From 16a0654e1feacf2f91d5a2332d022afc00cf19e2 Mon Sep 17 00:00:00 2001 From: philipp Date: Thu, 27 Jul 2023 22:16:12 +0200 Subject: [PATCH] only save (encrypted) user_id in cookie --- src/model/user.rs | 12 ++++++++---- src/tera/auth.rs | 3 +-- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/model/user.rs b/src/model/user.rs index 0079d50..303bb3a 100644 --- a/src/model/user.rs +++ b/src/model/user.rs @@ -32,6 +32,7 @@ pub struct User { #[derive(Debug)] pub enum LoginError { InvalidAuthenticationCombo, + UserNotFound, NotLoggedIn, NotAnAdmin, NotACox, @@ -274,19 +275,22 @@ impl<'r> FromRequest<'r> for User { async fn from_request(req: &'r Request<'_>) -> request::Outcome { match req.cookies().get_private("loggedin_user") { - Some(user) => match serde_json::from_str::(user.value()) { - Ok(user) => { + Some(user_id) => match user_id.value().parse::() { + Ok(user_id) => { let db = req.rocket().state::().unwrap(); + let Some(user) = User::find_by_id(db, user_id).await else { + return Outcome::Failure((Status::Unauthorized, LoginError::UserNotFound)); + }; user.logged_in(db).await; - let user_json: String = format!("{}", json!(user)); - let mut cookie = Cookie::new("loggedin_user", user_json); + let mut cookie = Cookie::new("loggedin_user", format!("{}", user.id)); cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12)); req.cookies().add_private(cookie); Outcome::Success(user) } Err(_) => { + println!("{:?}", user_id.value()); Outcome::Failure((Status::Unauthorized, LoginError::DeserializationError)) } }, diff --git a/src/tera/auth.rs b/src/tera/auth.rs index cfe294d..329b692 100644 --- a/src/tera/auth.rs +++ b/src/tera/auth.rs @@ -79,8 +79,7 @@ async fn login( } }; - let user_json: String = format!("{}", json!(user)); - cookies.add_private(Cookie::new("loggedin_user", user_json)); + cookies.add_private(Cookie::new("loggedin_user", format!("{}", json!(user.id)))); Log::create( db,