added api

1 files changed, 22 insertions, 10 deletions

diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs
index 9007558..8e6d054 100644
--- a/server/src/routes/ui/account/mod.rs
+++ b/server/src/routes/ui/account/mod.rs
@@ -24,6 +24,7 @@ use rocket::{
     response::Redirect,
     uri, FromForm, State,
 };
+use serde::{Deserialize, Serialize};
 
 #[derive(FromForm)]
 pub struct RegisterForm {
@@ -57,7 +58,7 @@ pub async fn r_account_register() -> DynLayoutPage<'static> {
     }
 }
 
-#[derive(FromForm)]
+#[derive(FromForm, Serialize, Deserialize)]
 pub struct LoginForm {
     #[field(validate = len(4..32))]
     pub username: String,
@@ -147,12 +148,29 @@ pub fn r_account_login_post(
         None => return Err(format_form_error(form)),
     };
 
+    login_logic(jar, database, &form.username, &form.password)?;
+
+    Ok(Redirect::found(uri!(r_home())))
+}
+
+#[post("/account/logout")]
+pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> {
+    jar.remove_private(Cookie::named("user"));
+    Ok(Redirect::found(uri!(r_home())))
+}
+
+pub fn login_logic(
+    jar: &CookieJar,
+    database: &Database,
+    username: &str,
+    password: &str,
+) -> MyResult<()> {
     // hashing the password regardless if the accounts exists to prevent timing attacks
-    let password = hash_password(&form.username, &form.password);
+    let password = hash_password(username, password);
 
     let user = database
         .users
-        .get(&form.username)?
+        .get(&username.to_string())?
         .ok_or(anyhow!("invalid password"))?;
 
     if user.password != password {
@@ -168,13 +186,7 @@ pub fn r_account_login_post(
         .finish(),
     );
 
-    Ok(Redirect::found(uri!(r_home())))
-}
-
-#[post("/account/logout")]
-pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> {
-    jar.remove_private(Cookie::named("user"));
-    Ok(Redirect::found(uri!(r_home())))
+    Ok(())
 }
 
 pub fn format_form_error<T>(form: Form<Contextual<T>>) -> MyError {