diff --git a/src/main.rs b/src/main.rs index 72bf074..950187a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -114,34 +114,41 @@ async fn account(mut db: Connection, cookies: &CookieJar<'_>) -> status::Cus } #[post("/login", data = "")] -async fn login(mut db: Connection, info: Json, cookies: &CookieJar<'_>) -> String { +async fn login( + mut db: Connection, + info: Json, + cookies: &CookieJar<'_>, +) -> status::Custom<&'static str> { let token = cookies.get_private("token"); match token { Some(_) => { - "already logged in".to_string() + status::Custom(Status::Continue, "already logged in") } None => { match User::get_by_username(&mut db, &info.username).await { Some(user) => { if user.password == sha256::digest(&info.password) { match user.token { - Some(t) => {cookies.add_private(("token", t)); "Logged in".to_string()}, + Some(t) => {cookies.add_private(("token", t)); status::Custom(Status::Ok, "Logged in")}, None => { match user.set_new_token(&mut db).await { Ok(t) => { cookies.add_private(("token", t)); - "logged in".to_string() + status::Custom(Status::Ok, "Logged in") + }, + Err(why) => { + eprintln!("{why:?}"); + status::Custom(Status::InternalServerError, "Couldn't generate a token for you, therefore you weren't logged in.") }, - Err(why) => why, } } } } else { - String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)") + status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)") } } None => - String::from("Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)"), + status::Custom(Status::Forbidden, "Invalid username or password (to those whining about why it doesn't tell you if the username or password is incorrect, security)") } } } @@ -253,25 +260,29 @@ async fn toggleperms( cookies: &CookieJar<'_>, ) -> status::Custom { match cookies.get_private("token") { - Some(t) => match User::get_by_token(&mut db, t).await { - Some(user) => match user.admin { - true => match User::get_by_username(&mut db, &info.username).await { - Some(toggled_user) => { - match toggled_user.username == user.username && info.perm == "admin" { - true => status::Custom( - Status::Forbidden, - "You can't change your own admin status".to_string(), - ), - false => { - let admin_username = std::env::var("ADMIN_USERNAME") - .expect("set ADMIN_USERNAME env var"); - match toggled_user.username == admin_username { + Some(t) => { + match User::get_by_token(&mut db, t).await { + Some(user) => { + match user.admin { + true => match User::get_by_username(&mut db, &info.username).await { + Some(toggled_user) => { + match toggled_user.username == user.username && info.perm == "admin" + { true => status::Custom( Status::Forbidden, - "You can't change the system admin's perms.".to_string(), + "You can't change your own admin status".to_string(), ), false => { - match info.perm == "admin" + let admin_username = std::env::var("ADMIN_USERNAME") + .expect("set ADMIN_USERNAME env var"); + match toggled_user.username == admin_username { + true => status::Custom( + Status::Forbidden, + "You can't change the system admin's perms." + .to_string(), + ), + false => { + match info.perm == "admin" && user.username != admin_username { true => status::Custom( @@ -288,20 +299,25 @@ async fn toggleperms( } } } + } + } } } } + None => status::Custom( + Status::NotFound, + "The user you're trying to toggle perms for doesn't exist." + .to_string(), + ), + }, + false => { + status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()) } } - None => status::Custom( - Status::NotFound, - "The user you're trying to toggle perms for doesn't exist.".to_string(), - ), - }, - false => status::Custom(Status::Unauthorized, "You aren't an admin.".to_string()), - }, - None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()), - }, + } + None => status::Custom(Status::Unauthorized, "Invalid login token".to_string()), + } + } None => status::Custom(Status::Unauthorized, "Not logged in".to_string()), } }