O01eg/freeorion-test-web - Change FUCFD4UVRUXDHG24MYEHF2E5E23BIFVKTRGLNBPBVKFLONVSMHTAC

Add log in and log out support

Created by O01eg on October 14, 2022

FUCFD4UVRUXDHG24MYEHF2E5E23BIFVKTRGLNBPBVKFLONVSMHTAC

Dependencies

In channels

main

Change contents

Replacement in src/templates/sub/header.html at line 5 [4.36]

B:BD[4.147] → [4.147:162]

Log In Log Out

[4.147]

[4.162]

    {{#if common_auth_info.user}}
        Hello, {{ common_auth_info.user }}
        <form id="logout" action="logout.do" method="post"><input name="submit" type="submit" value="Log Out"></form>
    {{else}}
        <a href="login.html">Log In</a>
    {{/if}}

File addition: login.html (----------)

[5.12]

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<link rel="alternate" type="application/rss+xml" href="static/rss.xml" title="Multiplayer FreeOrion server news" />
<link rel="stylesheet" type="text/css" href="static/style.css" />
<title>Welcome to public multiplayer FreeOrion server!</title>
</head>
<body>
{{> header}}
<div class="content">
<h1>Log In</h1>
<form id="login" action="login.do" method="post">
<fieldset>
	<legend>Enter contact data to request password change:</legend>
	<div>
		<label for="login">Username:</label>
		<input name="login" id="login" type="text" placeholder="Username" required autofocus />
	</div>
    <div>
        <label for="password">Password:</label>
        <input name="password" id="password" type="password" placeholder="Password" required autofocus />
    </div>
	<input name="csrf" type="hidden" value="{{ csrf }}">
	<input name="submit" type="submit" value="Log In">
</fieldset>
</form>
</div>
{{> footer}}
</body>
</html>

Replacement in src/pages/mod.rs at line 1 [6.50]

B:BD[6.50] → [2.208:244]

use actix_web::HttpResponseBuilder;

[6.50]

[7.383]

use actix_web::{cookie, HttpRequest, HttpResponseBuilder};

Insertion in src/pages/mod.rs at line 10 [6.50]
[6.66]
[8.1060]
```
pub mod log_in;
pub mod log_out;
```
Insertion in src/pages/mod.rs at line 25 [6.50]
[9.744]
[9.744]
```
    pub const LOG_IN: &str = "log-in";
```

Insertion in src/pages/mod.rs at line 36 [6.50]

[8.1367]

[7.414]

#[derive(serde_derive::Serialize)]
pub struct CommonAuthInfo {
    pub user: Option<String>,
}

Insertion in src/pages/mod.rs at line 46 [6.50]
[10.2179]
[11.140]
```
    pub cache_login: Mutex<TtlCache<Uuid, ()>>,
```

Insertion in src/pages/mod.rs at line 70 [6.50]

[2.834]

}
pub fn request_to_jar(request: HttpRequest) -> cookie::CookieJar {
    let mut jar = cookie::CookieJar::new();
    match request.cookies() {
        Ok(cookies) => {
            for cookie in &*cookies {
                jar.add_original(cookie.clone());
            }
        }
        Err(e) => {
            log::error!("Cann't get cookies from request: {}", e);
        }
    }
    jar

File addition: log_out.rs (----------)

[6.17]

use actix_web::http::header;
use actix_web::{cookie, web, HttpResponse};
use crate::WebData;
pub async fn log_out(data: web::Data<WebData<'_>>) -> HttpResponse {
    let mut response = HttpResponse::Found()
        .append_header((header::LOCATION, "index.html"))
        .finish();
    let mut builder = cookie::Cookie::build("auth", "").path("/");
    if data.set_cookie_domain {
        builder = builder.domain(data.base_domain.to_string());
    }
    if let Err(e) = response.add_removal_cookie(&builder.finish()) {
        log::error!("Cann't set cookie {}", e);
    }
    response
}

File addition: log_in.rs (----------)

[6.17]

use actix_web::http::header;
use actix_web::{cookie, web, HttpRequest, HttpResponse};
use uuid::Uuid;
use crate::pages::templates::LOG_IN;
use crate::pages::{insert_security_headers, request_to_jar};
use crate::{DataBaseRo, WebData};
#[derive(serde_derive::Serialize)]
struct PageData {
    csrf: Uuid,
}
#[derive(serde_derive::Deserialize)]
pub struct FormData {
    login: String,
    password: String,
    csrf: Uuid,
}
pub async fn get_log_in(data: web::Data<WebData<'_>>) -> HttpResponse {
    let csrf = Uuid::new_v4();
    {
        let mut cache = data.cache_login.lock().await;
        cache.insert(
            csrf,
            (),
            std::time::Duration::from_secs(data.cache_duration_sec),
        );
    }
    let body = match data.handlebars.render(LOG_IN, &PageData { csrf }) {
        Ok(b) => b,
        Err(e) => {
            log::error!("Render login error: {}", e);
            return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
        }
    };
    insert_security_headers(HttpResponse::Ok()).body(body)
}
pub async fn post_log_in(
    request: HttpRequest,
    form: web::Form<FormData>,
    data: web::Data<WebData<'_>>,
    data_ro: web::Data<DataBaseRo>,
) -> HttpResponse {
    let cached_data = {
        let mut cache = data.cache_login.lock().await;
        cache.remove(&form.csrf)
    };
    if cached_data.is_none() {
        log::warn!("Unknown data for CSRF: {}", form.csrf);
        return HttpResponse::BadRequest().body("Incorrect");
    }
    let dbclient = match data_ro.0.get().await {
        Ok(c) => c,
        Err(e) => {
            log::error!("Pool RO error {}", e);
            return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
        }
    };
    let stmt = match dbclient.prepare("select web_password = crypt($1, web_password) from auth.users where player_name = $2 limit 1;").await {
        Ok(stmt) => stmt,
        Err(e) => {
            log::error!("Pool RO statement error {}", e);
            return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
        }
    };
    let rows = match dbclient
        .query_opt(&stmt, &[&form.password, &form.login])
        .await
    {
        Ok(rows) => rows,
        Err(e) => {
            log::error!("Pool RO query error {}", e);
            return HttpResponse::ServiceUnavailable().body(actix_web::body::None::new());
        }
    };
    let row = match rows {
        Some(row) => row,
        None => {
            return HttpResponse::NotFound().body("Not found");
        }
    };
    if !row.get::<_, bool>(0) {
        return HttpResponse::NotFound().body("Not found");
    }
    let mut jar = request_to_jar(request);
    let mut builder = cookie::Cookie::build("auth", form.login.clone())
        .path("/")
        .secure(true)
        .http_only(true)
        .same_site(cookie::SameSite::Strict)
        .max_age(cookie::time::Duration::weeks(4));
    if data.set_cookie_domain {
        builder = builder.domain(data.base_domain.to_string());
    }
    jar.private_mut(&data.cookies_key).add(builder.finish());
    let mut response = HttpResponse::Found()
        .append_header((header::LOCATION, "index.html"))
        .finish();
    if let Some(c) = jar.get("auth") {
        if let Err(e) = response.add_cookie(c) {
            log::error!("Cann't set cookie {}", e);
        }
    }
    response
}

Replacement in src/pages/index.rs at line 1 [6.100]
B:BD[6.100] → [6.101:137]
```
use actix_web::{web, HttpResponse};
```
[6.100]
[6.137]
```
use actix_web::{web, HttpRequest, HttpResponse};
```
Deletion in src/pages/index.rs at line 3 [6.100]
B:BD[6.138] → [2.837:880]
```
use crate::pages::insert_security_headers;
```

Insertion in src/pages/index.rs at line 4 [6.100]

[8.1404]

[7.562]

use crate::pages::CommonAuthInfo;
use crate::pages::{insert_security_headers, request_to_jar};

Replacement in src/pages/index.rs at line 8 [6.100]

B:BD[6.167] → [7.583:650]

B:BD[7.650] → [8.1405:1463]

pub async fn index(data: web::Data<WebData<'_>>) -> HttpResponse {
    let body = match data.handlebars.render(INDEX, &()) {

[6.167]

[12.314]

#[derive(serde_derive::Serialize)]
struct PageData {
    pub common_auth_info: CommonAuthInfo,
}
pub async fn index(request: HttpRequest, data: web::Data<WebData<'_>>) -> HttpResponse {
    let jar = request_to_jar(request);
    let user = jar
        .private(&data.cookies_key)
        .get("auth")
        .map(|x| x.value().to_string());
    let body = match data.handlebars.render(
        INDEX,
        &PageData {
            common_auth_info: CommonAuthInfo { user },
        },
    ) {

Deletion in src/pages/cookies_policy.rs at line 4 [9.788]
B:BD[9.826] → [9.826:869]
```
use crate::pages::insert_security_headers;
```
Insertion in src/pages/cookies_policy.rs at line 5 [9.788]
[9.914]
[9.914]
```
use crate::pages::{insert_security_headers, request_to_jar};
```

Deletion in src/pages/cookies_policy.rs at line 13 [9.788]

B:BD[9.935] → [3.34:97]

∅:D[3.97] → [13.156:470]

B:BD[13.156] → [13.156:470]

B:BD[13.470] → [3.98:108]

∅:D[3.108] → [13.470:471]

B:BD[13.470] → [13.470:471]

fn request_to_jar(request: HttpRequest) -> cookie::CookieJar {
    let mut jar = cookie::CookieJar::new();
    match request.cookies() {
        Ok(cookies) => {
            for cookie in &*cookies {
                jar.add_original(cookie.clone());
            }
        }
        Err(e) => {
            log::error!("Cann't get cookies from request: {}", e);
        }
    }
    jar
}

Insertion in src/main.rs at line 16 [15.17]

[6.423]

[14.1800]

use pages::log_in::{get_log_in, post_log_in};
use pages::log_out::log_out;

Insertion in src/main.rs at line 174 [15.17]

[9.1587]

[16.245]

    handlebars
        .register_template_string(templates::LOG_IN, include_str!("templates/login.html"))
        .expect("cookies policy template");

Insertion in src/main.rs at line 217 [15.17]

[10.2306]

[11.203]

        cache_login: tokio::sync::Mutex::new(ttl_cache::TtlCache::new(cache_capacity)),

Insertion in src/main.rs at line 261 [15.17]

[9.1858]

[17.451]

            .route("/login.html", web::get().to(get_log_in))

Insertion in src/main.rs at line 264 [15.17]

[17.607]

[8.2328]

            .route("/logout.do", web::post().to(log_out))
            .route("/login.do", web::post().to(post_log_in))