refactoring and code cleanup
This commit is contained in:
parent
a73851d26f
commit
b6775fae9b
1 changed files with 26 additions and 28 deletions
|
@ -48,6 +48,21 @@ pub struct RegisterFormParams {
|
||||||
pub password: Option<String>,
|
pub password: Option<String>,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// build a response that will cause a redirect without full
|
||||||
|
/// page reload using httpx
|
||||||
|
///
|
||||||
|
/// # Errors
|
||||||
|
///
|
||||||
|
/// When there is an issue with rendering the view.
|
||||||
|
fn httpx_redirect(url: &str) -> Result<Response> {
|
||||||
|
let mut headers = HeaderMap::new();
|
||||||
|
//ToDo: modifiy below to avoid using ugly unwrap
|
||||||
|
headers.insert("HX-Location", url.parse().unwrap());
|
||||||
|
|
||||||
|
Ok(headers.into_response())
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#[debug_handler]
|
#[debug_handler]
|
||||||
pub async fn home(
|
pub async fn home(
|
||||||
auth: auth_no_error::JWTWithUserOpt<users::Model>,
|
auth: auth_no_error::JWTWithUserOpt<users::Model>,
|
||||||
|
@ -128,11 +143,7 @@ pub async fn do_register(
|
||||||
let res = AuthMailer::send_welcome(&ctx, &user).await;
|
let res = AuthMailer::send_welcome(&ctx, &user).await;
|
||||||
match res {
|
match res {
|
||||||
Ok(()) => {
|
Ok(()) => {
|
||||||
let mut headers = HeaderMap::new();
|
return httpx_redirect("/");
|
||||||
//ToDo: modifiy below to avoid using ugly unwrap
|
|
||||||
headers.insert("HX-Location", "/".parse().unwrap());
|
|
||||||
|
|
||||||
return Ok(headers.into_response());
|
|
||||||
}
|
}
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
return views::home::error(&v,&format!("failed to send welcome email: {}",err.to_string()));
|
return views::home::error(&v,&format!("failed to send welcome email: {}",err.to_string()));
|
||||||
|
@ -184,15 +195,8 @@ pub async fn do_login(
|
||||||
return Ok((jar, views::home::error(&v,"Login failed: invalid email or password")));
|
return Ok((jar, views::home::error(&v,"Login failed: invalid email or password")));
|
||||||
};
|
};
|
||||||
|
|
||||||
// We do not really need to return the index view in the response body
|
// Notes about old code we have tested before :
|
||||||
// because the HX-Location header will trigger htmx to fetch it from
|
// We tried returning the JWT token both in an authorisation header
|
||||||
// the client.
|
|
||||||
// We are doing it here only to test if it allows degrading gracefully
|
|
||||||
// on java script disabled clients.
|
|
||||||
// See do_register() for an implementation of htmx redirect with
|
|
||||||
// an empty body
|
|
||||||
|
|
||||||
// Also we tried returning the JWT token both in an authorisation header
|
|
||||||
// But only the cookie version is working. Web browsers do not seem to be
|
// But only the cookie version is working. Web browsers do not seem to be
|
||||||
// able to get the token from the header to send it back.
|
// able to get the token from the header to send it back.
|
||||||
// Anyway, using a cookie, with attributes Secure, HttpOnly and
|
// Anyway, using a cookie, with attributes Secure, HttpOnly and
|
||||||
|
@ -200,24 +204,18 @@ pub async fn do_login(
|
||||||
// to avoid XSS and CSRF attacks
|
// to avoid XSS and CSRF attacks
|
||||||
// ToDo: manage reset token
|
// ToDo: manage reset token
|
||||||
|
|
||||||
//ToDo: modifiy below to avoid using ugly unwraps
|
//This is how we could set the token cookie without using the CookieJar
|
||||||
|
|
||||||
let mut headers = HeaderMap::new();
|
|
||||||
//headers.insert(header::AUTHORIZATION, HeaderValue::from_str(&format!("Bearer {}", token)).unwrap());
|
|
||||||
headers.insert("HX-Location", "/".parse().unwrap());
|
|
||||||
//This is how to set the token cookie without using the CookieJar :
|
|
||||||
//headers.insert(header::SET_COOKIE, HeaderValue::from_str(&format!("token={}; Secure; HttpOnly; SameSite=Strict", token)).unwrap());
|
//headers.insert(header::SET_COOKIE, HeaderValue::from_str(&format!("token={}; Secure; HttpOnly; SameSite=Strict", token)).unwrap());
|
||||||
|
// - not tested but should work
|
||||||
|
// - if used instead of CookieJar maybe it should be moved to the httpx_redirect() function?
|
||||||
|
|
||||||
let index_view = views::home::index(&v,&user).unwrap();
|
|
||||||
|
|
||||||
let mut cookie = Cookie::new("token", token);
|
let mut cookie = Cookie::new("token", token);
|
||||||
cookie.set_secure(true);
|
cookie.set_secure(true);
|
||||||
cookie.set_http_only(true);
|
cookie.set_http_only(true);
|
||||||
cookie.set_same_site(SameSite::Strict);
|
cookie.set_same_site(SameSite::Strict);
|
||||||
|
|
||||||
Ok((
|
Ok((jar.add(cookie),
|
||||||
jar.add(cookie),
|
httpx_redirect("/"),))
|
||||||
Ok((headers, index_view).into_response()),))
|
|
||||||
}
|
}
|
||||||
_ => {
|
_ => {
|
||||||
return Ok((jar, views::home::error(&v,"Login failed: you need to provide an email and a password")));
|
return Ok((jar, views::home::error(&v,"Login failed: you need to provide an email and a password")));
|
||||||
|
@ -230,10 +228,10 @@ pub async fn do_login(
|
||||||
pub async fn logout(
|
pub async fn logout(
|
||||||
State(_ctx): State<AppContext>,
|
State(_ctx): State<AppContext>,
|
||||||
jar: CookieJar)
|
jar: CookieJar)
|
||||||
-> Result<(CookieJar, Redirect), StatusCode> {
|
-> Result<(CookieJar, impl IntoResponse), StatusCode> {
|
||||||
|
|
||||||
println!("Cookie jar: {:?}",jar);
|
Ok((jar.remove(Cookie::from("token")),
|
||||||
Ok((jar.remove(Cookie::from("token")), Redirect::to("/"),))
|
httpx_redirect("/"),))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[debug_handler]
|
#[debug_handler]
|
||||||
|
|
Loading…
Reference in a new issue