From d7417804a0b7bdd84f0b7cf0ffa3db1684da4ca6 Mon Sep 17 00:00:00 2001
From: philipp <philipp@hofer.link>
Date: Wed, 7 Jun 2023 00:07:11 +0200
Subject: [PATCH] renew cookies on every action; increase cookie timeout to 3
 months

---
 src/model/user.rs | 10 +++++++++-
 src/rest/auth.rs  |  8 ++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/model/user.rs b/src/model/user.rs
index 99e41e3..86355f5 100644
--- a/src/model/user.rs
+++ b/src/model/user.rs
@@ -3,11 +3,13 @@ use std::ops::Deref;
 use argon2::{password_hash::SaltString, Argon2, PasswordHasher};
 use rocket::{
     async_trait,
-    http::Status,
+    http::{Cookie, Status},
     request::{self, FromRequest, Outcome},
+    time::{Duration, OffsetDateTime},
     Request,
 };
 use serde::{Deserialize, Serialize};
+use serde_json::json;
 use sqlx::{FromRow, SqlitePool};
 
 #[derive(FromRow, Debug, Serialize, Deserialize)]
@@ -178,6 +180,12 @@ impl<'r> FromRequest<'r> for User {
                 Ok(user) => {
                     let db = req.rocket().state::<SqlitePool>().unwrap();
                     user.logged_in(db).await;
+
+                    let user_json: String = format!("{}", json!(user));
+                    let mut cookie = Cookie::new("loggedin_user", user_json);
+                    cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));
+                    req.cookies().add_private(cookie);
+
                     Outcome::Success(user)
                 }
                 Err(_) => {
diff --git a/src/rest/auth.rs b/src/rest/auth.rs
index b98650a..f54d99c 100644
--- a/src/rest/auth.rs
+++ b/src/rest/auth.rs
@@ -5,7 +5,9 @@ use rocket::{
     post,
     request::FlashMessage,
     response::{Flash, Redirect},
-    routes, FromForm, Route, State,
+    routes,
+    time::{Duration, OffsetDateTime},
+    FromForm, Route, State,
 };
 use rocket_dyn_templates::{context, tera, Template};
 use serde_json::json;
@@ -96,7 +98,9 @@ async fn updatepw(
     user.update_pw(db, updatepw.password).await;
 
     let user_json: String = format!("{}", json!(user));
-    cookies.add_private(Cookie::new("loggedin_user", user_json));
+    let mut cookie = Cookie::new("loggedin_user", user_json);
+    cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));
+    cookies.add_private(cookie);
 
     Log::create(db, format!("User {} set her password.", user.name)).await;