move all direct database access to logic crate

1 files changed, 5 insertions, 16 deletions

diff --git a/server/src/helper/session.rs b/server/src/helper/session.rs
index d51acd3..090330b 100644
--- a/server/src/helper/session.rs
+++ b/server/src/helper/session.rs
@@ -6,24 +6,19 @@
 use super::A;
 use crate::ui::error::MyError;
 use anyhow::anyhow;
-use jellylogic::{
-    session::{validate, AdminSession, Session},
-    Database,
-};
+use jellylogic::session::{bypass_auth_session, token_to_session, AdminSession, Session};
 use log::warn;
 use rocket::{
     async_trait,
     http::Status,
     outcome::Outcome,
     request::{self, FromRequest},
-    Request, State,
+    Request,
 };
 
 pub(super) async fn session_from_request(req: &Request<'_>) -> Result<Session, MyError> {
-    let username;
-
     if cfg!(feature = "bypass-auth") {
-        username = "admin".to_string();
+        Ok(bypass_auth_session()?)
     } else {
         let token = req
             .query_value("session")
@@ -40,14 +35,8 @@ pub(super) async fn session_from_request(req: &Request<'_>) -> Result<Session, M
 
         // jellyfin urlescapes the token for *some* requests
         let token = token.replace("%3D", "=");
-        username = validate(&token)?;
-    };
-
-    let db = req.guard::<&State<Database>>().await.unwrap();
-
-    let user = db.get_user(&username)?.ok_or(anyhow!("user not found"))?;
-
-    Ok(Session { user })
+        Ok(token_to_session(&token)?)
+    }
 }
 
 fn parse_jellyfin_auth(h: &str) -> Option<&str> {