diff options
| author | metamuffin <metamuffin@disroot.org> | 2023-08-01 19:56:38 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2023-08-01 19:56:38 +0200 |
| commit | f7992589cf45c699599a7ee5fc4634c9db16ff87 (patch) | |
| tree | 973c2e0bc9d50a9e137f999b3c1f231e8471c4be /server/src/routes/ui/account | |
| parent | 551e62a6012284823d6b22a9257c3fae07de7fd9 (diff) | |
| download | jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar.bz2 jellything-f7992589cf45c699599a7ee5fc4634c9db16ff87.tar.zst | |
error format depends on accept header
Diffstat (limited to 'server/src/routes/ui/account')
| -rw-r--r-- | server/src/routes/ui/account/admin.rs | 10 | ||||
| -rw-r--r-- | server/src/routes/ui/account/mod.rs | 37 | ||||
| -rw-r--r-- | server/src/routes/ui/account/session/guard.rs | 2 | ||||
| -rw-r--r-- | server/src/routes/ui/account/settings.rs | 2 |
4 files changed, 23 insertions, 28 deletions
diff --git a/server/src/routes/ui/account/admin.rs b/server/src/routes/ui/account/admin.rs index d7e5a36..37457b0 100644 --- a/server/src/routes/ui/account/admin.rs +++ b/server/src/routes/ui/account/admin.rs @@ -26,8 +26,8 @@ pub fn r_account_admin_dashboard( } // TODO this doesnt scale, pagination! - let users = database.users.iter().collect::<Result<Vec<_>, _>>()?; - let invites = database.invites.iter().collect::<Result<Vec<_>, _>>()?; + let users = database.user.iter().collect::<Result<Vec<_>, _>>()?; + let invites = database.invite.iter().collect::<Result<Vec<_>, _>>()?; Ok(LayoutPage { title: "Admin Dashboard".to_string(), @@ -69,7 +69,7 @@ pub fn r_account_admin_invite( } let i = format!("{}", rand::thread_rng().gen::<u128>()); - database.invites.insert(&i, &())?; + database.invite.insert(&i, &())?; Ok(LayoutPage { title: "Admin Dashboard".to_string(), @@ -95,7 +95,7 @@ pub fn r_account_admin_remove_user( Err(anyhow!("you not admin"))? } database - .users + .user .remove(&form.name)? .ok_or(anyhow!("user did not exist"))?; @@ -124,7 +124,7 @@ pub fn r_account_admin_remove_invite( Err(anyhow!("you not admin"))? } database - .invites + .invite .remove(&form.invite)? .ok_or(anyhow!("invite did not exist"))?; diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs index 79fa652..f1b243c 100644 --- a/server/src/routes/ui/account/mod.rs +++ b/server/src/routes/ui/account/mod.rs @@ -113,11 +113,11 @@ pub fn r_account_register_post<'a>( None => return Err(format_form_error(form)), }; - if database.invites.remove(&form.invitation).unwrap().is_none() { + if database.invite.remove(&form.invitation).unwrap().is_none() { return Err(MyError(anyhow!("invitation invalid"))); } match database - .users + .user .compare_and_swap( &form.username, None, @@ -151,8 +151,14 @@ pub fn r_account_login_post( Some(v) => v, None => return Err(format_form_error(form)), }; - - login_logic(jar, database, &form.username, &form.password)?; + jar.add( + Cookie::build( + "session", + login_logic(database, &form.username, &form.password)?, + ) + .permanent() + .finish(), + ); Ok(Redirect::found(uri!(r_home()))) } @@ -163,17 +169,12 @@ pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> { Ok(Redirect::found(uri!(r_home()))) } -pub fn login_logic( - jar: &CookieJar, - database: &Database, - username: &str, - password: &str, -) -> MyResult<()> { +pub fn login_logic(database: &Database, username: &str, password: &str) -> MyResult<String> { // hashing the password regardless if the accounts exists to prevent timing attacks let password = hash_password(username, password); let user = database - .users + .user .get(&username.to_string())? .ok_or(anyhow!("invalid password"))?; @@ -181,16 +182,10 @@ pub fn login_logic( Err(anyhow!("invalid password"))? } - jar.add( - Cookie::build( - "session", - session::token::create(user.name, Duration::days(CONF.login_expire)), - ) - .permanent() - .finish(), - ); - - Ok(()) + Ok(session::token::create( + user.name, + Duration::days(CONF.login_expire), + )) } pub fn format_form_error<T>(form: Form<Contextual<T>>) -> MyError { diff --git a/server/src/routes/ui/account/session/guard.rs b/server/src/routes/ui/account/session/guard.rs index c6f5c29..e2bc093 100644 --- a/server/src/routes/ui/account/session/guard.rs +++ b/server/src/routes/ui/account/session/guard.rs @@ -34,7 +34,7 @@ impl Session { } let db = req.guard::<&State<Database>>().await.unwrap(); - let user = db.users.get(&username)?.ok_or(anyhow!("user not found"))?; + let user = db.user.get(&username)?.ok_or(anyhow!("user not found"))?; Ok(Session { user }) } diff --git a/server/src/routes/ui/account/settings.rs b/server/src/routes/ui/account/settings.rs index 59b10b7..b02c871 100644 --- a/server/src/routes/ui/account/settings.rs +++ b/server/src/routes/ui/account/settings.rs @@ -82,7 +82,7 @@ pub fn r_account_settings_post( }; let mut out = String::new(); - database.users.fetch_and_update(&session.user.name, |k| { + database.user.fetch_and_update(&session.user.name, |k| { k.map(|mut k| { if let Some(password) = &form.password { k.password = hash_password(&session.user.name, password); |