src/routes/login.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

use actix_session::Session;
use actix_web::http::header::LOCATION;
use actix_web::{get, post, web, HttpResponse};
use serde::Deserialize;
use uuid::Uuid;

use crate::error::PinussyError;
use crate::notification::{Kind, Notification};
use crate::templates;
use crate::Pinussy;
use crate::Result;

#[get("/login")]
async fn get(session: Session, state: web::Data<Pinussy>) -> Result<HttpResponse> {
    if let Some(user_id) = session.get::<Uuid>("user_id")? {
        if state.db.users().read(user_id).await.is_ok() {
            return Ok(HttpResponse::SeeOther()
                .insert_header((LOCATION, "/"))
                .finish());
        } else {
            session.purge()
        }
    }
    Ok(HttpResponse::Ok().body(render!(templates::login_html, None).unwrap()))
}

#[derive(Deserialize)]
struct LoginForm {
    username: String,
    password: String,
    // rememberme: Option<String>,
}

#[post("/login")]
async fn post(
    state: web::Data<Pinussy>,
    session: Session,
    form: web::Form<LoginForm>,
) -> Result<HttpResponse> {
    match state.db.users().read_username(&form.username).await {
        Ok(user) => {
            if user.verify_password(&form.password)? {
                session.insert("user_id", user.id)?;
                return Ok(HttpResponse::SeeOther()
                    .insert_header((LOCATION, "/"))
                    .finish());
            } else {
                return Ok(HttpResponse::Unauthorized().body(
                    render!(
                        templates::login_html,
                        Some(Notification {
                            kind: Kind::Error,
                            message: "that password is incorrect".to_owned()
                        })
                    )
                    .unwrap(),
                ));
            }
        }
        Err(PinussyError::Database(sqlx::Error::RowNotFound)) => {
            return Ok(HttpResponse::NotFound().body(
                render!(
                    templates::login_html,
                    Some(Notification {
                        kind: Kind::Error,
                        message: format!("the user \"{}\" does not exist", &form.username)
                    })
                )
                .unwrap(),
            ));
        }
        Err(_) => {
            return Ok(HttpResponse::InternalServerError().body(
                render!(
                    templates::login_html,
                    Some(Notification {
                        kind: Kind::Error,
                        message: "internal server error. please try again later".to_owned()
                    })
                )
                .unwrap(),
            ));
        }
    }
}