(partially) fix security problem with federated session

1 files changed, 13 insertions, 13 deletions

diff --git a/client/src/lib.rs b/client/src/lib.rs
index 92545a9..eca27fc 100644
--- a/client/src/lib.rs
+++ b/client/src/lib.rs
@@ -4,13 +4,14 @@
     Copyright (C) 2023 metamuffin <metamuffin.org>
 */
 use anyhow::Result;
+use jellycommon::user::UserPermission;
 use log::debug;
 use reqwest::{
     header::{HeaderMap, HeaderValue},
     Client,
 };
-use serde_json::json;
-use std::time::Duration;
+use serde::Serialize;
+use std::collections::HashSet;
 use stream::StreamSpec;
 use tokio::io::AsyncWriteExt;
 
@@ -22,6 +23,14 @@ pub struct Instance {
     pub tls: bool,
 }
 
+#[derive(Serialize)]
+pub struct LoginDetails {
+    pub username: String,
+    pub password: String,
+    pub expire: Option<i64>,
+    pub drop_permissions: Option<HashSet<UserPermission>>,
+}
+
 impl Instance {
     pub fn new(host: String, tls: bool) -> Self {
         Self { host, tls }
@@ -33,20 +42,11 @@ impl Instance {
             self.host
         )
     }
-    pub async fn login(
-        self,
-        username: String,
-        password: String,
-        expire: Duration,
-    ) -> anyhow::Result<Session> {
+    pub async fn login(self, data: LoginDetails) -> anyhow::Result<Session> {
         let session_token = Client::builder()
             .build()?
             .post(format!("{}/api/create_session", self.base()))
-            .json(&json!({
-                "expire": expire.as_secs(),
-                "password": password,
-                "username": username,
-            }))
+            .json(&data)
             .send()
             .await?
             .json()