only save (encrypted) user_id in cookie

This commit is contained in:
philipp 2023-07-27 22:16:12 +02:00
parent b5fd4018ff
commit 16a0654e1f
2 changed files with 9 additions and 6 deletions

View File

@ -32,6 +32,7 @@ pub struct User {
#[derive(Debug)] #[derive(Debug)]
pub enum LoginError { pub enum LoginError {
InvalidAuthenticationCombo, InvalidAuthenticationCombo,
UserNotFound,
NotLoggedIn, NotLoggedIn,
NotAnAdmin, NotAnAdmin,
NotACox, NotACox,
@ -274,19 +275,22 @@ impl<'r> FromRequest<'r> for User {
async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> { async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
match req.cookies().get_private("loggedin_user") { match req.cookies().get_private("loggedin_user") {
Some(user) => match serde_json::from_str::<User>(user.value()) { Some(user_id) => match user_id.value().parse::<i32>() {
Ok(user) => { Ok(user_id) => {
let db = req.rocket().state::<SqlitePool>().unwrap(); let db = req.rocket().state::<SqlitePool>().unwrap();
let Some(user) = User::find_by_id(db, user_id).await else {
return Outcome::Failure((Status::Unauthorized, LoginError::UserNotFound));
};
user.logged_in(db).await; user.logged_in(db).await;
let user_json: String = format!("{}", json!(user)); let mut cookie = Cookie::new("loggedin_user", format!("{}", user.id));
let mut cookie = Cookie::new("loggedin_user", user_json);
cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12)); cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));
req.cookies().add_private(cookie); req.cookies().add_private(cookie);
Outcome::Success(user) Outcome::Success(user)
} }
Err(_) => { Err(_) => {
println!("{:?}", user_id.value());
Outcome::Failure((Status::Unauthorized, LoginError::DeserializationError)) Outcome::Failure((Status::Unauthorized, LoginError::DeserializationError))
} }
}, },

View File

@ -79,8 +79,7 @@ async fn login(
} }
}; };
let user_json: String = format!("{}", json!(user)); cookies.add_private(Cookie::new("loggedin_user", format!("{}", json!(user.id))));
cookies.add_private(Cookie::new("loggedin_user", user_json));
Log::create( Log::create(
db, db,