lukas/weight_tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
559f36224eab5375f761ce070f545b934e889625
weight_tracker/src/handlers.rs
Lukas Wölfer 559f36224e
Some checks failed
Rust / build_and_test (push) Failing after 1m38s
Details
feat: improve dependencies
2026-04-10 23:09:43 +02:00

180 lines
5.8 KiB
Rust
Raw Blame History

use askama::Template;
use axum::response::{Html, Redirect};
use axum::{Form, extract::Query, extract::State};
use axum_sessions::extractors::{ReadableSession, WritableSession};
use oauth2::{AuthorizationCode, CsrfToken, PkceCodeChallenge, PkceCodeVerifier, Scope};
use reqwest::Client;
use serde::Deserialize;
#[derive(Template)]
#[template(path = "index.html")]
pub struct IndexTemplate {
pub weights: Vec<super::models::Weight>,
}
#[derive(Deserialize)]
pub struct WeightForm {
date: String,
weight: f64,
}
pub async fn index(State(state): State<crate::AppState>) -> Html<String> {
let weights = super::models::get_all_weights(&state.pool)
.await
.unwrap_or_default();
let template = IndexTemplate { weights };
Html(template.render().unwrap())
}
pub async fn login(State(state): State<crate::AppState>, mut session: WritableSession) -> Redirect {
// Generate PKCE challenge
let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
// Generate the authorization URL
let (auth_url, csrf_token) = state
.oidc_client
.authorize_url(CsrfToken::new_random)
.add_scope(Scope::new("openid".to_string()))
.add_scope(Scope::new("profile".to_string()))
.set_pkce_challenge(pkce_challenge)
.url();
// Store the CSRF token and PKCE verifier in the session
session
.insert("csrf_token", csrf_token.secret().clone())
.unwrap();
session
.insert("pkce_verifier", pkce_verifier.secret().clone())
.unwrap();
Redirect::to(auth_url.as_str())
}
#[cfg(test)]
pub async fn test_login(mut session: WritableSession) -> Redirect {
session.insert("user_id", "test-user").unwrap();
Redirect::to("/")
}
#[derive(Deserialize)]
pub struct AuthCallbackQuery {
code: String,
state: String,
}
pub async fn callback(
State(state): State<crate::AppState>,
Query(query): Query<AuthCallbackQuery>,
mut session: WritableSession,
) -> Redirect {
// Verify CSRF token
if let Some(stored_csrf) = session.get::<String>("csrf_token") {
if stored_csrf != query.state {
return Redirect::to("/?error=invalid_state");
}
} else {
return Redirect::to("/?error=no_state");
}
// Get PKCE verifier
let pkce_verifier = if let Some(verifier) = session.get::<String>("pkce_verifier") {
PkceCodeVerifier::new(verifier)
} else {
return Redirect::to("/?error=no_verifier");
};
// Exchange code for token
let token_result = state
.oidc_client
.exchange_code(AuthorizationCode::new(query.code))
.set_pkce_verifier(pkce_verifier)
.request_async(async_http_client)
.await;
match token_result {
Ok(token) => {
// For OIDC, the ID token contains user info
if let Some(id_token) = token.id_token() {
// Decode ID token (simplified, in practice you'd verify signature)
// For now, assume it's valid and extract sub as user_id
let claims = id_token.payload().clone();
if let Some(sub) = claims.subject() {
session.insert("user_id", sub.to_string()).unwrap();
Redirect::to("/")
} else {
Redirect::to("/?error=no_subject")
}
} else {
Redirect::to("/?error=no_id_token")
}
}
Err(_) => Redirect::to("/?error=token_exchange_failed"),
}
}
// Async HTTP client for oauth2
async fn async_http_client(
request: oauth2::HttpRequest,
) -> Result<oauth2::HttpResponse, reqwest::Error> {
let client = Client::new();
let method_str = request.method.as_str();
let method = reqwest::Method::from_bytes(method_str.as_bytes()).unwrap();
let mut req_builder = client.request(method, request.url);
for (name, value) in request.headers {
let Some(header_name_str) = name.and_then(|f| Some(f.as_str().clone())) else {
continue;
};
let header_name =
reqwest::header::HeaderName::from_bytes(header_name_str.as_bytes()).unwrap();
let header_value = reqwest::header::HeaderValue::from_bytes(value.as_bytes()).unwrap();
req_builder = req_builder.header(header_name, header_value);
}
let response = req_builder.body(request.body).send().await?;
let status_code = response.status().as_u16();
let headers = response.headers().clone();
let body = response.bytes().await?;
// Convert headers
let mut oauth_headers = oauth2::http::HeaderMap::new();
for (k, v) in headers.iter() {
let name = oauth2::http::HeaderName::from_bytes(k.as_str().as_bytes()).unwrap();
let value = oauth2::http::HeaderValue::from_bytes(v.as_bytes()).unwrap();
oauth_headers.insert(name, value);
}
Ok(oauth2::HttpResponse {
status_code: oauth2::http::StatusCode::from_u16(status_code).unwrap(),
headers: oauth_headers,
body: body.to_vec(),
})
}
pub async fn input_post(
State(state): State<crate::AppState>,
session: ReadableSession,
Form(form): Form<WeightForm>,
) -> Result<Html<String>, Redirect> {
// Check if user is authenticated
if let Some(user_id) = session.get::<String>("user_id") {
super::models::insert_weight(&state.pool, &user_id, &form.date, form.weight)
.await
.unwrap();
let weights = super::models::get_all_weights(&state.pool)
.await
.unwrap_or_default();
let mut html = String::new();
for weight in weights {
html.push_str(&format!(
"<p>{}: {} kg by {}</p>\n",
weight.date, weight.weight, weight.user_id
));
}
Ok(Html(html))
} else {
// Redirect to login if not authenticated
Err(Redirect::to("/auth/login"))
}
}
Reference in New Issue View Git Blame Copy Permalink