From c4e252dbc2853295921f8ca12bc75d1e4fed3443 Mon Sep 17 00:00:00 2001 From: trotFunky Date: Fri, 26 Jul 2024 20:32:14 +0100 Subject: [PATCH] auth: Add a logout button Add a logout button that clears the auth cookies, logging out the user. It also tries to remove the auth token from the databse, but will ignore any error during the database operation. Do some include clean-ups as well. --- src/auth.rs | 26 ++++++++++++++++++++++++++ src/main.rs | 12 +++--------- src/vote.rs | 1 - templates/index.html.tera | 5 ++++- 4 files changed, 33 insertions(+), 11 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 7f6b251..e022532 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -185,6 +185,32 @@ pub async fn login(week: u8, form: Form, mut db: Connection, cooki Redirect::to(uri!(week::week(week))) } +#[post("//logout")] +pub async fn logout(week: u8, mut db: Connection, cookies: &CookieJar<'_>) -> Redirect { + let auth_token: Option = match cookies.get_private("auth_token") { + Some(cookie) => Some(cookie.value().to_string()), + None => None + }; + + // Should not be able to log out ? + if auth_token.is_none() { + return Redirect::to(uri!(week::week(week))) + } + + match sqlx::query("DELETE FROM AuthTokens WHERE token == $1;") + .bind(auth_token) + .execute(&mut **db) + .await { + Ok(_) => debug!("Auth token deletion successful"), + Err(error) => debug!("Auth token could not be removed ({error}), proceeding anyway.") + } + + cookies.remove_private("auth_token"); + cookies.remove_private("auth_id"); + + Redirect::to(uri!(week::week(week))) +} + pub fn bypass_auth_debug(cookies: &CookieJar<'_>) { if cookies.get_private("auth_token").is_some() { return diff --git a/src/main.rs b/src/main.rs index 655d9af..ac5bc3f 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,18 +1,13 @@ #[macro_use] extern crate rocket; -use rocket::{Rocket, Build, futures}; use rocket::fs::{FileServer, relative}; -use rocket::http::CookieJar; use rocket::response::Redirect; -use rocket::serde::{Serialize, Deserialize, json::Json}; -use rocket_dyn_templates::{Template, context}; +use rocket_dyn_templates::Template; -use rocket_db_pools::{sqlx, sqlx::Row, Database, Connection}; -use sqlx::Error; +use rocket_db_pools::{sqlx, sqlx::Row, Connection}; mod auth; -use auth::User; mod truth; mod vote; @@ -21,7 +16,6 @@ mod week; mod database; mod database_records; -use database_records::*; use database::Db; #[get("/")] @@ -46,7 +40,7 @@ fn rocket() -> _ { vote::fetch_vote_data, vote::vote, truth::create_truth, truth::edit_truth, week::week, week::update_week, week::set_last_week, week::create_week, - auth::login]) + auth::login, auth::logout]) .attach(database::stage()) .attach(Template::fairing()) } diff --git a/src/vote.rs b/src/vote.rs index 5d7d40c..ca78136 100644 --- a/src/vote.rs +++ b/src/vote.rs @@ -2,7 +2,6 @@ use std::collections::hash_map::Entry; use std::collections::HashMap; use rocket::fairing::AdHoc; use rocket::form::Form; -use rocket::futures::TryFutureExt; use rocket::http::CookieJar; use rocket::response::Redirect; use rocket::serde::{Serialize, Deserialize}; diff --git a/templates/index.html.tera b/templates/index.html.tera index d6edfa3..e10d6f5 100644 --- a/templates/index.html.tera +++ b/templates/index.html.tera @@ -43,7 +43,10 @@

{{ title }}

{% if user.logged_in == true %} -

Connecté en tant que {{ user.name }}

+ {% else %}