Compare commits
2 Commits
b1feb86204
...
efb2c485a5
| Author | SHA1 | Date | |
|---|---|---|---|
| efb2c485a5 | |||
| 19289e8b36 |
@ -2,6 +2,13 @@
|
||||
|
||||
create table person(
|
||||
person_id serial primary key,
|
||||
person_email varchar(100),
|
||||
person_password varchar(100)
|
||||
person_email varchar(100) not null,
|
||||
person_password varchar(100) not null
|
||||
);
|
||||
|
||||
-- Sessions
|
||||
create table session(
|
||||
session_id serial primary key,
|
||||
session_person_id integer not null,
|
||||
session_created_at timestamp with time zone not null
|
||||
);
|
||||
|
||||
@ -1,8 +1,15 @@
|
||||
use std::time::Duration;
|
||||
|
||||
use maud::Markup;
|
||||
use rocket::{form::Form, http::Status, response::Redirect, tokio::time::sleep};
|
||||
use rocket::{
|
||||
form::Form,
|
||||
http::{CookieJar, Status},
|
||||
response::Redirect,
|
||||
};
|
||||
use session::new_session;
|
||||
use utils::RS_SESSION_ID;
|
||||
|
||||
use crate::db;
|
||||
|
||||
mod session;
|
||||
mod utils;
|
||||
|
||||
#[get("/")]
|
||||
@ -11,8 +18,10 @@ pub fn homepage() -> Markup {
|
||||
}
|
||||
|
||||
#[get("/new")]
|
||||
pub fn new_definition(_user: utils::User) -> (Status, Markup) {
|
||||
todo!()
|
||||
pub fn new_definition(user: utils::Person) -> (Status, String) {
|
||||
log::info!("reached /new");
|
||||
|
||||
(Status::Ok, format!("User: {}", user.person_id))
|
||||
}
|
||||
|
||||
#[get("/new", rank = 2)]
|
||||
@ -27,20 +36,46 @@ pub struct LoginData {
|
||||
pub login_password: String,
|
||||
}
|
||||
|
||||
|
||||
#[get("/login")]
|
||||
pub fn login_page() -> Markup {
|
||||
crate::view::login::login()
|
||||
}
|
||||
|
||||
#[post("/login", data = "<data>")]
|
||||
pub async fn login(data: Form<LoginData>) -> (Status, String) {
|
||||
pub async fn login(data: Form<LoginData>, cookies: &CookieJar<'_>) -> (Status, String) {
|
||||
println!("begin request: {}", data.login_email);
|
||||
|
||||
|
||||
let db = match db().await {
|
||||
Ok(handle) => handle,
|
||||
Err(reason) => return (Status::InternalServerError, reason),
|
||||
};
|
||||
|
||||
// Simulate trip to db
|
||||
sleep(Duration::new(5, 0)).await;
|
||||
println!("end request: {}", data.login_password);
|
||||
(Status::Ok, ":D".into())
|
||||
let result = sqlx::query!(
|
||||
"select * from person where person_email = $1 and person_password = $2",
|
||||
&data.login_email,
|
||||
&data.login_password,
|
||||
)
|
||||
.fetch_all(db)
|
||||
.await;
|
||||
|
||||
let re = match result {
|
||||
Ok(r) => r,
|
||||
Err(reason) => return (Status::InternalServerError, format!("{:?}", reason)),
|
||||
};
|
||||
|
||||
if re.len() == 1 {
|
||||
// TODO: generate a session id and assign
|
||||
let person = &re[0];
|
||||
|
||||
let session_id = match new_session(person.person_id).await {
|
||||
Ok(s) => s,
|
||||
Err(error) => return (Status::Unauthorized, error),
|
||||
};
|
||||
|
||||
cookies.add_private((RS_SESSION_ID, session_id.to_string()));
|
||||
|
||||
(Status::Ok, "<div _='init go to url /new'></div>".into())
|
||||
} else {
|
||||
(Status::Unauthorized, "Correo o contraseña invalida".into())
|
||||
}
|
||||
}
|
||||
|
||||
64
src/controller/session.rs
Normal file
64
src/controller/session.rs
Normal file
@ -0,0 +1,64 @@
|
||||
use sqlx::types::chrono::Local;
|
||||
|
||||
use crate::db;
|
||||
|
||||
/// 30 minutes
|
||||
const SESSION_LEN: i64 = 1000 * 60 * 30;
|
||||
|
||||
/// Checks that the session signaled by session_id
|
||||
/// is valid, and returns its person_id
|
||||
pub async fn check_session(session_id: i32) -> Result<i32, String> {
|
||||
let db = match db().await {
|
||||
Ok(handle) => handle,
|
||||
Err(e) => return Err(e),
|
||||
};
|
||||
|
||||
// TODO: return the user info on the same trip
|
||||
let result = sqlx::query!("select * from session where session_id = $1", session_id,)
|
||||
.fetch_one(db)
|
||||
.await;
|
||||
|
||||
let result = match result {
|
||||
Ok(r) => r,
|
||||
Err(e) => return Err(format!("{:?}", e)),
|
||||
};
|
||||
|
||||
let person_id = result.session_person_id;
|
||||
let created_at = result.session_created_at.timestamp_millis();
|
||||
let current_time = Local::now().to_utc().timestamp_millis();
|
||||
|
||||
let time_difference = current_time - created_at;
|
||||
|
||||
if time_difference < SESSION_LEN {
|
||||
Ok(person_id)
|
||||
} else {
|
||||
// TODO: also remove all expired sessions
|
||||
|
||||
Err("Expired".into())
|
||||
}
|
||||
}
|
||||
|
||||
/// Creates a new session for the person_id. Deletes any
|
||||
/// previous session.
|
||||
pub async fn new_session(person_id: i32) -> Result<i32, String> {
|
||||
let db = match db().await {
|
||||
Ok(handle) => handle,
|
||||
Err(e) => return Err(e),
|
||||
};
|
||||
|
||||
let now = Local::now().to_utc();
|
||||
|
||||
let result = sqlx::query!(
|
||||
"insert into session (session_person_id, session_created_at) values
|
||||
($1, $2) returning session_id",
|
||||
person_id,
|
||||
now,
|
||||
)
|
||||
.fetch_one(db)
|
||||
.await;
|
||||
|
||||
match result {
|
||||
Ok(r) => Ok(r.session_id),
|
||||
Err(reason) => return Err(format!("{:?}", reason)),
|
||||
}
|
||||
}
|
||||
@ -3,26 +3,61 @@ use rocket::{
|
||||
request::{FromRequest, Outcome, Request},
|
||||
};
|
||||
|
||||
/// Name of the header that stores the session ID of an user
|
||||
const RS_SESSION_ID: &str = "x-rs-session-id";
|
||||
use super::session::check_session;
|
||||
|
||||
pub struct User {}
|
||||
/// Name of the header that stores the session ID of an user
|
||||
pub const RS_SESSION_ID: &str = "x-rs-session-id";
|
||||
|
||||
pub struct Person {
|
||||
pub person_id: i32,
|
||||
}
|
||||
|
||||
#[rocket::async_trait]
|
||||
impl<'r> FromRequest<'r> for User {
|
||||
impl<'r> FromRequest<'r> for Person {
|
||||
type Error = String;
|
||||
|
||||
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
|
||||
let session_cookie = req.cookies().get_private(RS_SESSION_ID);
|
||||
|
||||
let _session_cookie = match session_cookie {
|
||||
let session_cookie = match session_cookie {
|
||||
Some(cookie) => cookie.value().to_string(),
|
||||
None => return Outcome::Forward(Status::Unauthorized),
|
||||
None => {
|
||||
// remove cookie
|
||||
req.cookies().remove_private(RS_SESSION_ID);
|
||||
return Outcome::Forward(Status::Unauthorized);
|
||||
}
|
||||
};
|
||||
|
||||
// Check if session cookie is valid
|
||||
// TODO
|
||||
// If the session cookie is not valid,
|
||||
// remove it and forward to login
|
||||
|
||||
Outcome::Success(User {})
|
||||
let session_id: i32 = match session_cookie.parse() {
|
||||
Ok(v) => v,
|
||||
Err(e) => {
|
||||
// remove cookie
|
||||
req.cookies().remove_private(RS_SESSION_ID);
|
||||
log::error!(
|
||||
"Error converting session_id to i32 ({}):\n{:?}",
|
||||
session_cookie,
|
||||
e
|
||||
);
|
||||
return Outcome::Error((
|
||||
Status::Unauthorized,
|
||||
"Invalid session id: not a number".into(),
|
||||
));
|
||||
}
|
||||
};
|
||||
|
||||
match check_session(session_id).await {
|
||||
Ok(person_id) => Outcome::Success(Person { person_id }),
|
||||
Err(reason) => {
|
||||
// remove cookie
|
||||
req.cookies().remove_private(RS_SESSION_ID);
|
||||
log::info!("session check fail: {}", reason);
|
||||
Outcome::Forward(Status::Unauthorized)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,12 +8,15 @@ pub fn login() -> Markup {
|
||||
"Jerguero"
|
||||
}
|
||||
div class="flex items-center h-screen w-full" {
|
||||
div class="container mx-auto" {
|
||||
div class="container mx-auto" "hx-ext"="response-targets" {
|
||||
p class="my-4 p-2 rounded bg-c-bg-2 text-c-on-bg" {
|
||||
"¡Iniciá sesión para comenzar a crear definiciones!"
|
||||
}
|
||||
form class="my-4 py-4 px-2 rounded bg-c-bg-2 text-c-on-bg"
|
||||
"hx-post"="/login"
|
||||
"hx-swap"="innerHTML"
|
||||
"hx-target"="#login-result"
|
||||
"hx-target-error"="#login-result-error"
|
||||
{
|
||||
div class="py-2" {
|
||||
label class="text-sm opacity-85" for="login-email" {"Correo electronico:"}
|
||||
@ -49,7 +52,11 @@ pub fn login() -> Markup {
|
||||
"Iniciar sesión"
|
||||
}
|
||||
}
|
||||
|
||||
div id="login-result" class="text-center pt-2" {}
|
||||
div id="login-result-error" class="text-center pt-2 text-red-400" {}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
@ -24,6 +24,7 @@ pub fn skeleton(body: Markup) -> Markup {
|
||||
// htmx
|
||||
script src="https://unpkg.com/htmx.org@2.0.0" {}
|
||||
script src="https://unpkg.com/htmx-ext-loading-states@2.0.0/loading-states.js" {}
|
||||
script src="https://unpkg.com/htmx-ext-response-targets@2.0.0/response-targets.js" {}
|
||||
// hyperscript
|
||||
script src="https://unpkg.com/hyperscript.org@0.9.12" defer {}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user