115 lines
3.0 KiB
Rust
115 lines
3.0 KiB
Rust
use rocket::{
|
|
form::Form,
|
|
get,
|
|
http::{Cookie, CookieJar},
|
|
post,
|
|
request::FlashMessage,
|
|
response::{Flash, Redirect},
|
|
routes, FromForm, Route, State,
|
|
};
|
|
use rocket_dyn_templates::{context, tera, Template};
|
|
use serde_json::json;
|
|
use sqlx::SqlitePool;
|
|
|
|
use crate::model::user::{LoginError, User};
|
|
|
|
#[get("/")]
|
|
fn index(flash: Option<FlashMessage<'_>>) -> Template {
|
|
let mut context = tera::Context::new();
|
|
|
|
if let Some(msg) = flash {
|
|
context.insert("flash", &msg.into_inner());
|
|
}
|
|
|
|
Template::render("auth/login", context.into_json())
|
|
}
|
|
|
|
#[derive(FromForm)]
|
|
struct LoginForm {
|
|
name: String,
|
|
password: String,
|
|
}
|
|
|
|
#[post("/", data = "<login>")]
|
|
async fn login(
|
|
login: Form<LoginForm>,
|
|
db: &State<SqlitePool>,
|
|
cookies: &CookieJar<'_>,
|
|
) -> Flash<Redirect> {
|
|
let user = User::login(db, login.name.clone(), login.password.clone()).await;
|
|
|
|
//TODO: be able to use ? for login. This would get rid of the following match clause.
|
|
let user = match user {
|
|
Ok(user) => user,
|
|
Err(LoginError::NoPasswordSet(user)) => {
|
|
return Flash::warning(
|
|
Redirect::to(format!("/auth/set-pw/{}", user.id)),
|
|
"Setze ein neues Passwort",
|
|
);
|
|
}
|
|
Err(_) => {
|
|
return Flash::error(Redirect::to("/auth"), "Falscher Benutzername/Passwort");
|
|
}
|
|
};
|
|
|
|
let user_json: String = format!("{}", json!(user));
|
|
cookies.add_private(Cookie::new("loggedin_user", user_json));
|
|
|
|
Flash::success(Redirect::to("/"), "Login erfolgreich")
|
|
}
|
|
|
|
#[get("/set-pw/<userid>")]
|
|
fn setpw(userid: i32) -> Template {
|
|
Template::render("auth/set-pw", context!(userid))
|
|
}
|
|
|
|
#[derive(FromForm)]
|
|
struct UpdatePw {
|
|
userid: i32,
|
|
password: String,
|
|
password_confirm: String,
|
|
}
|
|
|
|
#[post("/set-pw", data = "<updatepw>")]
|
|
async fn updatepw(
|
|
db: &State<SqlitePool>,
|
|
updatepw: Form<UpdatePw>,
|
|
cookies: &CookieJar<'_>,
|
|
) -> Flash<Redirect> {
|
|
let user = User::find_by_id(db, updatepw.userid).await;
|
|
let Ok(user) = user else{
|
|
return Flash::error(
|
|
Redirect::to("/auth"),
|
|
format!("User with ID {} does not exist!", updatepw.userid),
|
|
)
|
|
};
|
|
|
|
if updatepw.password != updatepw.password_confirm {
|
|
return Flash::error(
|
|
Redirect::to(format!("/auth/set-pw/{}", updatepw.userid)),
|
|
"Passwörter stimmen nicht überein! Bitte probiere es nochmal",
|
|
);
|
|
}
|
|
|
|
user.update_pw(db, updatepw.password.clone()).await;
|
|
|
|
let user_json: String = format!("{}", json!(user));
|
|
cookies.add_private(Cookie::new("loggedin_user", user_json));
|
|
|
|
Flash::success(
|
|
Redirect::to("/"),
|
|
"Passwort erfolgreich gesetzt. Du bist nun eingeloggt.",
|
|
)
|
|
}
|
|
|
|
#[get("/logout")]
|
|
fn logout(cookies: &CookieJar<'_>, _user: User) -> Flash<Redirect> {
|
|
cookies.remove_private(Cookie::named("loggedin_user"));
|
|
|
|
Flash::success(Redirect::to("/auth"), "Logout erfolgreich")
|
|
}
|
|
|
|
pub fn routes() -> Vec<Route> {
|
|
routes![index, login, logout, setpw, updatepw]
|
|
}
|