para comenzar a crear definiciones!"
}
form class="my-4 py-4 px-2 rounded bg-c-bg-2 text-c-on-bg"
"hx-post"="/login"
"hx-swap"="innerHTML"
"hx-target"="#login-result"
"hx-target-error"="#login-result-error"
{
div class="py-2" {
label class="text-sm opacity-85" for="login-email" {"Correo electronico:"}
@ -49,7 +52,11 @@ pub fn login() -> Markup {
"Iniciar sesión"
}
}
div id="login-result" class="text-center pt-2" {}
div id="login-result-error" class="text-center pt-2 text-red-400" {}
}
}
}
})

View File

@ -24,6 +24,7 @@ pub fn skeleton(body: Markup) -> Markup {
// htmx
script src="https://unpkg.com/htmx.org@2.0.0" {}
script src="https://unpkg.com/htmx-ext-loading-states@2.0.0/loading-states.js" {}
script src="https://unpkg.com/htmx-ext-response-targets@2.0.0/response-targets.js" {}
// hyperscript
script src="https://unpkg.com/hyperscript.org@0.9.12" defer {}
}