gourami

[UNMAINTAINED] Activitypub server in Rust
Log | Files | Refs | README | LICENSE

commit 0b2292cb015fa1194f240dfef45a4f888013ab33
parent a52e112248e5a068918de52ab829207871f90ffa
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Wed, 22 Apr 2020 18:07:25 -0500

Add authentication layer

Diffstat:
Msrc/lib.rs | 22+++++++++++++++-------
Msrc/session.rs | 16+++++++++++++++-
Mstatic/css/style.css | 7+++++--
Mtemplates/base.html | 2+-
Mtemplates/error.html | 1+
Mtemplates/login.html | 4++--
Mtemplates/register.html | 2+-
Mtemplates/single_note.html | 7+++----
Mtemplates/user.html | 8++++----
9 files changed, 47 insertions(+), 22 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs @@ -5,6 +5,7 @@ extern crate diesel; #[macro_use] extern crate lazy_static; #[macro_use] extern crate maplit; +use std::convert::Infallible; use warp::{Reply, Filter, Rejection}; use warp::http; @@ -264,6 +265,7 @@ struct ServerInfoTemplate<'a> { #[template(path = "error.html")] struct ErrorTemplate<'a> { global: Global<'a>, + page: &'a str, error_message: &'a str } @@ -302,7 +304,7 @@ fn note_page(session: Option<Session>, note_id: i32) -> impl Reply { render_template(&NoteTemplate{global: global, note: n.clone(), page: &n.id.to_string()}) } else { - render_template(&ErrorTemplate{global: global, error_message: "Note not found"}) + render_template(&ErrorTemplate{global: global, page: "error", error_message: "Note not found"}) } // TODO -- fetch replies } @@ -329,14 +331,21 @@ fn user_page(session: Option<Session>, user_name: String) -> impl Reply { }) } else { - render_template(&ErrorTemplate{global: global, error_message: "User not found"}) + render_template(&ErrorTemplate{global: global, page: "error", error_message: "User not found"}) } } +async fn error_page(err: Rejection) -> Result<impl Reply, Infallible>{ + Ok(render_template(&ErrorTemplate{global: Global::from_session(None), page: "error", error_message: "You do not have access to this page."})) +} + pub async fn run_server() { env_logger::init(); // cors filters etc - let session_filter = move || session::create_session_filter().clone(); + + // NOT TESTED YET + let public = false; // std::env::var("PUBLIC").unwrap_or("false"); + let session_filter = move || session::create_session_filter(public).clone(); use warp::{path, body::json, body::form}; @@ -367,7 +376,7 @@ pub async fn run_server() { let login_page = path("login") .map(|| login_page()); - let do_login = path("login") + let do_login = path("do_login") .and(form()) .map(do_login); @@ -424,7 +433,6 @@ pub async fn run_server() { let forms = login_page.or(do_register).or(do_login).or(create_note).or(delete_note).or(do_logout); // let api // catch all for any other paths - let not_found = warp::any().map(|| "404 not found"); let routes = warp::get().and(html_renders) .or( @@ -432,8 +440,8 @@ pub async fn run_server() { .and(warp::body::content_length_limit(1024 * 32)) .and(forms)) .or(static_files) - .or(not_found) - .with(warp::log("server")); + .with(warp::log("server")) + .recover(error_page); warp::serve(routes) .run(([127, 0, 0, 1], 3030)) diff --git a/src/session.rs b/src/session.rs @@ -70,8 +70,22 @@ impl Session { } } -pub fn create_session_filter() -> BoxedFilter<(Option<Session>,)> { +pub fn create_session_filter(optional: bool) -> BoxedFilter<(Option<Session>,)> { + if optional { cookie::optional("EXAUTH") .map(move |key: Option<String>| {Session::from_key(key)}) .boxed() + } else { + cookie::cookie("EXAUTH") + .and_then(|key: String| async move { + let s = Session::from_key(Some(key)); + if s.is_none() { + Err(warp::reject::reject()) + } + else { + Ok(Some(s.unwrap())) + } + }) + .boxed() + } } diff --git a/static/css/style.css b/static/css/style.css @@ -5,10 +5,13 @@ .link-button { background: none; border: none; - color: blue; + color: #009475; + display: inline; text-decoration: underline; cursor: pointer; - font-family: "courier", monospace + padding: 0; + font-family: "courier", monospace; + font-size: 1em; } .link-button:focus { outline: none; diff --git a/templates/base.html b/templates/base.html @@ -17,7 +17,7 @@ <div class="padded navbar"> <div class="title">🐟{{global.title}}/{{page}}</div> <div class="navlinks"> - <a href="/">t</a>,<a href="/test">n</a>,<a href="/server_info">server</a>,{% if global.logged_in %}<a href="/user/{{global.user.username}}">@{{global.user.username}}</a>,{% else %}<a href="/register">register</a>,<a href="login">login</a>{% endif %} + <a href="/">timeline</a>,<a href="/server_info">server</a>{% if global.logged_in %},<a href="/user/{{global.user.username}}">@{{global.user.username}}</a>{% else %},<a href="login">login</a>{% endif %} </div> </div> </div> diff --git a/templates/error.html b/templates/error.html @@ -1,3 +1,4 @@ +{% extends "base.html" %} {% block content %} <div class="container"> {{ error_message }} diff --git a/templates/login.html b/templates/login.html @@ -1,7 +1,7 @@ {% extends "base.html" %} {% block content %} <div class="container"> -<form action="/login" method="POST"> +<form action="/do_login" method="POST"> <div class="container"> <label for="username"><b>Username</b></label> <input type="text" placeholder="Enter Username" name="username" required> @@ -10,7 +10,7 @@ <label for="password"><b>Password</b></label> <input type="password" placeholder="Enter Password" name="password" required> - <button type="submit">Login</button> + <button class="submit-button-style" type="submit">Login</button> <br> {% if login_failed %} failed login. try again. diff --git a/templates/register.html b/templates/register.html @@ -12,7 +12,7 @@ <label for="password"><b>Password</b></label> <input type="password" placeholder="Enter Password" name="password" required> - <button type="submit">Register</button> + <button class="submit-button-style" type="submit">Register</button> <br> </div> </form> diff --git a/templates/single_note.html b/templates/single_note.html @@ -5,15 +5,14 @@ {% if global.logged_in %} <a href="#" onclick="reply({{note.id}})">↪</a> {% endif %} - </div> {% if note.creator_id == global.user.id %} <form method="post" action="/{{note.id}}/delete" class="inline"> <input type="hidden" name="extra_submit_param" value="extra_submit_value"> - <button type="submit" name="submit_param" value="submit_value" class="link-button"> - x - </button> + <button type="submit" name="submit_param" value="submit_value" + class="link-button">✕</button> </form> {%endif%} + </div> <div class="note-content"> {{note.content|safe}} </div> diff --git a/templates/user.html b/templates/user.html @@ -1,21 +1,21 @@ {% extends "base.html" %} {% block content %} -<div class="container"> +<div> <div class="padded"> <b>user:</b> {{ user.username }} (#{{user.id}}) <br> <b>bio:</b> {{user.bio}} - </div> {% if global.user.id == user.id%} - <div class="col md text-right"> - edit + <div> + <a href="/user/{{user.id}}/edit">edit</a> <br> <form method="post" action="/logout" class="inline"> <button type="submit" name="submit_param" value="submit_value" class="link-button">logout</button</form> </div> {% endif %} + </div> {% include "noteslist.html" %} </div> {% endblock %}