78 lines
3.3 KiB
Rust
78 lines
3.3 KiB
Rust
use log::info;
|
|
use maud::{html, PreEscaped};
|
|
use peach_lib::password_utils;
|
|
use rouille::{post_input, try_or_400, Request, Response};
|
|
|
|
use crate::templates;
|
|
|
|
// HELPER AND ROUTES FOR /auth/login (GET and POST)
|
|
|
|
/// Login form template builder.
|
|
pub fn build_template() -> PreEscaped<String> {
|
|
let form_template = html! {
|
|
(PreEscaped("<!-- LOGIN FORM -->"))
|
|
div class="card center" {
|
|
form id="login_form" class="center" action="/auth/login" method="post" {
|
|
div style="display: flex; flex-direction: column; margin-bottom: 1rem;" {
|
|
(PreEscaped("<!-- input for password -->"))
|
|
label for="password" class="center label-small font-gray" style="width: 80%;" { "PASSWORD" }
|
|
input id="password" name="password" class="center input" type="password" title="Password for given username";
|
|
(PreEscaped("<!-- login (form submission) button -->"))
|
|
input id="loginUser" class="button button-primary center" title="Login" type="submit" value="Login";
|
|
div class="center-text" style="margin-top: 1rem;" {
|
|
a href="/settings/admin/forgot_password" class="label-small link font-gray" { "Forgot Password?" }
|
|
}
|
|
}
|
|
(PreEscaped("<!-- FLASH MESSAGE -->"))
|
|
// TODO: render flash message
|
|
//{% include "snippets/flash_message" %}
|
|
}
|
|
}
|
|
};
|
|
|
|
// wrap the nav bars around the settings menu template content
|
|
// parameters are template, title and back url
|
|
let body = templates::nav::build_template(form_template, "Login", Some("/"));
|
|
|
|
// render the base template with the provided body
|
|
templates::base::build_template(body)
|
|
}
|
|
|
|
/// Parse and verify the submitted password. If verification succeeds, set the
|
|
/// auth session cookie and redirect to the home page. If not, set a flash
|
|
/// message and redirect to the login page.
|
|
pub fn handle_form(request: &Request) -> Response {
|
|
// query the request body for form data
|
|
// return a 400 error if the admin_id field is missing
|
|
let data = try_or_400!(post_input!(request, { password: String }));
|
|
|
|
// TODO: match on result and define flash message accordingly
|
|
// then send the redirect response
|
|
match password_utils::verify_password(&data.password) {
|
|
Ok(_) => {
|
|
info!("Successful login attempt");
|
|
// if successful login, add a cookie indicating the user is authenticated
|
|
// and redirect to home page
|
|
// NOTE: since we currently have just one user, the value of the cookie
|
|
// is just admin (this is arbitrary).
|
|
// If we had multiple users, we could put the user_id here.
|
|
//cookies.add_private(Cookie::new(AUTH_COOKIE_KEY, ADMIN_USERNAME));
|
|
|
|
Response::redirect_303("/")
|
|
}
|
|
Err(_e) => {
|
|
info!("Unsuccessful login attempt");
|
|
//let err_msg = format!("Invalid password: {}", e);
|
|
// if unsuccessful login, render /login page again
|
|
|
|
/*
|
|
// TODO: add flash message
|
|
context.insert("flash_name", &("error".to_string()));
|
|
context.insert("flash_msg", &(err_msg));
|
|
*/
|
|
|
|
Response::redirect_303("/auth/login")
|
|
}
|
|
}
|
|
}
|