final touches

src/rest/mod.rs

@@ -14,6 +14,7 @@ use rocket::{
 };
 use rocket_dyn_templates::{context, Template};
 use sea_orm::{Database, DatabaseConnection};
+use sha3::{Digest, Sha3_256};
 
 use super::models::{all::DayWithTrips, day, user};
 
@@ -35,17 +36,18 @@ impl Deref for NaiveDateForm {
     }
 }
 
-#[get("/")]
-async fn index(db: &State<DatabaseConnection>, user: user::Model) -> Template {
+#[get("/?<all>")]
+async fn index(db: &State<DatabaseConnection>, user: user::Model, all: Option<String>) -> Template {
     let mut data = Vec::new();
 
     let mut show_next_n_days = 6;
-    if user.is_cox {
-        let end_of_year = NaiveDate::from_ymd_opt(Local::now().year(), 5, 31).unwrap();
-        show_next_n_days = end_of_year
-            .signed_duration_since(Local::now().date_naive())
-            .num_days()
-            + 1;
+    if let Some(_) = all {
+        if user.is_cox {
+            let end_of_year = NaiveDate::from_ymd_opt(Local::now().year(), 12, 31).unwrap();
+            show_next_n_days = end_of_year
+                .signed_duration_since(Local::now().date_naive())
+                .num_days();
+        }
     }
 
     for i in 0..show_next_n_days {
@@ -65,17 +67,45 @@ fn name() -> Template {
 #[derive(FromForm)]
 struct NameForm {
     name: String,
+    pw: Option<String>,
 }
 
 #[put("/name", data = "<name>")]
-fn savename(name: Form<NameForm>, cookies: &CookieJar) -> Redirect {
-    cookies.add(Cookie::new("name", name.name.clone()));
+async fn savename(
+    name: Form<NameForm>,
+    cookies: &CookieJar<'_>,
+    db: &State<DatabaseConnection>,
+) -> Redirect {
+    let user = user::Model::find_or_create_user(&name.name, db.inner()).await;
+    match user.pw {
+        Some(pw) => {
+            match &name.pw {
+                Some(entered_pw) => {
+                    let mut hasher = Sha3_256::new();
+                    hasher.update(entered_pw);
+                    let entered_pw = hasher.finalize();
+
+                    if hex::encode(entered_pw) == pw {
+                        cookies.add_private(Cookie::new("name", name.name.clone()));
+                    } else {
+                        Redirect::to("/"); // Wrong PW
+                    }
+                }
+                None => {
+                    Redirect::to("/"); // No PW supplied
+                }
+            }
+        }
+        None => {
+            cookies.add_private(Cookie::new("name", name.name.clone()));
+        }
+    }
     Redirect::to("/")
 }
 
 #[get("/logout")]
 fn logout(cookies: &CookieJar) -> Redirect {
-    cookies.remove(Cookie::new("name", ""));
+    cookies.remove_private(Cookie::new("name", ""));
     Redirect::to("/")
 }
 

src/rest/restuser.rs

@@ -1,10 +1,9 @@
 use rocket::{form::Form, response::Redirect, Route, State};
 use rocket_dyn_templates::{context, Template};
 use sea_orm::{ActiveModelTrait, DatabaseConnection, EntityTrait, Set};
+use sha3::{Digest, Sha3_256};
 
-use crate::models::{day, user};
-
-use super::NaiveDateForm;
+use crate::models::user;
 
 #[get("/")]
 async fn index(db: &State<DatabaseConnection>, user: user::AdminUser) -> Template {
@@ -15,6 +14,7 @@ async fn index(db: &State<DatabaseConnection>, user: user::AdminUser) -> Templat
 
 #[derive(FromForm)]
 struct UserEditForm {
+    pw: Option<String>,
     is_cox: bool,
     is_admin: bool,
 }
@@ -26,12 +26,22 @@ async fn update(
     data: Form<UserEditForm>,
     _user: user::AdminUser,
 ) -> Redirect {
-    let new_user = user::ActiveModel {
+    let mut new_user = user::ActiveModel {
         id: Set(id),
         is_cox: Set(data.is_cox),
         is_admin: Set(data.is_admin),
         ..Default::default()
     };
+    if let Some(pw) = &data.pw {
+        if pw != "" {
+            let mut hasher = Sha3_256::new();
+            hasher.update(pw);
+            let entered_pw = hasher.finalize();
+
+            let pw = hex::encode(entered_pw);
+            new_user.pw = Set(Some(pw));
+        }
+    }
     new_user.update(db.inner()).await.unwrap();
 
     Redirect::to("/user")