diff options
| author | curly <curly@infernal.garden> | 2024-07-17 14:27:34 -0600 |
|---|---|---|
| committer | curly <curly@infernal.garden> | 2024-07-17 14:27:34 -0600 |
| commit | d000e75ab0c20b266e90deec437e02329210db11 (patch) | |
| tree | ede26f9e54c7d6c9b1e2719fde2c2dac15e87027 /src/main.rs | |
| parent | 12c1da413d09d48ce85bb46d0629166ce986b5d6 (diff) | |
| download | poko_server-d000e75ab0c20b266e90deec437e02329210db11.tar.gz poko_server-d000e75ab0c20b266e90deec437e02329210db11.tar.bz2 poko_server-d000e75ab0c20b266e90deec437e02329210db11.zip | |
separate user update forms. require password for deletion
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/src/main.rs b/src/main.rs index 6b0ecec..8ddd853 100644 --- a/src/main.rs +++ b/src/main.rs @@ -174,27 +174,48 @@ async fn get_sessions(data: Json<LogoutForm>, db: &State<Mutex<DB>>) -> (Status, } } +#[derive(Deserialize)] +struct DeleteForm { + id: UID, + session: String, + password: String, +} + #[post("/delete", data="<data>", format="json")] -async fn delete(data: Json<LogoutForm>, db: &State<Mutex<DB>>) -> (Status, Result<Json<String>, Json<String>>) { +async fn delete(data: Json<DeleteForm>, db: &State<Mutex<DB>>) -> (Status, Result<Json<String>, Json<String>>) { let mut db = db.lock().await; - match db.delete_user(data.id, &data.session).await { + match db.delete_user(data.id, &data.session, &data.password).await { Ok(n) => (Status::Ok, Ok(n.into())), Err(n) => (Status::Unauthorized, Err(n.into())), } } #[derive(Deserialize)] -struct UpdateForm { +struct UpdateNameForm { id: UID, session: String, name: String, +} +#[derive(Deserialize)] +struct UpdatePasswordForm { + id: UID, + session: String, old_password: String, new_password: String, } -#[post("/update/info", data="<data>", format="json")] -async fn update_user(data: Json<UpdateForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) { +#[post("/name", data="<data>", format="json")] +async fn update_password(data: Json<UpdateNameForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) { + let mut db = db.lock().await; + match db.update_user_name(data.id, &data.session, &data.name).await { + Ok(_) => (Status::Ok, Ok(())), + Err(n) => (Status::InternalServerError, Err(n.into())) + } +} + +#[post("/password", data="<data>", format="json")] +async fn update_name(data: Json<UpdatePasswordForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) { let mut db = db.lock().await; - match db.update_user(data.id, &data.session, data.name.clone(), data.old_password.clone(), data.new_password.clone()).await { + match db.update_user_password(data.id, &data.session, &data.old_password, &data.new_password).await { Ok(_) => (Status::Ok, Ok(())), Err(n) => (Status::InternalServerError, Err(n.into())) } @@ -234,7 +255,8 @@ fn rocket() -> _ { rocket::build().manage(Mutex::new(DB::load(Config::new()))) .mount("/", routes![index]) - .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete, update_user]) + .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete]) + .mount("/user/update", routes![update_name, update_password]) .mount("/transfer", routes![transfer_out]) .attach(cors) }
\ No newline at end of file |