1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
use actix_session::Session;
use actix_web::http::header::LOCATION;
use actix_web::{get, post, web, HttpResponse};
use bcrypt::verify;
use serde::Deserialize;
use crate::notification::{Kind, Notification};
use crate::templates;
use crate::Pinussy;
use crate::Result;
#[get("/login")]
async fn get() -> HttpResponse {
HttpResponse::Ok().body(render!(templates::login_html, None).unwrap())
}
#[derive(Deserialize)]
struct LoginForm {
username: String,
password: String,
rememberme: Option<String>,
}
#[post("/login")]
async fn post(
state: web::Data<Pinussy>,
session: Session,
form: web::Form<LoginForm>,
) -> Result<HttpResponse> {
match sqlx::query!(
"select id, password from users where username = $1",
&form.username
)
.fetch_one(&state.db)
.await
{
Ok(user) => {
let password_hash: String = user.password;
if verify(&form.password, &password_hash)? {
session.insert("user_id", user.id)?;
return Ok(HttpResponse::SeeOther()
.insert_header((LOCATION, "/"))
.finish());
} else {
return Ok(HttpResponse::Unauthorized().body(
render!(
templates::login_html,
Some(Notification {
kind: Kind::Error,
message: "that password is incorrect".to_owned()
})
)
.unwrap(),
));
}
}
Err(sqlx::Error::RowNotFound) => {
return Ok(HttpResponse::NotFound().body(
render!(
templates::login_html,
Some(Notification {
kind: Kind::Error,
message: format!("the user \"{}\" does not exist", &form.username)
})
)
.unwrap(),
));
}
Err(_) => {
return Ok(HttpResponse::InternalServerError().body(
render!(
templates::login_html,
Some(Notification {
kind: Kind::Error,
message: "internal server error. please try again later".to_owned()
})
)
.unwrap(),
));
}
}
}
|