X-Git-Url: http://git.euphorik.ch/?p=recipes.git;a=blobdiff_plain;f=backend%2Fsrc%2Fmain.rs;fp=backend%2Fsrc%2Fmain.rs;h=91b8d3211bb16b5ebeaba41b59c1b9f1b79fedce;hp=141c87fef46ff6b8e16d30eaa53ce638e34f20d4;hb=b6235fb76ce82f96503cda83eebe8106320b2a0d;hpb=45d4867cb37ce8d7007c4d98de70d81d0b705b92 diff --git a/backend/src/main.rs b/backend/src/main.rs index 141c87f..91b8d32 100644 --- a/backend/src/main.rs +++ b/backend/src/main.rs @@ -1,13 +1,14 @@ -use std::{collections::HashMap, net::ToSocketAddrs}; +use std::collections::HashMap; use actix_files as fs; -use actix_web::{http::header, get, post, web, Responder, middleware, App, HttpServer, HttpRequest, HttpResponse}; +use actix_web::{http::header, get, post, web, Responder, middleware, App, HttpServer, HttpRequest, HttpResponse, cookie::Cookie}; use askama_actix::{Template, TemplateToResponse}; use chrono::{prelude::*, Duration}; use clap::Parser; use serde::Deserialize; use config::Config; +use user::User; mod consts; mod db; @@ -17,65 +18,114 @@ mod user; mod email; mod config; +const COOKIE_AUTH_TOKEN_NAME: &str = "auth_token"; + +///// UTILS ///// + +fn get_ip_and_user_agent(req: &HttpRequest) -> (String, String) { + let user_agent = req.headers().get(header::USER_AGENT).map(|v| v.to_str().unwrap_or_default()).unwrap_or_default().to_string(); + let ip = req.peer_addr().map(|addr| addr.ip().to_string()).unwrap_or_default(); + (ip, user_agent) +} + +fn get_current_user(req: &HttpRequest, connection: &web::Data) -> Option { + let (client_ip, client_user_agent) = get_ip_and_user_agent(req); + + match req.cookie(COOKIE_AUTH_TOKEN_NAME) { + Some(token_cookie) => + match connection.authentication(token_cookie.value(), &client_ip, &client_user_agent) { + Ok(db::AuthenticationResult::NotValidToken) => + // TODO: remove cookie? + None, + Ok(db::AuthenticationResult::Ok(user_id)) => + match connection.load_user(user_id) { + Ok(user) => + Some(user), + Err(error) => { + eprintln!("Error during authentication: {:?}", error); + None + } + }, + Err(error) => { + eprintln!("Error during authentication: {:?}", error); + None + }, + }, + None => None + } +} + +///// HOME ///// + #[derive(Template)] #[template(path = "home.html")] struct HomeTemplate { + user: Option, recipes: Vec<(i32, String)>, } -#[derive(Template)] -#[template(path = "sign_in_form.html")] -struct SignInFormTemplate { +#[get("/")] +async fn home_page(req: HttpRequest, connection: web::Data) -> impl Responder { + HomeTemplate { user: get_current_user(&req, &connection), recipes: connection.get_all_recipe_titles().unwrap_or_default() } } +///// VIEW RECIPE ///// + #[derive(Template)] #[template(path = "view_recipe.html")] struct ViewRecipeTemplate { + user: Option, recipes: Vec<(i32, String)>, current_recipe: model::Recipe, } +#[get("/recipe/view/{id}")] +async fn view_recipe(req: HttpRequest, path: web::Path<(i32,)>, connection: web::Data) -> impl Responder { + let (id,)= path.into_inner(); + let recipes = connection.get_all_recipe_titles().unwrap_or_default(); + let user = get_current_user(&req, &connection); + + match connection.get_recipe(id) { + Ok(recipe) => + ViewRecipeTemplate { + user, + recipes, + current_recipe: recipe, + }.to_response(), + Err(_error) => + MessageTemplate { + user, + recipes, + message: format!("Unable to get recipe #{}", id), + }.to_response(), + } +} + +///// MESSAGE ///// + #[derive(Template)] #[template(path = "message.html")] struct MessageTemplate { + user: Option, recipes: Vec<(i32, String)>, message: String, } -#[get("/")] -async fn home_page(req: HttpRequest, connection: web::Data) -> impl Responder { - HomeTemplate { recipes: connection.get_all_recipe_titles().unwrap_or_default() } -} - //// SIGN UP ///// #[derive(Template)] #[template(path = "sign_up_form.html")] struct SignUpFormTemplate { + user: Option, email: String, message: String, message_email: String, message_password: String, } -impl SignUpFormTemplate { - fn new() -> Self { - SignUpFormTemplate { email: String::new(), message: String::new(), message_email: String::new(), message_password: String::new() } - } -} - -enum SignUpError { - InvalidEmail, - PasswordsNotEqual, - InvalidPassword, - UserAlreadyExists, - DatabaseError, - UnableSendEmail, -} - #[get("/signup")] async fn sign_up_get(req: HttpRequest, query: web::Query>, connection: web::Data) -> impl Responder { - SignUpFormTemplate::new() + SignUpFormTemplate { user: get_current_user(&req, &connection), email: String::new(), message: String::new(), message_email: String::new(), message_password: String::new() } } #[derive(Deserialize)] @@ -85,12 +135,22 @@ struct SignUpFormData { password_2: String, } +enum SignUpError { + InvalidEmail, + PasswordsNotEqual, + InvalidPassword, + UserAlreadyExists, + DatabaseError, + UnableSendEmail, +} + #[post("/signup")] async fn sign_up_post(req: HttpRequest, form: web::Form, connection: web::Data, config: web::Data) -> impl Responder { - println!("Sign Up, email: {}, passwords: {}/{}", form.email, form.password_1, form.password_2); + println!("Sign up, email: {}, passwords: {}/{}", form.email, form.password_1, form.password_2); - fn error_response(error: SignUpError, form: &web::Form) -> HttpResponse { + fn error_response(error: SignUpError, form: &web::Form, user: Option) -> HttpResponse { SignUpFormTemplate { + user, email: form.email.clone(), message_email: match error { @@ -113,22 +173,24 @@ async fn sign_up_post(req: HttpRequest, form: web::Form, connect }.to_response() } + let user = get_current_user(&req, &connection); + // Validation of email and password. if let common::utils::EmailValidation::NotValid = common::utils::validate_email(&form.email) { - return error_response(SignUpError::InvalidEmail, &form); + return error_response(SignUpError::InvalidEmail, &form, user); } if form.password_1 != form.password_2 { - return error_response(SignUpError::PasswordsNotEqual, &form); + return error_response(SignUpError::PasswordsNotEqual, &form, user); } if let common::utils::PasswordValidation::TooShort = common::utils::validate_password(&form.password_1) { - return error_response(SignUpError::InvalidPassword, &form); + return error_response(SignUpError::InvalidPassword, &form, user); } match connection.sign_up(&form.email, &form.password_1) { Ok(db::SignUpResult::UserAlreadyExists) => { - error_response(SignUpError::UserAlreadyExists, &form) + error_response(SignUpError::UserAlreadyExists, &form, user) }, Ok(db::SignUpResult::UserCreatedWaitingForValidation(token)) => { let url = { @@ -151,21 +213,22 @@ async fn sign_up_post(req: HttpRequest, form: web::Form, connect .finish(), Err(error) => { eprintln!("Email validation error: {:?}", error); - error_response(SignUpError::UnableSendEmail, &form) + error_response(SignUpError::UnableSendEmail, &form, user) }, } }, Err(error) => { eprintln!("Signup database error: {:?}", error); - error_response(SignUpError::DatabaseError, &form) + error_response(SignUpError::DatabaseError, &form, user) }, } } #[get("/signup_check_email")] -async fn sign_up_check_email(connection: web::Data) -> impl Responder { +async fn sign_up_check_email(req: HttpRequest, connection: web::Data) -> impl Responder { let recipes = connection.get_all_recipe_titles().unwrap_or_default(); MessageTemplate { + user: get_current_user(&req, &connection), recipes, message: "An email has been sent, follow the link to validate your account.".to_string(), } @@ -173,89 +236,166 @@ async fn sign_up_check_email(connection: web::Data) -> impl Resp #[get("/validation")] async fn sign_up_validation(req: HttpRequest, query: web::Query>, connection: web::Data) -> impl Responder { - - println!("req:\n{:#?}", req); - - let client_user_agent = req.headers().get(header::USER_AGENT).map(|v| v.to_str().unwrap_or_default()).unwrap_or_default(); - let client_ip = req.peer_addr().map(|addr| addr.ip().to_string()).unwrap_or_default(); + let (client_ip, client_user_agent) = get_ip_and_user_agent(&req); + let user = get_current_user(&req, &connection); let recipes = connection.get_all_recipe_titles().unwrap_or_default(); match query.get("token") { Some(token) => { - match connection.validation(token, Duration::seconds(consts::VALIDATION_TOKEN_DURATION), &client_ip, client_user_agent).unwrap() { - db::ValidationResult::Ok(token, user_id) => - // TODO: set token to cookie. - MessageTemplate { - recipes, - message: "Email validation successful, your account has been created".to_string(), - }, + match connection.validation(token, Duration::seconds(consts::VALIDATION_TOKEN_DURATION), &client_ip, &client_user_agent).unwrap() { + db::ValidationResult::Ok(token, user_id) => { + let cookie = Cookie::new(COOKIE_AUTH_TOKEN_NAME, token); + let user = + match connection.load_user(user_id) { + Ok(user) => + Some(user), + Err(error) => { + eprintln!("Error retrieving user by id: {}", error); + None + } + }; + + let mut response = + MessageTemplate { + user, + recipes, + message: "Email validation successful, your account has been created".to_string(), + }.to_response(); + + if let Err(error) = response.add_cookie(&cookie) { + eprintln!("Unable to set cookie after validation: {:?}", error); + }; + + response + }, db::ValidationResult::ValidationExpired => MessageTemplate { + user, recipes, message: "The validation has expired. Try to sign up again.".to_string(), - }, + }.to_response(), db::ValidationResult::UnknownUser => - MessageTemplate { - recipes, - message: "Validation error.".to_string(), - }, + MessageTemplate { + user, + recipes, + message: "Validation error.".to_string(), + }.to_response(), } }, None => { MessageTemplate { + user, recipes, message: format!("No token provided"), - } + }.to_response() }, } } ///// SIGN IN ///// -#[get("/signinform")] -async fn sign_in_form(req: HttpRequest, connection: web::Data) -> impl Responder { +#[derive(Template)] +#[template(path = "sign_in_form.html")] +struct SignInFormTemplate { + user: Option, + email: String, + message: String, +} + +#[get("/signin")] +async fn sign_in_get(req: HttpRequest, connection: web::Data) -> impl Responder { SignInFormTemplate { + user: get_current_user(&req, &connection), + email: String::new(), + message: String::new(), } } -#[post("/signin")] -async fn sign_in(req: HttpRequest) -> impl Responder { - "todo" +#[derive(Deserialize)] +struct SignInFormData { + email: String, + password: String, } -#[get("/recipe/view/{id}")] -async fn view_recipe(req: HttpRequest, path: web::Path<(i32,)>, connection: web::Data) -> impl Responder { - let (id,)= path.into_inner(); - let recipes = connection.get_all_recipe_titles().unwrap_or_default(); - println!("{:?}", recipes); - match connection.get_recipe(id) { - Ok(recipe) => - ViewRecipeTemplate { - recipes, - current_recipe: recipe, - }.to_response(), - Err(_error) => - MessageTemplate { - recipes, - message: format!("Unable to get recipe #{}", id), - }.to_response(), +enum SignInError { + AccountNotValidated, + AuthenticationFailed, +} + +#[post("/signin")] +async fn sign_in_post(req: HttpRequest, form: web::Form, connection: web::Data) -> impl Responder { + println!("Sign in, email: {}, password: {}", form.email, form.password); + + fn error_response(error: SignInError, form: &web::Form, user: Option) -> HttpResponse { + SignInFormTemplate { + user, + email: form.email.clone(), + message: + match error { + SignInError::AccountNotValidated => "This account must be validated first", + SignInError::AuthenticationFailed => "Wrong email or password", + }.to_string(), + }.to_response() } + + let user = get_current_user(&req, &connection); + let (client_ip, client_user_agent) = get_ip_and_user_agent(&req); + + match connection.sign_in(&form.email, &form.password, &client_ip, &client_user_agent) { + Ok(db::SignInResult::AccountNotValidated) => + error_response(SignInError::AccountNotValidated, &form, user), + Ok(db::SignInResult::UserNotFound) | Ok(db::SignInResult::WrongPassword) => { + error_response(SignInError::AuthenticationFailed, &form, user) + }, + Ok(db::SignInResult::Ok(token, user_id)) => { + let cookie = Cookie::new(COOKIE_AUTH_TOKEN_NAME, token); + let mut response = + HttpResponse::Found() + .insert_header((header::LOCATION, "/")) + .finish(); + if let Err(error) = response.add_cookie(&cookie) { + eprintln!("Unable to set cookie after sign in: {:?}", error); + }; + response + }, + Err(error) => { + eprintln!("Signin error: {:?}", error); + error_response(SignInError::AuthenticationFailed, &form, user) + }, + } +} + + +///// SIGN OUT ///// + +#[get("/signout")] +async fn sign_out(req: HttpRequest, connection: web::Data) -> impl Responder { + let mut response = + HttpResponse::Found() + .insert_header((header::LOCATION, "/")) + .finish(); + + if let Some(token_cookie) = req.cookie(COOKIE_AUTH_TOKEN_NAME) { + if let Err(error) = connection.sign_out(token_cookie.value()) { + eprintln!("Unable to sign out: {:?}", error); + }; + + if let Err(error) = response.add_removal_cookie(&Cookie::new(COOKIE_AUTH_TOKEN_NAME, "")) { + eprintln!("Unable to set a removal cookie after sign out: {:?}", error); + }; + }; + response } async fn not_found(req: HttpRequest, connection: web::Data) -> impl Responder { let recipes = connection.get_all_recipe_titles().unwrap_or_default(); MessageTemplate { + user: get_current_user(&req, &connection), recipes, message: "404: Not found".to_string(), } } -fn get_exe_name() -> String { - let first_arg = std::env::args().nth(0).unwrap(); - let sep: &[_] = &['\\', '/']; - first_arg[first_arg.rfind(sep).unwrap()+1..].to_string() -} - #[actix_web::main] async fn main() -> std::io::Result<()> { if process_args() { return Ok(()) } @@ -286,12 +426,12 @@ async fn main() -> std::io::Result<()> { .service(sign_up_post) .service(sign_up_check_email) .service(sign_up_validation) - .service(sign_in_form) - .service(sign_in) + .service(sign_in_get) + .service(sign_in_post) + .service(sign_out) .service(view_recipe) .service(fs::Files::new("/static", "static")) .default_service(web::to(not_found)) - //.default_service(not_found) }); server.bind(&format!("0.0.0.0:{}", port))?.run().await @@ -324,27 +464,4 @@ fn process_args() -> bool { } false - - /* - - - fn print_usage() { - println!("Usage:"); - println!(" {} [--help] [--test]", get_exe_name()); - } - - let args: Vec = args().collect(); - - if args.iter().any(|arg| arg == "--help") { - print_usage(); - return true - } else if args.iter().any(|arg| arg == "--test") { - match db::Connection::new() { - Ok(_) => (), - Err(error) => println!("Error: {:?}", error) - } - return true - } - false - */ }