1 files changed, 70 insertions, 0 deletions
diff --git a/server/src/routes/ui/account/session/guard.rs b/server/src/routes/ui/account/session/guard.rs
new file mode 100644
index 0000000..58dfe01
--- /dev/null
+++ b/server/src/routes/ui/account/session/guard.rs
@@ -0,0 +1,70 @@
+/*
+    This file is part of jellything (https://codeberg.org/metamuffin/jellything)
+    which is licensed under the GNU Affero General Public License (version 3); see /COPYING.
+    Copyright (C) 2023 metamuffin <metamuffin.org>
+*/
+use super::{token, Session};
+use crate::{database::Database, routes::ui::error::MyError};
+use anyhow::anyhow;
+use log::warn;
+use rocket::{
+    outcome::Outcome,
+    request::{self, FromRequest},
+    Request, State,
+};
+
+impl Session {
+    pub async fn from_request_ut(req: &Request<'_>) -> Result<Self, MyError> {
+        let username;
+
+        #[cfg(not(feature = "bypass-auth"))]
+        {
+            let token = req
+                .query_value("session")
+                .map(|e| e.expect("str parse should not fail, right?"))
+                .or(req.cookies().get("session").map(|cookie| cookie.value()))
+                .ok_or(anyhow!("not logged in"))?;
+
+            username = token::validate(token)?;
+        };
+
+        #[cfg(feature = "bypass-auth")]
+        {
+            username = "admin".to_string();
+        }
+
+        let db = req.guard::<&State<Database>>().await.unwrap();
+        let user = db.users.get(&username)?.ok_or(anyhow!("user not found"))?;
+
+        Ok(Session { user })
+    }
+}
+
+impl<'r> FromRequest<'r> for Session {
+    type Error = MyError;
+
+    fn from_request<'life0, 'async_trait>(
+        request: &'r Request<'life0>,
+    ) -> core::pin::Pin<
+        Box<
+            dyn core::future::Future<Output = request::Outcome<Self, Self::Error>>
+                + core::marker::Send
+                + 'async_trait,
+        >,
+    >
+    where
+        'r: 'async_trait,
+        'life0: 'async_trait,
+        Self: 'async_trait,
+    {
+        Box::pin(async move {
+            match Self::from_request_ut(request).await {
+                Ok(x) => Outcome::Success(x),
+                Err(e) => {
+                    warn!("authentificated route rejected: {e:?}");
+                    Outcome::Forward(())
+                }
+            }
+        })
+    }
+}