feat: implement remember me

Cargo.toml

@@ -27,3 +27,4 @@ futures = "0.1.26"
 http = "0.1.17"
 rand = "0.6.5"
 pretty_env_logger = "0.3.0"
+time = "0.1.42"

src/main.rs

@@ -21,6 +21,7 @@ use rand::prelude::*;
 use std::rc::Rc;
 use std::sync::Arc;
 use tera::compile_templates;
+use time::Duration;
 
 mod guard;
 mod models;
@@ -60,7 +61,8 @@ fn main() -> std::io::Result<()> {
             .wrap(IdentityService::new(
                 CookieIdentityPolicy::new(&random_cookie_key)
                     .name("auth-cookie")
-                    .secure(true),
+                    .secure(false)
+                    .max_age(Duration::days(3)),
             ))
             .service(routers::article::homepage)
             .service(routers::article::single_article)
@@ -72,7 +74,8 @@ fn main() -> std::io::Result<()> {
             .service(
                 web::scope("/admin/")
                     .service(routers::admin::admin_panel)
-                    .service(routers::admin::admin_login),
+                    .service(routers::admin::admin_login)
+                    .service(routers::admin::admin_authentication),
             )
         //            .service(routers::article::get_article_by_url)
     })

src/models/user.rs

@@ -26,11 +26,7 @@ impl User {
         let mut hasher = Sha3::sha3_256();
         hasher.input_str(password);
         let result = hasher.result_str();
-        if self.password.eq(&result) {
+        self.password.eq(&result)
-            true
-        } else {
-            false
-        }
     }
 
     pub fn password_generate(password: &str) -> String {

src/routers/admin.rs

@@ -30,10 +30,18 @@ use crate::models::CRUD;
 use crate::pg_pool::Pool;
 use crate::routers::RubbleResponder;
 use actix_web::middleware::identity::Identity;
-use actix_web::{get, web, Either, HttpResponse, Responder};
+use actix_web::web::Form;
+use actix_web::{get, post, web, Either, HttpResponse, Responder};
+use serde::Deserialize;
 use std::sync::Arc;
 use tera::{Context, Tera};
 
+#[derive(Deserialize)]
+struct LoginForm {
+    pub username: String,
+    pub password: String,
+}
+
 #[get("/admin")]
 pub fn redirect_to_admin_panel() -> impl Responder {
     RubbleResponder::Redirect("/admin/panel".into())
@@ -72,27 +80,30 @@ pub fn admin_login(id: Identity, tera: web::Data<Arc<Tera>>) -> impl Responder {
         None => RubbleResponder::Html(tera.render("admin/login.html", &Context::new()).unwrap()),
     }
 }
-//
+
-//
+#[post("/login")]
-//#[post("/login", data = "<user>")]
+pub fn admin_authentication(
-//pub fn admin_authentication(user: Form<LoginForm>, conn: DbConn, mut cookies: Cookies) -> Result<Redirect, Status> {
+    id: Identity,
-//    use crate::schema::{users, users::dsl::*};
+    user: Form<LoginForm>,
-//
+    conn: web::Data<Pool>,
-//    let fetched = users::table.filter(username.eq(&user.username)).first::<User>(&*conn);
+) -> impl Responder {
-//    if fetched.is_err() {
+    let connection = conn.get().unwrap();
-//        return Err(Status::Unauthorized);
+
-//    }
+    let fetched_user = User::find_by_username(&connection, &user.username);
-//    let fetch_user: User = fetched.unwrap();
+
-//    if !fetch_user.authenticated(user.password.as_str()) {
+    match fetched_user {
-//        return Err(Status::Unauthorized);
+        Ok(login_user) => {
-//    }
+            if login_user.authenticated(&user.password) {
-//
+                id.remember(login_user.username);
-//    cookies.add_private(Cookie::new("LOG_SESSION", fetch_user.username));
+                RubbleResponder::Redirect("/admin/panel".into())
-//    cookies.add_private(Cookie::new("LOG_ID", fetch_user.id.to_string()));
+            } else {
-//    cookies.add_private(Cookie::new("LOG_ADMIN", "1"));
+                // TODO flash message or throw unauthorized
-//
+                RubbleResponder::Redirect("/admin/login".into())
-//    Ok(Redirect::to("/admin"))
+            }
-//}
+        }
+        Err(_) => RubbleResponder::Redirect("/admin/login".into()),
+    }
+}
 //
 //
 //#[get("/")]