174 lines
5.3 KiB
Rust
174 lines
5.3 KiB
Rust
use askama::Template;
|
|
use axum::response::{Html, Redirect};
|
|
use axum::{Form, extract::Query, extract::State};
|
|
use axum_session::Session;
|
|
use axum_session_sqlx::SessionSqlitePool;
|
|
use oauth2::http;
|
|
use oauth2::{
|
|
AuthorizationCode, CsrfToken, HttpRequest, HttpResponse, PkceCodeChallenge, PkceCodeVerifier,
|
|
Scope, TokenResponse,
|
|
};
|
|
use reqwest::Client;
|
|
use serde::Deserialize;
|
|
|
|
#[derive(Template)]
|
|
#[template(path = "index.html")]
|
|
pub struct IndexTemplate {
|
|
pub weights: Vec<super::models::Weight>,
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct WeightForm {
|
|
date: String,
|
|
time: String,
|
|
weight: f64,
|
|
}
|
|
|
|
pub async fn index(State(state): State<crate::AppState>) -> Html<String> {
|
|
let weights = super::models::get_all_weights(&state.pool)
|
|
.await
|
|
.unwrap_or_default();
|
|
let template = IndexTemplate { weights };
|
|
Html(template.render().unwrap())
|
|
}
|
|
|
|
pub async fn login(
|
|
State(state): State<crate::AppState>,
|
|
session: Session<SessionSqlitePool>,
|
|
) -> Redirect {
|
|
// Generate PKCE challenge
|
|
let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
|
|
|
|
// Generate the authorization URL
|
|
let (auth_url, csrf_token) = state
|
|
.oidc_client
|
|
.authorize_url(CsrfToken::new_random)
|
|
.add_scope(Scope::new("openid".to_string()))
|
|
.add_scope(Scope::new("profile".to_string()))
|
|
.set_pkce_challenge(pkce_challenge)
|
|
.url();
|
|
|
|
// Store the CSRF token and PKCE verifier in the session
|
|
session.set("csrf_token", csrf_token.secret().clone());
|
|
session.set("pkce_verifier", pkce_verifier.secret().clone());
|
|
|
|
Redirect::to(auth_url.as_str())
|
|
}
|
|
|
|
#[cfg(test)]
|
|
pub async fn test_login(session: Session<SessionSqlitePool>) -> Redirect {
|
|
session.set("user_id", "test-user");
|
|
Redirect::to("/")
|
|
}
|
|
|
|
#[derive(Deserialize)]
|
|
pub struct AuthCallbackQuery {
|
|
code: String,
|
|
state: String,
|
|
}
|
|
|
|
pub async fn callback(
|
|
State(state): State<crate::AppState>,
|
|
Query(query): Query<AuthCallbackQuery>,
|
|
session: Session<SessionSqlitePool>,
|
|
) -> Redirect {
|
|
// Verify CSRF token
|
|
if let Some(stored_csrf) = session.get::<String>("csrf_token") {
|
|
if stored_csrf != query.state {
|
|
return Redirect::to("/?error=invalid_state");
|
|
}
|
|
} else {
|
|
return Redirect::to("/?error=no_state");
|
|
}
|
|
|
|
// Get PKCE verifier
|
|
let pkce_verifier = if let Some(verifier) = session.get::<String>("pkce_verifier") {
|
|
PkceCodeVerifier::new(verifier)
|
|
} else {
|
|
return Redirect::to("/?error=no_verifier");
|
|
};
|
|
|
|
// Exchange code for token
|
|
let token_result = state
|
|
.oidc_client
|
|
.exchange_code(AuthorizationCode::new(query.code))
|
|
.set_pkce_verifier(pkce_verifier)
|
|
.request_async(&async_http_client)
|
|
.await;
|
|
|
|
match token_result {
|
|
Ok(token) => {
|
|
// For OIDC, extract user info from token
|
|
// Using the access token as a simple user identifier
|
|
let user_id = token.access_token().secret().clone();
|
|
session.set("user_id", user_id);
|
|
Redirect::to("/")
|
|
}
|
|
Err(_) => Redirect::to("/?error=token_exchange_failed"),
|
|
}
|
|
}
|
|
|
|
// Async HTTP client for oauth2
|
|
async fn async_http_client(req: HttpRequest) -> Result<HttpResponse, reqwest::Error> {
|
|
let client = Client::new();
|
|
|
|
// Convert http::Method to reqwest::Method
|
|
let method_str = format!("{}", req.method());
|
|
let method = reqwest::Method::from_bytes(method_str.as_bytes()).unwrap();
|
|
|
|
// Clone the URI before consuming the request
|
|
let uri = req.uri().clone();
|
|
|
|
let mut req_builder = client.request(method, uri.to_string());
|
|
|
|
for (name, value) in req.headers() {
|
|
let header_name =
|
|
reqwest::header::HeaderName::from_bytes(name.as_str().as_bytes()).unwrap();
|
|
let header_value = reqwest::header::HeaderValue::from_bytes(value.as_bytes()).unwrap();
|
|
req_builder = req_builder.header(header_name, header_value);
|
|
}
|
|
|
|
let body = req.into_body();
|
|
let response = req_builder.body(body).send().await?;
|
|
let status_code = response.status();
|
|
let headers = response.headers().clone();
|
|
let body = response.bytes().await?;
|
|
|
|
// Construct an http::Response
|
|
let mut http_response = http::Response::builder().status(status_code);
|
|
|
|
for (k, v) in headers.iter() {
|
|
http_response = http_response.header(k, v);
|
|
}
|
|
|
|
Ok(http_response.body(body.to_vec()).unwrap())
|
|
}
|
|
|
|
pub async fn input_post(
|
|
State(state): State<crate::AppState>,
|
|
session: Session<SessionSqlitePool>,
|
|
Form(form): Form<WeightForm>,
|
|
) -> Result<Html<String>, Redirect> {
|
|
// Check if user is authenticated
|
|
if let Some(user_id) = session.get::<String>("user_id") {
|
|
let datetime = format!("{}T{}", form.date, form.time);
|
|
super::models::insert_weight(&state.pool, &user_id, &datetime, form.weight)
|
|
.await
|
|
.unwrap();
|
|
let weights = super::models::get_all_weights(&state.pool)
|
|
.await
|
|
.unwrap_or_default();
|
|
let mut html = String::new();
|
|
for weight in weights {
|
|
html.push_str(&format!(
|
|
"<p>{}: {} kg by {}</p>\n",
|
|
weight.date, weight.weight, &user_id
|
|
));
|
|
}
|
|
Ok(Html(html))
|
|
} else {
|
|
// Redirect to login if not authenticated
|
|
Err(Redirect::to("/auth/login"))
|
|
}
|
|
}
|