src/tera/mod.rs

@@ -7,7 +7,7 @@ use rocket::{
     form::Form,
     fs::FileServer,
     get,
-    http::Cookie,
+    http::{Cookie, Status},
     post,
     request::FlashMessage,
     response::{Flash, Redirect},
@@ -123,11 +123,23 @@ async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String
     "FAIL".into()
 }
 
+#[get("/?<username>&<password>")]
+async fn nextcloud_auth(db: &State<SqlitePool>, username: String, password: String) -> Status {
+    if let Ok(user) = User::login(db, &username, &password).await {
+        if user.has_role(db, "admin").await {
+            return Status::Ok;
+        }
+        if user.has_role(db, "Vorstand").await {
+            return Status::Ok;
+        }
+    }
+    Status::Unauthorized
+}
+
 #[catch(401)] //Unauthorized
 fn unauthorized_error(req: &Request) -> Redirect {
     // Save the URL the user tried to access, to be able to go there once logged in
     let mut redirect_cookie = Cookie::new("redirect_url", format!("{}", req.uri()));
-    println!("{}", req.uri());
     redirect_cookie.set_expires(OffsetDateTime::now_utc() + Duration::hours(1));
     req.cookies().add_private(redirect_cookie);
 
@@ -265,6 +277,7 @@ pub fn config(rocket: Rocket<Build>) -> Rocket<Build> {
         .mount("/", routes![index, steering, impressum])
         .mount("/auth", auth::routes())
         .mount("/wikiauth", routes![wikiauth])
+        .mount("/nxauth", routes![nextcloud_auth])
         .mount("/new-blogpost", routes![new_blogpost])
         .mount("/blogpost-unpublished", routes![blogpost_unpublished])
         .mount("/log", log::routes())