From dbb8c1c2f0035ea41224dec319a996b89e13ec84 Mon Sep 17 00:00:00 2001
From: metamuffin <metamuffin@disroot.org>
Date: Tue, 1 Aug 2023 14:46:14 +0200
Subject: new session based login

---
 server/src/routes/ui/account/mod.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'server/src/routes/ui/account/mod.rs')

diff --git a/server/src/routes/ui/account/mod.rs b/server/src/routes/ui/account/mod.rs
index 0e4e0cc..79fa652 100644
--- a/server/src/routes/ui/account/mod.rs
+++ b/server/src/routes/ui/account/mod.rs
@@ -7,7 +7,6 @@ pub mod admin;
 pub mod session;
 pub mod settings;
 
-use self::session::SessionCookie;
 use super::{error::MyError, layout::LayoutPage};
 use crate::{
     database::{Database, User},
@@ -16,6 +15,7 @@ use crate::{
 };
 use anyhow::anyhow;
 use argon2::{password_hash::Salt, Argon2, PasswordHasher};
+use chrono::Duration;
 use rocket::{
     form::{Contextual, Form},
     get,
@@ -159,7 +159,7 @@ pub fn r_account_login_post(
 
 #[post("/account/logout")]
 pub fn r_account_logout_post(jar: &CookieJar) -> MyResult<Redirect> {
-    jar.remove_private(Cookie::named("user"));
+    jar.remove_private(Cookie::named("session"));
     Ok(Redirect::found(uri!(r_home())))
 }
 
@@ -181,10 +181,10 @@ pub fn login_logic(
         Err(anyhow!("invalid password"))?
     }
 
-    jar.add_private(
+    jar.add(
         Cookie::build(
-            "user",
-            serde_json::to_string(&SessionCookie::new(user.name)).unwrap(),
+            "session",
+            session::token::create(user.name, Duration::days(CONF.login_expire)),
         )
         .permanent()
         .finish(),
-- 
cgit v1.2.3-70-g09d2