rowt/src/tera/mod.rs

use rocket::{
    catch, catchers,
    fairing::AdHoc,
    form::Form,
    fs::FileServer,
    get,
    http::Cookie,
    post,
    request::FlashMessage,
    response::{Flash, Redirect},
    routes,
    time::{Duration, OffsetDateTime},
    Build, FromForm, Request, Rocket, State,
};
use rocket_dyn_templates::Template;
use serde::Deserialize;
use sqlx::SqlitePool;
use tera::Context;

use crate::model::user::{User, UserWithRoles};

pub(crate) mod admin;
mod auth;
mod boatdamage;
mod cox;
mod ergo;
mod log;
mod misc;
mod planned;
mod stat;

#[derive(FromForm, Debug)]
struct LoginForm<'r> {
    name: &'r str,
    password: &'r str,
}

#[get("/")]
async fn index(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage<'_>>) -> Template {
    let mut context = Context::new();
    if let Some(msg) = flash {
        context.insert("flash", &msg.into_inner());
    }

    context.insert("loggedin_user", &UserWithRoles::from_user(user, db).await);
    Template::render("index", context.into_json())
}

#[post("/", data = "<login>")]
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
    match User::login(db, login.name, login.password).await {
        Ok(_) => "SUCC".into(),
        Err(_) => "FAIL".into(),
    }
}

#[catch(401)] //Unauthorized
fn unauthorized_error(req: &Request) -> Redirect {
    // Save the URL the user tried to access, to be able to go there once logged in
    let mut redirect_cookie = Cookie::new("redirect_url", format!("{}", req.uri()));
    println!("{}", req.uri());
    redirect_cookie.set_expires(OffsetDateTime::now_utc() + Duration::hours(1));
    req.cookies().add_private(redirect_cookie);

    Redirect::to("/auth")
}

#[catch(403)] //forbidden
fn forbidden_error() -> Flash<Redirect> {
    Flash::error(Redirect::to("/"), "Keine Berechtigung für diese Aktion. Wenn du der Meinung bist, dass du das machen darfst, melde dich bitte bei it@rudernlinz.at.")
}

#[derive(Deserialize)]
#[serde(crate = "rocket::serde")]
pub struct Config {
    rss_key: String,
    smtp_pw: String,
}

pub fn config(rocket: Rocket<Build>) -> Rocket<Build> {
    rocket
        .mount("/", routes![index])
        .mount("/auth", auth::routes())
        .mount("/wikiauth", routes![wikiauth])
        .mount("/log", log::routes())
        .mount("/planned", planned::routes())
        .mount("/ergo", ergo::routes())
        .mount("/stat", stat::routes())
        .mount("/boatdamage", boatdamage::routes())
        .mount("/cox", cox::routes())
        .mount("/admin", admin::routes())
        .mount("/", misc::routes())
        .mount("/public", FileServer::from("static/"))
        .register("/", catchers![unauthorized_error, forbidden_error])
        .attach(Template::fairing())
        .attach(AdHoc::config::<Config>())
}

#[cfg(test)]
mod test {
    use rocket::{
        http::{ContentType, Status},
        local::asynchronous::Client,
    };
    use sqlx::SqlitePool;

    use crate::testdb;

    #[sqlx::test]
    fn test_index() {
        let db = testdb!();

        let rocket = rocket::build().manage(db.clone());
        let rocket = crate::tera::config(rocket);

        let client = Client::tracked(rocket).await.unwrap();
        let login = client
            .post("/auth")
            .header(ContentType::Form) // Set the content type to form
            .body("name=cox&password=cox"); // Add the form data to the request body;
        login.dispatch().await;

        let req = client.get("/");
        let response = req.dispatch().await;

        assert_eq!(response.status(), Status::Ok);

        assert!(response
            .into_string()
            .await
            .unwrap()
            .contains("Ruderassistent"));
    }

    #[sqlx::test]
    fn test_without_login() {
        let db = testdb!();

        let rocket = rocket::build().manage(db.clone());
        let rocket = crate::tera::config(rocket);

        let client = Client::tracked(rocket).await.unwrap();

        let req = client.get("/");
        let response = req.dispatch().await;

        assert_eq!(response.status(), Status::SeeOther);
        assert_eq!(response.headers().get("Location").next(), Some("/auth"));
    }

    #[sqlx::test]
    fn test_public() {
        let db = testdb!();

        let rocket = rocket::build().manage(db.clone());
        let rocket = crate::tera::config(rocket);

        let client = Client::tracked(rocket).await.unwrap();

        let req = client.get("/public/main.css");
        let response = req.dispatch().await;
        assert_eq!(response.status(), Status::Ok);

        let req = client.get("/public/main.js");
        let response = req.dispatch().await;
        assert_eq!(response.status(), Status::Ok);
    }
}
push 2023-04-04 15:16:21 +02:00			`use rocket::{`
add fileserver 2023-04-05 19:24:02 +02:00			`catch, catchers,`
move rss key to config file 2023-05-30 14:12:08 +02:00			`fairing::AdHoc,`
test wiki auth 2023-10-24 12:36:14 +02:00			`form::Form,`
add fileserver 2023-04-05 19:24:02 +02:00			`fs::FileServer,`
clean code; if logged out: save url where user tried to go to, go there once logged in, Fixes #179 2024-01-22 22:08:05 +01:00			`get,`
			`http::Cookie,`
			`post,`
push 2023-04-04 15:16:21 +02:00			`request::FlashMessage,`
			`response::{Flash, Redirect},`
clean code; if logged out: save url where user tried to go to, go there once logged in, Fixes #179 2024-01-22 22:08:05 +01:00			`routes,`
			`time::{Duration, OffsetDateTime},`
			`Build, FromForm, Request, Rocket, State,`
push 2023-04-04 15:16:21 +02:00			`};`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`use rocket_dyn_templates::Template;`
move rss key to config file 2023-05-30 14:12:08 +02:00			`use serde::Deserialize;`
start working on auth 2023-04-03 16:11:26 +02:00			`use sqlx::SqlitePool;`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`use tera::Context;`
start working on auth 2023-04-03 16:11:26 +02:00
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`use crate::model::user::{User, UserWithRoles};`
add tests; add authentication cookie 2023-04-03 22:03:45 +02:00
add ergo tool 2023-11-02 12:15:10 +01:00			`pub(crate) mod admin;`
start working on auth 2023-04-03 16:11:26 +02:00			`mod auth;`
add boatdamages functionality 2023-08-02 14:29:19 +02:00			`mod boatdamage;`
push 2023-04-04 15:16:21 +02:00			`mod cox;`
add ergo tool 2023-11-02 12:15:10 +01:00			`mod ergo;`
add first draft of logbook 2023-07-23 12:17:57 +02:00			`mod log;`
restructre 2023-05-24 15:36:38 +02:00			`mod misc;`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`mod planned;`
add stats 2023-07-24 20:56:46 +02:00			`mod stat;`
add user table 2023-03-26 14:40:56 +02:00
debug 2023-10-24 13:14:26 +02:00			`#[derive(FromForm, Debug)]`
test wiki auth 2023-10-24 12:36:14 +02:00			`struct LoginForm<'r> {`
			`name: &'r str,`
			`password: &'r str,`
			`}`

cox always see full year 2023-04-04 15:42:26 +02:00			`#[get("/")]`
			`async fn index(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage<'_>>) -> Template {`
send triptype to frontend 2023-04-28 21:19:51 +02:00			`let mut context = Context::new();`
push 2023-04-04 15:16:21 +02:00			`if let Some(msg) = flash {`
			`context.insert("flash", &msg.into_inner());`
			`}`
add qr code for payment 2024-01-19 10:10:23 +01:00
in preparation to moving userdata into app, we switched to arbitrary groups 2023-12-23 21:27:52 +01:00			`context.insert("loggedin_user", &UserWithRoles::from_user(user, db).await);`
push 2023-04-04 15:16:21 +02:00			`Template::render("index", context.into_json())`
			`}`

limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`#[post("/", data = "<login>")]`
			`async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {`
			`match User::login(db, login.name, login.password).await {`
			`Ok(_) => "SUCC".into(),`
			`Err(_) => "FAIL".into(),`
implement is_locked for trip_details 2023-08-09 11:54:18 +02:00			`}`
add user table 2023-03-26 14:40:56 +02:00			`}`

limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`#[catch(401)] //Unauthorized`
clean code; if logged out: save url where user tried to go to, go there once logged in, Fixes #179 2024-01-22 22:08:05 +01:00			`fn unauthorized_error(req: &Request) -> Redirect {`
			`// Save the URL the user tried to access, to be able to go there once logged in`
			`let mut redirect_cookie = Cookie::new("redirect_url", format!("{}", req.uri()));`
			`println!("{}", req.uri());`
			`redirect_cookie.set_expires(OffsetDateTime::now_utc() + Duration::hours(1));`
			`req.cookies().add_private(redirect_cookie);`

add tests; add authentication cookie 2023-04-03 22:03:45 +02:00			`Redirect::to("/auth")`
			`}`

limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`#[catch(403)] //forbidden`
			`fn forbidden_error() -> Flash<Redirect> {`
			`Flash::error(Redirect::to("/"), "Keine Berechtigung für diese Aktion. Wenn du der Meinung bist, dass du das machen darfst, melde dich bitte bei it@rudernlinz.at.")`
			`}`

move rss key to config file 2023-05-30 14:12:08 +02:00			`#[derive(Deserialize)]`
			`#[serde(crate = "rocket::serde")]`
			`pub struct Config {`
			`rss_key: String,`
add mail 2024-01-01 15:50:06 +01:00			`smtp_pw: String,`
move rss key to config file 2023-05-30 14:12:08 +02:00			`}`

segrete rest from tera 2023-07-16 18:33:17 +02:00			`pub fn config(rocket: Rocket<Build>) -> Rocket<Build> {`
			`rocket`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`.mount("/", routes![index])`
start working on auth 2023-04-03 16:11:26 +02:00			`.mount("/auth", auth::routes())`
test wiki auth 2023-10-24 12:36:14 +02:00			`.mount("/wikiauth", routes![wikiauth])`
add first draft of logbook 2023-07-23 12:17:57 +02:00			`.mount("/log", log::routes())`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`.mount("/planned", planned::routes())`
add ergo tool 2023-11-02 12:15:10 +01:00			`.mount("/ergo", ergo::routes())`
add stats 2023-07-24 20:56:46 +02:00			`.mount("/stat", stat::routes())`
add boatdamages functionality 2023-08-02 14:29:19 +02:00			`.mount("/boatdamage", boatdamage::routes())`
push 2023-04-04 15:16:21 +02:00			`.mount("/cox", cox::routes())`
finish admin tasks 2023-04-04 10:44:14 +02:00			`.mount("/admin", admin::routes())`
restructre 2023-05-24 15:36:38 +02:00			`.mount("/", misc::routes())`
fix ci 2023-04-10 15:15:16 +02:00			`.mount("/public", FileServer::from("static/"))`
limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`.register("/", catchers![unauthorized_error, forbidden_error])`
push 2023-03-26 16:58:45 +02:00			`.attach(Template::fairing())`
move rss key to config file 2023-05-30 14:12:08 +02:00			`.attach(AdHoc::config::<Config>())`
add user table 2023-03-26 14:40:56 +02:00			`}`

add tests 2023-07-22 12:24:29 +02:00			`#[cfg(test)]`
			`mod test {`
			`use rocket::{`
			`http::{ContentType, Status},`
			`local::asynchronous::Client,`
			`};`
			`use sqlx::SqlitePool;`

			`use crate::testdb;`

			`#[sqlx::test]`
			`fn test_index() {`
			`let db = testdb!();`

			`let rocket = rocket::build().manage(db.clone());`
			`let rocket = crate::tera::config(rocket);`

			`let client = Client::tracked(rocket).await.unwrap();`
			`let login = client`
			`.post("/auth")`
			`.header(ContentType::Form) // Set the content type to form`
			`.body("name=cox&password=cox"); // Add the form data to the request body;`
			`login.dispatch().await;`

			`let req = client.get("/");`
			`let response = req.dispatch().await;`

			`assert_eq!(response.status(), Status::Ok);`

limit users to proper role, Fixes #135 2024-01-10 14:08:15 +01:00			`assert!(response`
			`.into_string()`
			`.await`
			`.unwrap()`
			`.contains("Ruderassistent"));`
add tests 2023-07-22 12:24:29 +02:00			`}`

			`#[sqlx::test]`
			`fn test_without_login() {`
			`let db = testdb!();`

			`let rocket = rocket::build().manage(db.clone());`
			`let rocket = crate::tera::config(rocket);`

			`let client = Client::tracked(rocket).await.unwrap();`

			`let req = client.get("/");`
			`let response = req.dispatch().await;`

			`assert_eq!(response.status(), Status::SeeOther);`
			`assert_eq!(response.headers().get("Location").next(), Some("/auth"));`
			`}`

create tests for /public Closes #25 2023-07-31 21:07:01 +02:00			`#[sqlx::test]`
			`fn test_public() {`
			`let db = testdb!();`

			`let rocket = rocket::build().manage(db.clone());`
			`let rocket = crate::tera::config(rocket);`

			`let client = Client::tracked(rocket).await.unwrap();`

			`let req = client.get("/public/main.css");`
			`let response = req.dispatch().await;`
			`assert_eq!(response.status(), Status::Ok);`

			`let req = client.get("/public/main.js");`
			`let response = req.dispatch().await;`
			`assert_eq!(response.status(), Status::Ok);`
			`}`
add tests 2023-07-22 12:24:29 +02:00			`}`