kochab/src/user_management/routes.rs

use anyhow::Result;
use tokio::net::ToSocketAddrs;
use serde::{Serialize, de::DeserializeOwned};

use crate::{Document, Request, Response};
use crate::types::document::HeadingLevel;
use crate::user_management::{User, RegisteredUser, UserManagerError};

const UNAUTH: &str = include_str!("pages/unauth.gmi");
const NSI: &str = include_str!("pages/nsi.gmi");

/// Import this trait to use [`add_um_routes()`](Self::add_um_routes())
pub trait UserManagementRoutes: private::Sealed {
    /// Add pre-configured routes to the serve to handle authentication
    ///
    /// Specifically, the following routes are added:
    /// * `/account`, the main settings & login page
    /// * `/account/askcert`, a page which always prompts for a certificate
    /// * `/account/register`, for users to register a new account
    /// * `/account/login`, for users to link their certificate to an existing account
    /// * `/account/password`, to change the user's password
    ///
    /// If this method is used, no more routes should be added under `/account`.  If you
    /// would like to direct a user to login from your application, you should send them
    /// to `/account`, which will start the login/registration flow.
    ///
    /// The `redir` argument allows you to specify the point that users will be directed
    /// to return to once their account has been created.
    fn add_um_routes<UserData: Serialize + DeserializeOwned + Default + 'static>(self, redir: &'static str) -> Self;
}

impl<A: ToSocketAddrs> UserManagementRoutes for crate::Builder<A> {
    /// Add pre-configured routes to the serve to handle authentication
    ///
    /// See [`UserManagementRoutes`]
    fn add_um_routes<UserData: Serialize + DeserializeOwned + Default + 'static>(self, redir: &'static str) -> Self {
        self.add_route("/account", move|r|handle_base::<UserData>(r, redir))
            .add_route("/account/askcert", move|r|handle_ask_cert::<UserData>(r, redir))
            .add_route("/account/register", move|r|handle_register::<UserData>(r, redir))
            .add_route("/account/login", move|r|handle_login::<UserData>(r, redir))
            .add_route("/account/password", handle_password::<UserData>)
    }
}

async fn handle_base<UserData: Serialize + DeserializeOwned>(request: Request, redirect: &'static str) -> Result<Response> {
    Ok(match request.user::<UserData>()? {
        User::Unauthenticated => {
            Response::success_gemini(UNAUTH)
        },
        User::NotSignedIn(_) => {
            Response::success_gemini(NSI)
        },
        User::SignedIn(user) => {
            render_settings_menu(user, redirect)
        },
    })
}

async fn handle_ask_cert<UserData: Serialize + DeserializeOwned>(request: Request, redirect: &'static str) -> Result<Response> {
    Ok(match request.user::<UserData>()? {
        User::Unauthenticated => {
            Response::client_certificate_required()
        },
        User::NotSignedIn(_) => {
            Response::success_gemini(include_str!("pages/askcert/success.gmi"))
        },
        User::SignedIn(user) => {
            Response::success_gemini(format!(
                include_str!("pages/askcert/exists.gmi"),
                username = user.username(),
                redirect = redirect,
            ))
        },
    })
}

async fn handle_register<UserData: Serialize + DeserializeOwned + Default>(request: Request, redirect: &'static str) -> Result<Response> {
    Ok(match request.user::<UserData>()? {
        User::Unauthenticated => {
            Response::success_gemini(UNAUTH)
        },
        User::NotSignedIn(nsi) => {
            if let Some(username) = request.input() {
                match nsi.register::<UserData>(username.to_owned()) {
                    Err(UserManagerError::UsernameNotUnique) => {
                        Response::success_gemini(format!(
                            include_str!("pages/register/exists.gmi"),
                            username = username,
                        ))
                    },
                    Ok(_) => {
                        Response::success_gemini(format!(
                            include_str!("pages/register/success.gmi"),
                            username = username,
                            redirect = redirect,
                        ))
                    },
                    Err(e) => return Err(e.into())
                }
            } else {
                Response::input_lossy("Please pick a username")
            }
        },
        User::SignedIn(user) => {
            render_settings_menu(user, redirect)
        },
    })
}

async fn handle_login<UserData: Serialize + DeserializeOwned + Default>(request: Request, redirect: &'static str) -> Result<Response> {
    Ok(match request.user::<UserData>()? {
        User::Unauthenticated => {
            Response::success_gemini(UNAUTH)
        },
        User::NotSignedIn(nsi) => {
            if let Some(username) = request.trailing_segments().get(0) {
                if let Some(password) = request.input() {
                    match nsi.attach::<UserData>(username, Some(password.as_bytes())) {
                        Err(UserManagerError::PasswordNotSet) | Ok(None) => {
                            Response::success_gemini(format!(
                                include_str!("pages/login/wrong.gmi"),
                                username = username,
                            ))
                        },
                        Ok(_) => {
                            Response::success_gemini(format!(
                                include_str!("pages/login/success.gmi"),
                                username = username,
                                redirect = redirect,
                            ))
                        },
                        Err(e) => return Err(e.into()),
                    }
                } else {
                    Response::input_lossy("Please enter your password")
                }
            } else if let Some(username) = request.input() {
                Response::redirect_temporary_lossy(
                    format!("/account/login/{}", username).as_str()
                )
            } else {
                Response::input_lossy("Please enter your username")
            }
        },
        User::SignedIn(user) => {
            render_settings_menu(user, redirect)
        },
    })
}

async fn handle_password<UserData: Serialize + DeserializeOwned + Default>(request: Request) -> Result<Response> {
    Ok(match request.user::<UserData>()? {
        User::Unauthenticated => {
            Response::success_gemini(UNAUTH)
        },
        User::NotSignedIn(_) => {
            Response::success_gemini(NSI)
        },
        User::SignedIn(mut user) => {
            if let Some(password) = request.input() {
                user.set_password(password)?;
                Response::success_gemini(include_str!("pages/password/success.gmi"))
            } else {
                Response::input(
                    format!("Please enter a {}password",
                        if user.has_password() {
                            "new "
                        } else {
                            ""
                        }
                    )
                )?
            }
        },
    })
}


fn render_settings_menu<UserData: Serialize + DeserializeOwned>(
    user: RegisteredUser<UserData>,
    redirect: &str
) -> Response {
    Document::new()
        .add_heading(HeadingLevel::H1, "User Settings")
        .add_blank_line()
        .add_text(&format!("Welcome {}!", user.username()))
        .add_blank_line()
        .add_link(redirect, "Back to the app")
        .add_blank_line()
        .add_text(
            if user.has_password() {
                concat!(
                "You currently have a password set.  This can be used to link any new",
                " certificates or clients to your account.  If you don't remember your",
                " password, or would like to change it, you may do so here.",
                )
            } else {
                concat!(
                "You don't currently have a password set!  Without a password, you cannot",
                " link any new certificates to your account, and if you lose your current",
                " client or certificate, you won't be able to recover your account.",
                )
            }
        )
        .add_blank_line()
        .add_link("/account/password", if user.has_password() { "Change password" } else { "Set password" })
        .into()
}

mod private {
    pub trait Sealed {}
    impl<A> Sealed for crate::Builder<A> {}
}
Add user management routes 2020-11-22 04:03:56 +00:00			`use anyhow::Result;`
			`use tokio::net::ToSocketAddrs;`
			`use serde::{Serialize, de::DeserializeOwned};`

Add password management facilities 2020-11-22 05:43:15 +00:00			`use crate::{Document, Request, Response};`
			`use crate::types::document::HeadingLevel;`
Add user management routes 2020-11-22 04:03:56 +00:00			`use crate::user_management::{User, RegisteredUser, UserManagerError};`

			`const UNAUTH: &str = include_str!("pages/unauth.gmi");`
Add password management facilities 2020-11-22 05:43:15 +00:00			`const NSI: &str = include_str!("pages/nsi.gmi");`
Add user management routes 2020-11-22 04:03:56 +00:00
Add docs for add_um_routes 2020-11-22 06:05:34 +00:00			/// Import this trait to use [`add_um_routes()`](Self::add_um_routes())
Add user management routes 2020-11-22 04:03:56 +00:00			`pub trait UserManagementRoutes: private::Sealed {`
Add docs for add_um_routes 2020-11-22 06:05:34 +00:00			`/// Add pre-configured routes to the serve to handle authentication`
			`///`
			`/// Specifically, the following routes are added:`
			/// * `/account`, the main settings & login page
			/// * `/account/askcert`, a page which always prompts for a certificate
			/// * `/account/register`, for users to register a new account
			/// * `/account/login`, for users to link their certificate to an existing account
			/// * `/account/password`, to change the user's password
			`///`
			/// If this method is used, no more routes should be added under `/account`. If you
			`/// would like to direct a user to login from your application, you should send them`
			/// to `/account`, which will start the login/registration flow.
			`///`
			/// The `redir` argument allows you to specify the point that users will be directed
			`/// to return to once their account has been created.`
Add user management routes 2020-11-22 04:03:56 +00:00			`fn add_um_routes<UserData: Serialize + DeserializeOwned + Default + 'static>(self, redir: &'static str) -> Self;`
			`}`

			`impl<A: ToSocketAddrs> UserManagementRoutes for crate::Builder<A> {`
Add docs for add_um_routes 2020-11-22 06:05:34 +00:00			`/// Add pre-configured routes to the serve to handle authentication`
			`///`
			/// See [`UserManagementRoutes`]
Add user management routes 2020-11-22 04:03:56 +00:00			`fn add_um_routes<UserData: Serialize + DeserializeOwned + Default + 'static>(self, redir: &'static str) -> Self {`
			`self.add_route("/account", move\|r\|handle_base::<UserData>(r, redir))`
			`.add_route("/account/askcert", move\|r\|handle_ask_cert::<UserData>(r, redir))`
			`.add_route("/account/register", move\|r\|handle_register::<UserData>(r, redir))`
			`.add_route("/account/login", move\|r\|handle_login::<UserData>(r, redir))`
Add password management facilities 2020-11-22 05:43:15 +00:00			`.add_route("/account/password", handle_password::<UserData>)`
Add user management routes 2020-11-22 04:03:56 +00:00			`}`
			`}`

			`async fn handle_base<UserData: Serialize + DeserializeOwned>(request: Request, redirect: &'static str) -> Result<Response> {`
			`Ok(match request.user::<UserData>()? {`
			`User::Unauthenticated => {`
			`Response::success_gemini(UNAUTH)`
			`},`
			`User::NotSignedIn(_) => {`
Add password management facilities 2020-11-22 05:43:15 +00:00			`Response::success_gemini(NSI)`
Add user management routes 2020-11-22 04:03:56 +00:00			`},`
			`User::SignedIn(user) => {`
			`render_settings_menu(user, redirect)`
			`},`
			`})`
			`}`

			`async fn handle_ask_cert<UserData: Serialize + DeserializeOwned>(request: Request, redirect: &'static str) -> Result<Response> {`
			`Ok(match request.user::<UserData>()? {`
			`User::Unauthenticated => {`
			`Response::client_certificate_required()`
			`},`
			`User::NotSignedIn(_) => {`
			`Response::success_gemini(include_str!("pages/askcert/success.gmi"))`
			`},`
			`User::SignedIn(user) => {`
			`Response::success_gemini(format!(`
			`include_str!("pages/askcert/exists.gmi"),`
			`username = user.username(),`
			`redirect = redirect,`
			`))`
			`},`
			`})`
			`}`

			`async fn handle_register<UserData: Serialize + DeserializeOwned + Default>(request: Request, redirect: &'static str) -> Result<Response> {`
			`Ok(match request.user::<UserData>()? {`
			`User::Unauthenticated => {`
			`Response::success_gemini(UNAUTH)`
			`},`
			`User::NotSignedIn(nsi) => {`
			`if let Some(username) = request.input() {`
			`match nsi.register::<UserData>(username.to_owned()) {`
			`Err(UserManagerError::UsernameNotUnique) => {`
			`Response::success_gemini(format!(`
			`include_str!("pages/register/exists.gmi"),`
			`username = username,`
			`))`
			`},`
			`Ok(_) => {`
			`Response::success_gemini(format!(`
			`include_str!("pages/register/success.gmi"),`
			`username = username,`
			`redirect = redirect,`
			`))`
			`},`
			`Err(e) => return Err(e.into())`
			`}`
			`} else {`
			`Response::input_lossy("Please pick a username")`
			`}`
			`},`
			`User::SignedIn(user) => {`
			`render_settings_menu(user, redirect)`
			`},`
			`})`
			`}`

			`async fn handle_login<UserData: Serialize + DeserializeOwned + Default>(request: Request, redirect: &'static str) -> Result<Response> {`
			`Ok(match request.user::<UserData>()? {`
			`User::Unauthenticated => {`
			`Response::success_gemini(UNAUTH)`
			`},`
			`User::NotSignedIn(nsi) => {`
			`if let Some(username) = request.trailing_segments().get(0) {`
			`if let Some(password) = request.input() {`
			`match nsi.attach::<UserData>(username, Some(password.as_bytes())) {`
			`Err(UserManagerError::PasswordNotSet) \| Ok(None) => {`
			`Response::success_gemini(format!(`
			`include_str!("pages/login/wrong.gmi"),`
			`username = username,`
			`))`
			`},`
			`Ok(_) => {`
			`Response::success_gemini(format!(`
			`include_str!("pages/login/success.gmi"),`
			`username = username,`
			`redirect = redirect,`
			`))`
			`},`
			`Err(e) => return Err(e.into()),`
			`}`
			`} else {`
			`Response::input_lossy("Please enter your password")`
			`}`
			`} else if let Some(username) = request.input() {`
			`Response::redirect_temporary_lossy(`
			`format!("/account/login/{}", username).as_str()`
			`)`
			`} else {`
			`Response::input_lossy("Please enter your username")`
			`}`
			`},`
			`User::SignedIn(user) => {`
			`render_settings_menu(user, redirect)`
			`},`
			`})`
			`}`

Add password management facilities 2020-11-22 05:43:15 +00:00			`async fn handle_password<UserData: Serialize + DeserializeOwned + Default>(request: Request) -> Result<Response> {`
			`Ok(match request.user::<UserData>()? {`
			`User::Unauthenticated => {`
			`Response::success_gemini(UNAUTH)`
			`},`
			`User::NotSignedIn(_) => {`
			`Response::success_gemini(NSI)`
			`},`
			`User::SignedIn(mut user) => {`
			`if let Some(password) = request.input() {`
			`user.set_password(password)?;`
			`Response::success_gemini(include_str!("pages/password/success.gmi"))`
			`} else {`
			`Response::input(`
			`format!("Please enter a {}password",`
			`if user.has_password() {`
			`"new "`
			`} else {`
			`""`
			`}`
			`)`
			`)?`
			`}`
			`},`
			`})`
			`}`


Add user management routes 2020-11-22 04:03:56 +00:00			`fn render_settings_menu<UserData: Serialize + DeserializeOwned>(`
			`user: RegisteredUser<UserData>,`
			`redirect: &str`
			`) -> Response {`
Add password management facilities 2020-11-22 05:43:15 +00:00			`Document::new()`
			`.add_heading(HeadingLevel::H1, "User Settings")`
			`.add_blank_line()`
			`.add_text(&format!("Welcome {}!", user.username()))`
			`.add_blank_line()`
			`.add_link(redirect, "Back to the app")`
			`.add_blank_line()`
			`.add_text(`
			`if user.has_password() {`
			`concat!(`
			`"You currently have a password set. This can be used to link any new",`
			`" certificates or clients to your account. If you don't remember your",`
			`" password, or would like to change it, you may do so here.",`
			`)`
			`} else {`
			`concat!(`
			`"You don't currently have a password set! Without a password, you cannot",`
			`" link any new certificates to your account, and if you lose your current",`
			`" client or certificate, you won't be able to recover your account.",`
			`)`
			`}`
			`)`
			`.add_blank_line()`
			`.add_link("/account/password", if user.has_password() { "Change password" } else { "Set password" })`
			`.into()`
Add user management routes 2020-11-22 04:03:56 +00:00			`}`

			`mod private {`
			`pub trait Sealed {}`
			`impl<A> Sealed for crate::Builder<A> {}`
			`}`