refactor: add renderer middleware
This commit is contained in:
parent
40b892391a
commit
b6dcb7521e
16 changed files with 172 additions and 92 deletions
|
@ -1,3 +1,5 @@
|
|||
# OAuth2 spec
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc6749
|
||||
|
||||
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
|
||||
|
|
|
@ -1,22 +1,20 @@
|
|||
use axum::{extract::State, http::HeaderMap, response::{Html, IntoResponse}, Extension};
|
||||
use axum::{extract::State, response::IntoResponse, Extension};
|
||||
use minijinja::context;
|
||||
|
||||
use crate::{server::AppState, services::session::TokenClaims};
|
||||
|
||||
|
||||
use crate::{renderer::TemplateRenderer, server::AppState, services::session::TokenClaims};
|
||||
|
||||
pub async fn authorize_form(
|
||||
State(app_state): State<AppState>,
|
||||
Extension(token_claims): Extension<TokenClaims>
|
||||
Extension(token_claims): Extension<TokenClaims>,
|
||||
Extension(renderer): Extension<TemplateRenderer>
|
||||
) -> impl IntoResponse {
|
||||
|
||||
// 1. Check if the app is already authorized
|
||||
// 2. Query the app details
|
||||
|
||||
Html(
|
||||
app_state.templating_env.get_template("pages/authorize.html").unwrap()
|
||||
.render(context!())
|
||||
.unwrap()
|
||||
renderer
|
||||
.render(
|
||||
"pages/authorize",
|
||||
context!()
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
use axum::{extract::State, response::{Html, IntoResponse}};
|
||||
use axum::{response::IntoResponse, Extension};
|
||||
use axum_macros::debug_handler;
|
||||
use minijinja::context;
|
||||
|
||||
use crate::server::AppState;
|
||||
use crate::renderer::TemplateRenderer;
|
||||
|
||||
#[debug_handler]
|
||||
pub async fn home(
|
||||
State(app_state): State<AppState>
|
||||
Extension(renderer): Extension<TemplateRenderer>
|
||||
) -> impl IntoResponse {
|
||||
Html(
|
||||
app_state.templating_env.get_template("pages/home.html").unwrap()
|
||||
.render(context!())
|
||||
.unwrap()
|
||||
renderer.render(
|
||||
"pages/home",
|
||||
context!()
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -1,23 +1,20 @@
|
|||
use chrono::{Duration, SecondsFormat, Utc};
|
||||
use log::info;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use axum::{extract::State, http::{HeaderMap, HeaderValue, StatusCode}, response::{Html, IntoResponse}, Form};
|
||||
use serde::Deserialize;
|
||||
use axum::{extract::State, http::{HeaderMap, HeaderValue, StatusCode}, response::IntoResponse, Extension, Form};
|
||||
use fully_pub::fully_pub;
|
||||
use minijinja::context;
|
||||
|
||||
use crate::{
|
||||
models::user::{User, UserStatus},
|
||||
server::AppState,
|
||||
services::{password::verify_password_hash, session::create_token}
|
||||
models::user::{User, UserStatus}, renderer::TemplateRenderer, server::AppState, services::{password::verify_password_hash, session::create_token}
|
||||
};
|
||||
|
||||
pub async fn login_form(
|
||||
State(app_state): State<AppState>
|
||||
Extension(renderer): Extension<TemplateRenderer>
|
||||
) -> impl IntoResponse {
|
||||
Html(
|
||||
app_state.templating_env.get_template("pages/login.html").unwrap()
|
||||
.render(context!())
|
||||
.unwrap()
|
||||
renderer.render(
|
||||
"pages/login",
|
||||
context!()
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -33,6 +30,7 @@ const DUMMY_PASSWORD_HASH: &str = "$argon2id$v=19$m=19456,t=2,p=1$+06ud2g4uVTI7k
|
|||
|
||||
pub async fn perform_login(
|
||||
State(app_state): State<AppState>,
|
||||
Extension(renderer): Extension<TemplateRenderer>,
|
||||
Form(login): Form<LoginForm>
|
||||
) -> impl IntoResponse {
|
||||
// get user from db
|
||||
|
@ -50,29 +48,25 @@ pub async fn perform_login(
|
|||
Err(_e) => DUMMY_PASSWORD_HASH.into()
|
||||
};
|
||||
|
||||
let templ = app_state.templating_env.get_template("pages/login.html").unwrap();
|
||||
|
||||
if verify_password_hash(password_hash, login.password).is_err() {
|
||||
return (
|
||||
return renderer.render_with_status(
|
||||
StatusCode::BAD_REQUEST,
|
||||
Html(
|
||||
templ.render(context!(
|
||||
"pages/login",
|
||||
context!(
|
||||
error => Some("Invalid login or password.".to_string())
|
||||
)).unwrap()
|
||||
)
|
||||
).into_response();
|
||||
);
|
||||
}
|
||||
|
||||
let user = user_res.expect("Expected User to be found.");
|
||||
if user.status == UserStatus::Disabled {
|
||||
return (
|
||||
return renderer.render_with_status(
|
||||
StatusCode::BAD_REQUEST,
|
||||
Html(
|
||||
templ.render(context!(
|
||||
"pages/login",
|
||||
context!(
|
||||
error => Some("This account is disabled.".to_string())
|
||||
)).unwrap()
|
||||
)
|
||||
).into_response();
|
||||
);
|
||||
}
|
||||
|
||||
info!("User {:?} {:?} logged in", &user.handle, &user.email);
|
||||
|
@ -87,13 +81,16 @@ pub async fn perform_login(
|
|||
// TODO: handle keep_session boolean from form and specify cookie max age only if this setting
|
||||
// is true
|
||||
let cookie_max_age = Duration::days(7).num_seconds();
|
||||
// enforce SameSite=Lax to avoid CSRF
|
||||
let jwt_cookie = format!("minauth_jwt={jwt}; SameSite=Lax; Max-Age={cookie_max_age}");
|
||||
let mut headers = HeaderMap::new();
|
||||
headers.insert("Set-Cookie", HeaderValue::from_str(&jwt_cookie).unwrap());
|
||||
headers.insert("Location", HeaderValue::from_str(&format!("/me")).unwrap());
|
||||
|
||||
(StatusCode::FOUND, headers, Html(
|
||||
templ.render(context!()).unwrap()
|
||||
)).into_response()
|
||||
renderer.render_with_status(
|
||||
StatusCode::FOUND,
|
||||
"pages/login",
|
||||
context!()
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
use axum::{body::Bytes, extract::State, http::StatusCode, response::{Html, IntoResponse}, Extension};
|
||||
use axum_typed_multipart::{FieldData, TryFromMultipart, TypedMultipart};
|
||||
use base64::prelude::{Engine, BASE64_STANDARD};
|
||||
use fully_pub::fully_pub;
|
||||
use minijinja::context;
|
||||
|
||||
use crate::{models::user::User, server::AppState, services::session::TokenClaims};
|
||||
use crate::{models::user::User, renderer::TemplateRenderer, server::AppState, services::session::TokenClaims};
|
||||
|
||||
pub async fn me_page(
|
||||
State(app_state): State<AppState>,
|
||||
Extension(renderer): Extension<TemplateRenderer>,
|
||||
Extension(token_claims): Extension<TokenClaims>
|
||||
) -> impl IntoResponse {
|
||||
|
||||
|
@ -17,19 +17,18 @@ pub async fn me_page(
|
|||
.await
|
||||
.expect("To get user from claim");
|
||||
|
||||
Html(
|
||||
app_state.templating_env.get_template("pages/me/index.html").unwrap()
|
||||
.render(context!(
|
||||
user => user_res,
|
||||
user_picture => user_res.picture.map(|x| BASE64_STANDARD.encode(x))
|
||||
))
|
||||
.unwrap()
|
||||
renderer.render(
|
||||
"pages/me/index",
|
||||
context!(
|
||||
user => user_res
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
pub async fn me_update_details_form(
|
||||
State(app_state): State<AppState>,
|
||||
Extension(renderer): Extension<TemplateRenderer>,
|
||||
Extension(token_claims): Extension<TokenClaims>
|
||||
) -> impl IntoResponse {
|
||||
|
||||
|
@ -39,12 +38,11 @@ pub async fn me_update_details_form(
|
|||
.await
|
||||
.expect("To get user from claim");
|
||||
|
||||
Html(
|
||||
app_state.templating_env.get_template("pages/me/details-form.html").unwrap()
|
||||
.render(context!(
|
||||
renderer.render(
|
||||
"pages/me/details-form",
|
||||
context!(
|
||||
user => user_res
|
||||
))
|
||||
.unwrap()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -64,10 +62,11 @@ struct UserDetailsUpdateForm {
|
|||
|
||||
pub async fn me_perform_update_details(
|
||||
State(app_state): State<AppState>,
|
||||
Extension(renderer): Extension<TemplateRenderer>,
|
||||
Extension(token_claims): Extension<TokenClaims>,
|
||||
TypedMultipart(details_update): TypedMultipart<UserDetailsUpdateForm>
|
||||
) -> impl IntoResponse {
|
||||
let template = app_state.templating_env.get_template("pages/me/details-form.html").unwrap();
|
||||
let template_path = "pages/me/details-form";
|
||||
|
||||
let update_res = sqlx::query("UPDATE users SET handle = $2, email = $3, full_name = $4, website = $5, picture = $6 WHERE id = $1")
|
||||
.bind(&token_claims.sub)
|
||||
|
@ -79,8 +78,6 @@ pub async fn me_perform_update_details(
|
|||
.execute(&app_state.db)
|
||||
.await;
|
||||
|
||||
dbg!(&update_res);
|
||||
|
||||
let user_res = sqlx::query_as::<_, User>("SELECT * FROM users WHERE id = $1")
|
||||
.bind(&token_claims.sub)
|
||||
.fetch_one(&app_state.db)
|
||||
|
@ -89,28 +86,23 @@ pub async fn me_perform_update_details(
|
|||
|
||||
match update_res {
|
||||
Ok(_) => {
|
||||
(
|
||||
StatusCode::OK,
|
||||
Html(
|
||||
template.render(context!(
|
||||
renderer.render(
|
||||
template_path,
|
||||
context!(
|
||||
success => true,
|
||||
user => user_res
|
||||
))
|
||||
.unwrap()
|
||||
)
|
||||
).into_response()
|
||||
)
|
||||
},
|
||||
Err(err) => {
|
||||
dbg!(&err);
|
||||
(
|
||||
StatusCode::BAD_REQUEST,
|
||||
Html(
|
||||
template.render(context!(
|
||||
renderer.render(
|
||||
template_path,
|
||||
context!(
|
||||
error => Some("Cannot update user details".to_string()),
|
||||
user => user_res
|
||||
)).unwrap()
|
||||
)
|
||||
).into_response()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@ pub mod cli;
|
|||
pub mod utils;
|
||||
pub mod services;
|
||||
pub mod middlewares;
|
||||
pub mod renderer;
|
||||
|
||||
use std::{env, fs};
|
||||
use anyhow::{Result, Context, anyhow};
|
||||
|
|
|
@ -1 +1,2 @@
|
|||
pub mod auth;
|
||||
pub mod renderer;
|
||||
|
|
17
src/middlewares/renderer.rs
Normal file
17
src/middlewares/renderer.rs
Normal file
|
@ -0,0 +1,17 @@
|
|||
use axum::{extract::{Request, State}, http::StatusCode, middleware::Next, response::Response, Extension};
|
||||
|
||||
use crate::{renderer::TemplateRenderer, server::AppState, services::session::{verify_token, TokenClaims}};
|
||||
|
||||
pub async fn renderer_middleware(
|
||||
State(app_state): State<AppState>,
|
||||
token_claims_ext: Option<Extension<TokenClaims>>,
|
||||
mut req: Request,
|
||||
next: Next,
|
||||
) -> Result<Response, StatusCode> {
|
||||
let renderer_instance = TemplateRenderer {
|
||||
env: app_state.templating_env,
|
||||
token_claims: token_claims_ext.map(|x| x.0)
|
||||
};
|
||||
req.extensions_mut().insert(renderer_instance);
|
||||
Ok(next.run(req).await)
|
||||
}
|
|
@ -27,4 +27,3 @@ struct User {
|
|||
last_login_at: Option<DateTime<Utc>>,
|
||||
created_at: DateTime<Utc>
|
||||
}
|
||||
|
||||
|
|
60
src/renderer.rs
Normal file
60
src/renderer.rs
Normal file
|
@ -0,0 +1,60 @@
|
|||
use axum::{extract::FromRef, http::{Response, StatusCode}, response::{Html, IntoResponse}, Extension};
|
||||
use fully_pub::fully_pub;
|
||||
use log::error;
|
||||
use minijinja::{context, Environment, Value};
|
||||
|
||||
use crate::{server::AppState, services::session::TokenClaims};
|
||||
|
||||
|
||||
#[derive(Clone)]
|
||||
#[fully_pub]
|
||||
struct TemplateRenderer {
|
||||
env: Environment<'static>,
|
||||
token_claims: Option<TokenClaims>
|
||||
}
|
||||
|
||||
impl TemplateRenderer {
|
||||
pub(crate) fn from_env(
|
||||
env: Environment<'static>,
|
||||
) -> Self {
|
||||
Self {
|
||||
env,
|
||||
token_claims: None
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn from_token_claims(
|
||||
app_state: AppState,
|
||||
token_claims: TokenClaims
|
||||
) -> Self {
|
||||
Self {
|
||||
env: app_state.templating_env,
|
||||
token_claims: Some(token_claims)
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn render(&self, name: &str, ctx: Value) -> impl IntoResponse {
|
||||
match self
|
||||
.env
|
||||
.get_template(&format!("{name}.html"))
|
||||
.and_then(|tmpl| tmpl.render(context! { token_claims => self.token_claims, ..ctx }))
|
||||
{
|
||||
Ok(content) => Html(content).into_response(),
|
||||
Err(err) => {
|
||||
dbg!(err);
|
||||
error!("FATAL: Failed to render template {}", name);
|
||||
(StatusCode::INTERNAL_SERVER_ERROR, "Internal server error").into_response()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn render_with_status(&self, status: StatusCode, name: &str, ctx: Value) -> impl IntoResponse {
|
||||
let mut res = self.render(name, ctx).into_response();
|
||||
if res.status().is_server_error() {
|
||||
return res
|
||||
}
|
||||
*res.status_mut() = status;
|
||||
return res;
|
||||
}
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
use axum::{middleware, routing::{get, post}, Router};
|
||||
use tower_http::services::ServeDir;
|
||||
|
||||
use crate::{controllers::ui, middlewares::auth::auth_middleware, server::{AppState, ServerConfig}};
|
||||
use crate::{controllers::ui, middlewares::{auth::auth_middleware, renderer::renderer_middleware}, server::{AppState, ServerConfig}};
|
||||
|
||||
pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router<AppState> {
|
||||
let public_routes = Router::new()
|
||||
|
@ -17,11 +17,12 @@ pub fn build_router(server_config: &ServerConfig, app_state: AppState) -> Router
|
|||
.route("/me/details-form", post(ui::me::me_perform_update_details))
|
||||
.route("/logout", get(ui::logout::perform_logout))
|
||||
.route("/authorize", get(ui::authorize::authorize_form))
|
||||
.layer(middleware::from_fn_with_state(app_state, auth_middleware));
|
||||
.layer(middleware::from_fn_with_state(app_state.clone(), auth_middleware));
|
||||
|
||||
Router::new()
|
||||
.merge(public_routes)
|
||||
.merge(user_routes)
|
||||
.layer(middleware::from_fn_with_state(app_state, renderer_middleware))
|
||||
.nest_service(
|
||||
"/assets",
|
||||
ServeDir::new(server_config.assets_path.clone())
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
use base64::{prelude::BASE64_STANDARD, Engine};
|
||||
use fully_pub::fully_pub;
|
||||
use anyhow::{Result, Context};
|
||||
use log::info;
|
||||
|
@ -13,6 +14,9 @@ fn build_templating_env(config: &Config) -> Environment<'static> {
|
|||
env.add_global("gl", context! {
|
||||
instance => config.instance
|
||||
});
|
||||
env.add_function("encode_b64str", |bin_val: Vec<u8>| {
|
||||
BASE64_STANDARD.encode(bin_val)
|
||||
});
|
||||
env
|
||||
}
|
||||
|
||||
|
|
|
@ -5,23 +5,26 @@
|
|||
<div class="collapse navbar-collapse">
|
||||
<ul class="navbar-nav me-auto">
|
||||
<li class="nav-item">
|
||||
<a class="nav-link active" aria-current="page" href="#">Home</a>
|
||||
<a class="nav-link active" aria-current="page" href="/">Home</a>
|
||||
</li>
|
||||
</ul>
|
||||
<ul class="navbar-nav">
|
||||
|
||||
{% if token_claims is not defined %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/login">Login</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/register">Register</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
{% if token_claims is defined %}
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/me">Me</a>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a class="nav-link" href="/logout">Logout</a>
|
||||
</li>
|
||||
{% endif %}
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -7,8 +7,14 @@
|
|||
</div>
|
||||
{% endif %}
|
||||
<form id="authorize-form" method="post">
|
||||
<input id="keep_session" type="checkbox" class="form-check-input">
|
||||
<label class="form-check-label" for="keep_session">Check me out</label>
|
||||
<h1>Do you authorize this app?</h1>
|
||||
<ul>
|
||||
<li>App name: </li>
|
||||
<li>Permisions: read basics</li>
|
||||
</ul>
|
||||
<input type="hidden" name="client_id" value="" />
|
||||
<input type="hidden" name="scope" value="" />
|
||||
<input type="hidden" name="state" value="" />
|
||||
|
||||
<button type="submit" class="btn btn-primary">Authorize</button>
|
||||
</form>
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
<a href="/me/details-form">Update details</a>
|
||||
|
||||
<p>
|
||||
{% if user_picture %}
|
||||
<img src="data:image/*;base64,{{ user_picture }}" style="width: 150px; height: 150px; object-fit: contain">
|
||||
{% if user.picture %}
|
||||
<img src="data:image/*;base64,{{ encode_b64str(user.picture) }}" style="width: 150px; height: 150px; object-fit: contain">
|
||||
{% endif %}
|
||||
<ul>
|
||||
<li>
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
class="form-control"
|
||||
/>
|
||||
</div>
|
||||
<div>
|
||||
<div class="mb-3">
|
||||
<label for="email">Email</label>
|
||||
<input
|
||||
id="email" name="email" type="email"
|
||||
|
@ -32,7 +32,7 @@
|
|||
class="form-control"
|
||||
/>
|
||||
</div>
|
||||
<div>
|
||||
<div class="mb-3">
|
||||
<label for="password">Password</label>
|
||||
<input
|
||||
id="password" name="password" type="password"
|
||||
|
|
Loading…
Reference in a new issue