From d000e75ab0c20b266e90deec437e02329210db11 Mon Sep 17 00:00:00 2001
From: curly <curly@infernal.garden>
Date: Wed, 17 Jul 2024 14:27:34 -0600
Subject: separate user update forms.  require password for deletion

---
 src/main.rs | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

(limited to 'src/main.rs')

diff --git a/src/main.rs b/src/main.rs
index 6b0ecec..8ddd853 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -174,27 +174,48 @@ async fn get_sessions(data: Json<LogoutForm>, db: &State<Mutex<DB>>) -> (Status,
     }
 }
 
+#[derive(Deserialize)]
+struct DeleteForm {
+    id: UID,
+    session: String,
+    password: String,
+}
+
 #[post("/delete", data="<data>", format="json")]
-async fn delete(data: Json<LogoutForm>, db: &State<Mutex<DB>>) -> (Status, Result<Json<String>, Json<String>>) {
+async fn delete(data: Json<DeleteForm>, db: &State<Mutex<DB>>) -> (Status, Result<Json<String>, Json<String>>) {
     let mut db = db.lock().await;
-    match db.delete_user(data.id, &data.session).await {
+    match db.delete_user(data.id, &data.session, &data.password).await {
         Ok(n) => (Status::Ok, Ok(n.into())),
         Err(n) => (Status::Unauthorized, Err(n.into())),
     }
 }
 
 #[derive(Deserialize)]
-struct UpdateForm {
+struct UpdateNameForm {
     id: UID,
     session: String,
     name: String,
+}
+#[derive(Deserialize)]
+struct UpdatePasswordForm {
+    id: UID,
+    session: String,
     old_password: String,
     new_password: String,
 }
-#[post("/update/info", data="<data>", format="json")]
-async fn update_user(data: Json<UpdateForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) {
+#[post("/name", data="<data>", format="json")]
+async fn update_password(data: Json<UpdateNameForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) {
+    let mut db = db.lock().await;
+    match db.update_user_name(data.id, &data.session, &data.name).await {
+        Ok(_) => (Status::Ok, Ok(())),
+        Err(n) => (Status::InternalServerError, Err(n.into()))
+    }
+}
+
+#[post("/password", data="<data>", format="json")]
+async fn update_name(data: Json<UpdatePasswordForm>, db: &State<Mutex<DB>>) -> (Status, Result<(), Json<String>>) {
     let mut db = db.lock().await;
-    match db.update_user(data.id, &data.session, data.name.clone(), data.old_password.clone(), data.new_password.clone()).await {
+    match db.update_user_password(data.id, &data.session, &data.old_password, &data.new_password).await {
         Ok(_) => (Status::Ok, Ok(())),
         Err(n) => (Status::InternalServerError, Err(n.into()))
     }
@@ -234,7 +255,8 @@ fn rocket() -> _ {
 
     rocket::build().manage(Mutex::new(DB::load(Config::new())))
     .mount("/", routes![index])
-    .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete, update_user])
+    .mount("/user", routes![login, get_users_by_name, get_user_authenticated, get_user, new_user, get_all_users, logout, logout_all, get_sessions, delete])
+    .mount("/user/update", routes![update_name, update_password])
     .mount("/transfer", routes![transfer_out])
     .attach(cors)
 }
\ No newline at end of file
-- 
cgit v1.2.3