FUCFD4UVRUXDHG24MYEHF2E5E23BIFVKTRGLNBPBVKFLONVSMHTAC
6CFNBL5LBZNP7CHANCXUZY5RQYREPSR6SQIKIWFLFXS4JU26KIWAC
KDYHFAE3GPCISJYGND4OIPAHUJNPRPEERNJIEY7WSEUCR6IE7TJAC
AAUEQMCPNZTYGMT3Y4VFPCECYSMRTFGDVLJPAYQLJUPGDRWGQR2AC
65A3LIWUS7UNMIHACC7ED6SSSSGQMKW4SAHQLXMT2YT6PFJ7KVUQC
EVP2FSBHQUCAXQ6IIMBD6IS24ODKHP6HFWYCHIMYG6KOFRQG3RVQC
WVHXYKCVPKAFVMXBEMD3IHG54RKOIDSOCVNR3OIPEZQG36IGYJZQC
HZDCKIXQ3LCD7YPL7ZZBCRMD7YMKDJ2QAALETTG3FYMBF4TNFUBAC
HDHALX3UK5VSU7WBDWSVF37QG5OBCIOLFGP5PQTGBQFOARZOKWMQC
TRBYOQBIJPJ72SX3TPI2OAKBUQH6FWVHTKT45LS2HVMBCAWCTULQC
3HT5CE6SDTPZAV7EN6FDMY2744JVFJCXHZXEQLK6IEFGPRGSBTXAC
QEK76JYTPKWAN3OIY3U24HMVEIX2GYTEWHII7AD7TUIGTY36DIAAC
2MPJPGRYNR4BD4H6OS2PKQTFBBYQZSD5ISQ762VEJFDAE5MMXULQC
WLWTNO4YJ4VBMJYVTP2LGPFQAJTOB524BD5INJFA44X2FKAX76DQC
4MZ4VIR7FU3PQ3WKJI6TJIKYOIIBODFEPKLMQ32S4AKPZSDFO6AQC
DGGFYSEG2LV5QWDFVI4LZN57Z7IJDV5CR7PDR6K7C55TQNRAWRKAC
S6MX4MFOHET5CZ4LEWCWZJ77K4CG34QCU77OQ4KNWJGD52UNDV4AC
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="alternate" type="application/rss+xml" href="static/rss.xml" title="Multiplayer FreeOrion server news" />
<link rel="stylesheet" type="text/css" href="static/style.css" />
<title>Welcome to public multiplayer FreeOrion server!</title>
</head>
<body>
{{> header}}
<div class="content">
<h1>Log In</h1>
<form id="login" action="login.do" method="post">
<fieldset>
<legend>Enter contact data to request password change:</legend>
<div>
<label for="login">Username:</label>
<input name="login" id="login" type="text" placeholder="Username" required autofocus />
</div>
<div>
<label for="password">Password:</label>
<input name="password" id="password" type="password" placeholder="Password" required autofocus />
</div>
<input name="csrf" type="hidden" value="{{ csrf }}">
<input name="submit" type="submit" value="Log In">
</fieldset>
</form>
</div>
{{> footer}}
</body>
</html>
}
pub fn request_to_jar(request: HttpRequest) -> cookie::CookieJar {
let mut jar = cookie::CookieJar::new();
match request.cookies() {
Ok(cookies) => {
for cookie in &*cookies {
jar.add_original(cookie.clone());
}
}
Err(e) => {
log::error!("Cann't get cookies from request: {}", e);
}
}
jar
use actix_web::http::header;
use actix_web::{cookie, web, HttpResponse};
use crate::WebData;
pub async fn log_out(data: web::Data<WebData<'_>>) -> HttpResponse {
let mut response = HttpResponse::Found()
.append_header((header::LOCATION, "index.html"))
.finish();
let mut builder = cookie::Cookie::build("auth", "").path("/");
if data.set_cookie_domain {
builder = builder.domain(data.base_domain.to_string());
}
if let Err(e) = response.add_removal_cookie(&builder.finish()) {
log::error!("Cann't set cookie {}", e);
}
response
}
use actix_web::http::header;
use actix_web::{cookie, web, HttpRequest, HttpResponse};
use uuid::Uuid;
use crate::pages::templates::LOG_IN;
use crate::pages::{insert_security_headers, request_to_jar};
use crate::{DataBaseRo, WebData};
#[derive(serde_derive::Serialize)]
struct PageData {
csrf: Uuid,
}
#[derive(serde_derive::Deserialize)]
pub struct FormData {
login: String,
password: String,
csrf: Uuid,
}
pub async fn get_log_in(data: web::Data<WebData<'_>>) -> HttpResponse {
let csrf = Uuid::new_v4();
{
let mut cache = data.cache_login.lock().await;
cache.insert(
csrf,
(),
std::time::Duration::from_secs(data.cache_duration_sec),
);
}
let body = match data.handlebars.render(LOG_IN, &PageData { csrf }) {
Ok(b) => b,
Err(e) => {
log::error!("Render login error: {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
insert_security_headers(HttpResponse::Ok()).body(body)
}
pub async fn post_log_in(
request: HttpRequest,
form: web::Form<FormData>,
data: web::Data<WebData<'_>>,
data_ro: web::Data<DataBaseRo>,
) -> HttpResponse {
let cached_data = {
let mut cache = data.cache_login.lock().await;
cache.remove(&form.csrf)
};
if cached_data.is_none() {
log::warn!("Unknown data for CSRF: {}", form.csrf);
return HttpResponse::BadRequest().body("Incorrect");
}
let dbclient = match data_ro.0.get().await {
Ok(c) => c,
Err(e) => {
log::error!("Pool RO error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let stmt = match dbclient.prepare("select web_password = crypt($1, web_password) from auth.users where player_name = $2 limit 1;").await {
Ok(stmt) => stmt,
Err(e) => {
log::error!("Pool RO statement error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let rows = match dbclient
.query_opt(&stmt, &[&form.password, &form.login])
.await
{
Ok(rows) => rows,
Err(e) => {
log::error!("Pool RO query error {}", e);
return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
}
};
let row = match rows {
Some(row) => row,
None => {
return HttpResponse::NotFound().body("Not found");
}
};
if !row.get::<_, bool>(0) {
return HttpResponse::NotFound().body("Not found");
}
let mut jar = request_to_jar(request);
let mut builder = cookie::Cookie::build("auth", form.login.clone())
.path("/")
.secure(true)
.http_only(true)
.same_site(cookie::SameSite::Strict)
.max_age(cookie::time::Duration::weeks(4));
if data.set_cookie_domain {
builder = builder.domain(data.base_domain.to_string());
}
jar.private_mut(&data.cookies_key).add(builder.finish());
let mut response = HttpResponse::Found()
.append_header((header::LOCATION, "index.html"))
.finish();
if let Some(c) = jar.get("auth") {
if let Err(e) = response.add_cookie(c) {
log::error!("Cann't set cookie {}", e);
}
}
response
}
pub async fn index(data: web::Data<WebData<'_>>) -> HttpResponse {
let body = match data.handlebars.render(INDEX, &()) {
#[derive(serde_derive::Serialize)]
struct PageData {
pub common_auth_info: CommonAuthInfo,
}
pub async fn index(request: HttpRequest, data: web::Data<WebData<'_>>) -> HttpResponse {
let jar = request_to_jar(request);
let user = jar
.private(&data.cookies_key)
.get("auth")
.map(|x| x.value().to_string());
let body = match data.handlebars.render(
INDEX,
&PageData {
common_auth_info: CommonAuthInfo { user },
},
) {
fn request_to_jar(request: HttpRequest) -> cookie::CookieJar {
let mut jar = cookie::CookieJar::new();
match request.cookies() {
Ok(cookies) => {
for cookie in &*cookies {
jar.add_original(cookie.clone());
}
}
Err(e) => {
log::error!("Cann't get cookies from request: {}", e);
}
}
jar
}