From 87a033a3b8ae1811aba4c67f10a62928477e82c2 Mon Sep 17 00:00:00 2001 From: kenken714 Date: Tue, 29 Oct 2024 01:05:57 +0900 Subject: [PATCH 1/4] feat: add post /login --- src/handler.rs | 3 +- src/handler/authentication.rs | 53 +++++++++++++++++++++++++++++++++-- src/repository/users.rs | 9 ++++++ 3 files changed, 62 insertions(+), 3 deletions(-) diff --git a/src/handler.rs b/src/handler.rs index 63dfee3..f232f36 100644 --- a/src/handler.rs +++ b/src/handler.rs @@ -11,7 +11,8 @@ mod users; pub fn make_router(app_state: Repository) -> Router { let authentication_router = Router::new() .route("/signup/request", post(authentication::sign_up_request)) - .route("/signup", post(authentication::sign_up)); + .route("/signup", post(authentication::sign_up)) + .route("/login", post(authentication::login)) let users_router = Router::new() .route("/me", get(users::get_me).put(users::put_me)) diff --git a/src/handler/authentication.rs b/src/handler/authentication.rs index d549cb7..7e17fdb 100644 --- a/src/handler/authentication.rs +++ b/src/handler/authentication.rs @@ -1,6 +1,6 @@ -use axum::{extract::State, Json}; +use axum::{extract::State, http::HeaderMap, response::IntoResponse, Json}; use lettre::Address; -use reqwest::StatusCode; +use reqwest::{header::SET_COOKIE, StatusCode}; use serde::Deserialize; use crate::{ @@ -91,3 +91,52 @@ pub async fn sign_up( .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; Ok(StatusCode::CREATED) } + +#[derive(Deserialize)] +pub struct LogIn { + email: String, + password: String, +} + +impl Validator for LogIn { + fn validate(&self) -> anyhow::Result<()> { + RuleType::Password.validate(&self.password)?; + Ok(()) + } +} + +pub async fn login( + State(state): State, + Json(body): Json, +) -> Result { + body.validate().map_err(|_| StatusCode::BAD_REQUEST)?; + let user = state + .get_user_by_email(&body.email) + .await + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)? + .ok_or(StatusCode::UNAUTHORIZED)?; + + let verification = state + .verify_user_password(user.id, &body.password) + .await + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; + + if !verification { + return Err(StatusCode::UNAUTHORIZED); + } + + let session_id = state + .create_session(user) + .await + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; + + let mut headers = HeaderMap::new(); + headers.insert( + SET_COOKIE, + format!("session_id={}, HttpOnly, SameSite=Strict", session_id) + .parse() + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?, + ); + + Ok((StatusCode::OK, headers)) +} diff --git a/src/repository/users.rs b/src/repository/users.rs index bc66e7e..72b57ec 100644 --- a/src/repository/users.rs +++ b/src/repository/users.rs @@ -119,6 +119,15 @@ impl Repository { Ok(user) } + pub async fn get_user_by_email(&self, email: &str) -> anyhow::Result> { + let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE email = ?") + .bind(email) + .fetch_optional(&self.pool) + .await?; + + Ok(user) + } + pub async fn create_user_by_email(&self, name: &str, email: &str) -> anyhow::Result { let id = UserId::new(Uuid::now_v7()); From abc2fc1b11c95099aa6f264fbf46613c7873ed63 Mon Sep 17 00:00:00 2001 From: kenken714 Date: Tue, 29 Oct 2024 14:05:18 +0900 Subject: [PATCH 2/4] fix: add semicoron --- src/handler.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/handler.rs b/src/handler.rs index 92f8480..2921d50 100644 --- a/src/handler.rs +++ b/src/handler.rs @@ -12,7 +12,7 @@ pub fn make_router(app_state: Repository) -> Router { let authentication_router = Router::new() .route("/signup/request", post(authentication::sign_up_request)) .route("/signup", post(authentication::sign_up)) - .route("/login", post(authentication::login)) + .route("/login", post(authentication::login)); let users_router = Router::new() .route("/me", get(users::get_me).put(users::put_me)) From 44790fc6a57601c0ad470b5f134fbd43e3d04634 Mon Sep 17 00:00:00 2001 From: kenken714 Date: Tue, 29 Oct 2024 14:14:11 +0900 Subject: [PATCH 3/4] fix: fix cookie --- src/handler/authentication.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/handler/authentication.rs b/src/handler/authentication.rs index a99d4b0..a57ddf4 100644 --- a/src/handler/authentication.rs +++ b/src/handler/authentication.rs @@ -133,7 +133,7 @@ pub async fn login( let mut headers = HeaderMap::new(); headers.insert( SET_COOKIE, - format!("session_id={}, HttpOnly, SameSite=Strict", session_id) + format!("session_id={}; HttpOnly; SameSite=Strict", session_id) .parse() .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?, ); From bbd947608dbdcc948ec6c9601f6de1bf46da6b3a Mon Sep 17 00:00:00 2001 From: kenken714 Date: Tue, 29 Oct 2024 14:23:57 +0900 Subject: [PATCH 4/4] fix: change SameSite attribute to Lax --- src/handler/authentication.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/handler/authentication.rs b/src/handler/authentication.rs index a57ddf4..eb1983f 100644 --- a/src/handler/authentication.rs +++ b/src/handler/authentication.rs @@ -133,7 +133,7 @@ pub async fn login( let mut headers = HeaderMap::new(); headers.insert( SET_COOKIE, - format!("session_id={}; HttpOnly; SameSite=Strict", session_id) + format!("session_id={}; HttpOnly; SameSite=Lax", session_id) .parse() .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?, );