forked from Ruderverein-Donau-Linz/rowt
only save (encrypted) user_id in cookie
This commit is contained in:
parent
b5fd4018ff
commit
16a0654e1f
@ -32,6 +32,7 @@ pub struct User {
|
||||
#[derive(Debug)]
|
||||
pub enum LoginError {
|
||||
InvalidAuthenticationCombo,
|
||||
UserNotFound,
|
||||
NotLoggedIn,
|
||||
NotAnAdmin,
|
||||
NotACox,
|
||||
@ -274,19 +275,22 @@ impl<'r> FromRequest<'r> for User {
|
||||
|
||||
async fn from_request(req: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
|
||||
match req.cookies().get_private("loggedin_user") {
|
||||
Some(user) => match serde_json::from_str::<User>(user.value()) {
|
||||
Ok(user) => {
|
||||
Some(user_id) => match user_id.value().parse::<i32>() {
|
||||
Ok(user_id) => {
|
||||
let db = req.rocket().state::<SqlitePool>().unwrap();
|
||||
let Some(user) = User::find_by_id(db, user_id).await else {
|
||||
return Outcome::Failure((Status::Unauthorized, LoginError::UserNotFound));
|
||||
};
|
||||
user.logged_in(db).await;
|
||||
|
||||
let user_json: String = format!("{}", json!(user));
|
||||
let mut cookie = Cookie::new("loggedin_user", user_json);
|
||||
let mut cookie = Cookie::new("loggedin_user", format!("{}", user.id));
|
||||
cookie.set_expires(OffsetDateTime::now_utc() + Duration::weeks(12));
|
||||
req.cookies().add_private(cookie);
|
||||
|
||||
Outcome::Success(user)
|
||||
}
|
||||
Err(_) => {
|
||||
println!("{:?}", user_id.value());
|
||||
Outcome::Failure((Status::Unauthorized, LoginError::DeserializationError))
|
||||
}
|
||||
},
|
||||
|
@ -79,8 +79,7 @@ async fn login(
|
||||
}
|
||||
};
|
||||
|
||||
let user_json: String = format!("{}", json!(user));
|
||||
cookies.add_private(Cookie::new("loggedin_user", user_json));
|
||||
cookies.add_private(Cookie::new("loggedin_user", format!("{}", json!(user.id))));
|
||||
|
||||
Log::create(
|
||||
db,
|
||||
|
Loading…
x
Reference in New Issue
Block a user