From 8c689db1c8fa06ddb9119e626e7b1149f3493905 Mon Sep 17 00:00:00 2001 From: Joris Date: Sat, 12 Aug 2023 20:05:09 +0200 Subject: Sign cookie with secret key --- src/routes.rs | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/routes.rs') diff --git a/src/routes.rs b/src/routes.rs index b9e137e..ef63c8e 100644 --- a/src/routes.rs +++ b/src/routes.rs @@ -12,6 +12,7 @@ use crate::controller::wallet::Wallet; use crate::db; use crate::model::config::Config; use crate::model::user::User; +use crate::utils::cookie; pub async fn routes( config: Config, @@ -32,7 +33,7 @@ pub async fn routes( } (&Method::POST, ["login"]) => { controller::login::login( - config, + &config, &assets, &templates, body_form(request).await, @@ -47,7 +48,7 @@ pub async fn routes( "icon.png" => file("assets/icon.png", "image/png").await, _ => controller::utils::not_found(), }, - _ => match connected_user(&pool, &request).await { + _ => match connected_user(&config, &pool, &request).await { Some(user) => { let wallet = Wallet { pool, @@ -55,7 +56,7 @@ pub async fn routes( templates, user, }; - authenticated_routes(config, wallet, request).await + authenticated_routes(&config, wallet, request).await } None => controller::utils::redirect("/login"), }, @@ -65,18 +66,17 @@ pub async fn routes( } async fn connected_user( + config: &Config, pool: &SqlitePool, request: &Request, ) -> Option { let cookie = request.headers().get("COOKIE")?.to_str().ok()?; - let mut xs = cookie.split('='); - xs.next(); - let login_token = xs.next()?; + let login_token = cookie::extract_token(config, cookie).ok()?; db::users::get_by_login_token(pool, login_token.to_string()).await } async fn authenticated_routes( - config: Config, + config: &Config, wallet: Wallet, request: Request, ) -> Response { -- cgit v1.2.3