129 lines
3.4 KiB
Rust
129 lines
3.4 KiB
Rust
use crate::DbConn;
|
|
use crate::user;
|
|
use rocket::http::Status;
|
|
use rocket::response::status::Custom;
|
|
use rocket_contrib::json::Json;
|
|
use serde::{Serialize, Deserialize};
|
|
use std::vec::Vec;
|
|
|
|
pub fn routes() -> impl Into<Vec<rocket::Route>> {
|
|
routes![
|
|
auth,
|
|
auth_change_pw,
|
|
auth_sign_in,
|
|
auth_params,
|
|
auth_ping
|
|
]
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
#[serde(untagged)]
|
|
enum Response<T: Serialize> {
|
|
Error {
|
|
errors: Vec<String>
|
|
},
|
|
Success(T)
|
|
}
|
|
|
|
// Some shorthands
|
|
type JsonResp<T> = Json<Response<T>>;
|
|
|
|
fn success_resp<T: Serialize>(resp: T) -> Custom<JsonResp<T>> {
|
|
Custom(Status::Ok, Json(Response::Success(resp)))
|
|
}
|
|
|
|
fn error_resp<T: Serialize>(status: Status, errors: Vec<String>) -> Custom<JsonResp<T>> {
|
|
Custom(status, Json(Response::Error {
|
|
errors
|
|
}))
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct AuthResult {
|
|
token: String
|
|
}
|
|
|
|
#[post("/auth", format = "json", data = "<new_user>")]
|
|
fn auth(db: DbConn, new_user: Json<user::NewUser>) -> Custom<JsonResp<AuthResult>> {
|
|
match user::User::create(&db.0, &new_user) {
|
|
Ok(_) => _sign_in(db, &new_user.email, &new_user.password),
|
|
Err(user::UserOpError(e)) =>
|
|
error_resp(Status::InternalServerError, vec![e])
|
|
}
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct SignInParams {
|
|
email: String,
|
|
password: String
|
|
}
|
|
|
|
#[post("/auth/sign_in", format = "json", data = "<params>")]
|
|
fn auth_sign_in(db: DbConn, params: Json<SignInParams>) -> Custom<JsonResp<AuthResult>> {
|
|
_sign_in(db, ¶ms.email, ¶ms.password)
|
|
}
|
|
|
|
// Shared logic for all interfaces that needs to do an automatic sign-in
|
|
fn _sign_in(db: DbConn, mail: &str, passwd: &str) -> Custom<JsonResp<AuthResult>> {
|
|
// Try to find the user first
|
|
let res = user::User::find_user_by_email(&db, mail)
|
|
.and_then(|u| u.create_token(passwd));
|
|
match res {
|
|
Ok(token) => success_resp(AuthResult {
|
|
token
|
|
}),
|
|
Err(user::UserOpError(e)) =>
|
|
error_resp(Status::InternalServerError, vec![e])
|
|
}
|
|
}
|
|
|
|
#[derive(Serialize)]
|
|
struct AuthParams {
|
|
pw_cost: String,
|
|
pw_nonce: String,
|
|
version: String
|
|
}
|
|
|
|
impl Into<AuthParams> for user::User {
|
|
fn into(self) -> AuthParams {
|
|
AuthParams {
|
|
pw_cost: self.pw_cost,
|
|
pw_nonce: self.pw_nonce,
|
|
version: self.version
|
|
}
|
|
}
|
|
}
|
|
|
|
#[get("/auth/params?<email>")]
|
|
fn auth_params(db: DbConn, email: String) -> Custom<JsonResp<AuthParams>> {
|
|
match user::User::find_user_by_email(&db, &email) {
|
|
Ok(u) => success_resp(u.into()),
|
|
Err(user::UserOpError(e)) =>
|
|
error_resp(Status::InternalServerError, vec![e])
|
|
}
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
struct ChangePwParams {
|
|
email: String,
|
|
password: String,
|
|
current_password: String
|
|
}
|
|
|
|
#[post("/auth/change_pw", format = "json", data = "<params>")]
|
|
fn auth_change_pw(db: DbConn, params: Json<ChangePwParams>) -> Custom<JsonResp<()>> {
|
|
let res = user::User::find_user_by_email(&db, ¶ms.email)
|
|
.and_then(|u|
|
|
u.change_pw(&db, ¶ms.current_password, ¶ms.password));
|
|
match res {
|
|
Ok(_) => Custom(Status::NoContent, Json(Response::Success(()))),
|
|
Err(user::UserOpError(e)) =>
|
|
error_resp(Status::InternalServerError, vec![e])
|
|
}
|
|
}
|
|
|
|
// For testing the User request guard
|
|
#[get("/auth/ping")]
|
|
fn auth_ping(_db: DbConn, u: user::User) -> Custom<JsonResp<String>> {
|
|
Custom(Status::Ok, Json(Response::Success(u.email)))
|
|
} |