1 files changed, 82 insertions, 0 deletions

diff --git a/src/routes/login.rs b/src/routes/login.rs
new file mode 100644
index 0000000..33f7f69
--- /dev/null
+++ b/src/routes/login.rs
@@ -0,0 +1,82 @@
+use actix_session::Session;
+use actix_web::http::header::LOCATION;
+use actix_web::{get, post, web, HttpResponse};
+use bcrypt::verify;
+use serde::Deserialize;
+
+use crate::notification::{Kind, Notification};
+use crate::templates;
+use crate::Pinussy;
+use crate::Result;
+
+#[get("/login")]
+async fn get() -> HttpResponse {
+    HttpResponse::Ok().body(render!(templates::login_html, None).unwrap())
+}
+
+#[derive(Deserialize)]
+struct LoginForm {
+    username: String,
+    password: String,
+    rememberme: Option<String>,
+}
+
+#[post("/login")]
+async fn post(
+    state: web::Data<Pinussy>,
+    session: Session,
+    form: web::Form<LoginForm>,
+) -> Result<HttpResponse> {
+    match sqlx::query!(
+        "select id, password from users where username = $1",
+        &form.username
+    )
+    .fetch_one(&state.db)
+    .await
+    {
+        Ok(user) => {
+            let password_hash: String = user.password;
+            if verify(&form.password, &password_hash)? {
+                session.insert("user_id", user.id)?;
+                return Ok(HttpResponse::SeeOther()
+                    .insert_header((LOCATION, "/"))
+                    .finish());
+            } else {
+                return Ok(HttpResponse::Unauthorized().body(
+                    render!(
+                        templates::login_html,
+                        Some(Notification {
+                            kind: Kind::Error,
+                            message: "that password is incorrect".to_owned()
+                        })
+                    )
+                    .unwrap(),
+                ));
+            }
+        }
+        Err(sqlx::Error::RowNotFound) => {
+            return Ok(HttpResponse::NotFound().body(
+                render!(
+                    templates::login_html,
+                    Some(Notification {
+                        kind: Kind::Error,
+                        message: format!("the user \"{}\" does not exist", &form.username)
+                    })
+                )
+                .unwrap(),
+            ));
+        }
+        Err(_) => {
+            return Ok(HttpResponse::InternalServerError().body(
+                render!(
+                    templates::login_html,
+                    Some(Notification {
+                        kind: Kind::Error,
+                        message: "internal server error. please try again later".to_owned()
+                    })
+                )
+                .unwrap(),
+            ));
+        }
+    }
+}