Fixed login/logout

2019-10-21 17:16:28 -04:00 · 2019-10-21 17:16:28 -04:00 · 5562820c14
parent a1b0df5aaa
commit 5562820c14
2 changed files with 10 additions and 10 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -6,6 +6,7 @@ extern crate serde;
 #[cfg_attr(not(feature = "dev"), macro_use)]
 extern crate diesel_migrations;

+use actix_identity::{CookieIdentityPolicy, IdentityService};
 use actix_web::{web, App, FromRequest, HttpServer};
 use diesel::{
    r2d2::{self, ConnectionManager},
@ -77,6 +78,11 @@ fn main() {
            .data(pool.clone())
            .data(config.clone())
            .data(token_hash.clone())
+            .wrap(IdentityService::new(
+                CookieIdentityPolicy::new(&[0; 32])
+                    .name("filite-auth-cookie")
+                    .secure(false),
+            ))
            .wrap(setup::logger_middleware())
            .route("/login", web::get().to(routes::login))
            .route("/logout", web::get().to(routes::logout))
--- a/src/routes.rs
+++ b/src/routes.rs
@ -143,9 +143,7 @@ pub fn login(
    token_hash: web::Data<Vec<u8>>,
 ) -> impl Responder {
    if identity.identity().is_some() {
-        return HttpResponse::Found()
-            .header("Location", request.uri().to_string().replace("/login", ""))
-            .finish();
+        return HttpResponse::Found().header("Location", "..").finish();
    }

    let header = match request.headers().get("Authorization") {
@ -176,9 +174,7 @@ pub fn login(
        true => match String::from_utf8(user.to_vec()) {
            Ok(u) => {
                identity.remember(u);
-                HttpResponse::Found()
-                    .header("Location", request.uri().to_string().replace("/login", ""))
-                    .finish()
+                HttpResponse::Found().header("Location", "..").finish()
            }
            Err(_) => HttpResponse::BadRequest().finish(),
        },
@ -189,13 +185,11 @@ pub fn login(
 }

 /// Logout route
-pub fn logout(request: HttpRequest, identity: Identity) -> impl Responder {
+pub fn logout(identity: Identity) -> impl Responder {
    match identity.identity().is_some() {
        true => {
            identity.forget();
-            HttpResponse::Found()
-                .header("Location", request.uri().to_string().replace("/login", ""))
-                .finish()
+            HttpResponse::Found().header("Location", "..").finish()
        }
        false => HttpResponse::Unauthorized()
            .header("WWW-Authenticate", "Bearer realm=\"filite\"")