rowt/src/rest/auth.rs
2023-05-24 12:11:55 +02:00

119 lines
3.0 KiB
Rust

use rocket::{
form::Form,
get,
http::{Cookie, CookieJar},
post,
request::FlashMessage,
response::{Flash, Redirect},
routes, FromForm, Route, State,
};
use rocket_dyn_templates::{context, tera, Template};
use serde_json::json;
use sqlx::SqlitePool;
use crate::model::{
log::Log,
user::{LoginError, User},
};
#[get("/")]
fn index(flash: Option<FlashMessage<'_>>) -> Template {
let mut context = tera::Context::new();
if let Some(msg) = flash {
context.insert("flash", &msg.into_inner());
}
Template::render("auth/login", context.into_json())
}
#[derive(FromForm)]
struct LoginForm<'r> {
name: &'r str,
password: &'r str,
}
#[post("/", data = "<login>")]
async fn login(
login: Form<LoginForm<'_>>,
db: &State<SqlitePool>,
cookies: &CookieJar<'_>,
) -> Flash<Redirect> {
let user = User::login(db, login.name, login.password).await;
let user = match user {
Ok(user) => user,
Err(LoginError::NoPasswordSet(user)) => {
return Flash::warning(
Redirect::to(format!("/auth/set-pw/{}", user.id)),
"Setze ein neues Passwort",
);
}
Err(_) => {
return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort");
}
};
let user_json: String = format!("{}", json!(user));
cookies.add_private(Cookie::new("loggedin_user", user_json));
Flash::success(Redirect::to("/"), "Login erfolgreich")
}
#[get("/set-pw/<userid>")]
fn setpw(userid: i32) -> Template {
Template::render("auth/set-pw", context!(userid))
}
#[derive(FromForm)]
struct UpdatePw<'r> {
userid: i32,
password: &'r str,
password_confirm: &'r str,
}
#[post("/set-pw", data = "<updatepw>")]
async fn updatepw(
db: &State<SqlitePool>,
updatepw: Form<UpdatePw<'_>>,
cookies: &CookieJar<'_>,
) -> Flash<Redirect> {
let user = User::find_by_id(db, updatepw.userid).await;
let Some(user) = user else{
return Flash::error(
Redirect::to("/auth"),
format!("User with ID {} does not exist!", updatepw.userid),
)
};
if updatepw.password != updatepw.password_confirm {
return Flash::error(
Redirect::to(format!("/auth/set-pw/{}", updatepw.userid)),
"Passwörter stimmen nicht überein! Bitte probiere es nochmal",
);
}
user.update_pw(db, updatepw.password).await;
let user_json: String = format!("{}", json!(user));
cookies.add_private(Cookie::new("loggedin_user", user_json));
Log::create(db, format!("User {} set her password.", user.name)).await;
Flash::success(
Redirect::to("/"),
"Passwort erfolgreich gesetzt. Du bist nun eingeloggt.",
)
}
#[get("/logout")]
fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {
cookies.remove_private(Cookie::named("loggedin_user"));
Flash::success(Redirect::to("/auth"), "Logout erfolgreich")
}
pub fn routes() -> Vec<Route> {
routes![index, login, logout, setpw, updatepw]
}