zxq5/chatapp
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

added login

Browse Source
This commit is contained in:
zxq5
2025-10-09 10:05:59 +01:00
parent edc7567d15
commit 4f72cc6abe
6 changed files with 228 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/auth.rs
+53 -28
View File
@@ -16,6 +16,7 @@ use rocket_db_pools::{
use rocket_dyn_templates::{Template, context};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use sqlx::postgres::PgQueryResult;
use crate::db::DbConn;
@@ -25,6 +26,11 @@ pub struct UserCredentials {
pub password: String,
}
#[get("/signup")]
pub async fn signup_page() -> Template {
Template::render("signup", context!())
}
#[post("/signup", data = "<cred>")]
pub async fn signup(
cred: Json<UserCredentials>,
@@ -40,16 +46,8 @@ pub async fn signup(
.await
.map_err(|e| e.to_string())?;
let session = SessionToken::new(result.id as usize);
let result = sqlx::query!(
"INSERT INTO sessions (user_id, token) VALUES ($1, $2)",
result.id,
session.token,
)
.execute(&mut **db)
.await;
if let Err(e) = result {
let session = Session::new(result.id as usize);
if let Err(e) = session.commit(&mut db).await {
eprintln!("Failed to create session: {}", e);
return Err(e.to_string());
}
@@ -60,45 +58,70 @@ pub async fn signup(
Ok(Json("Signup successful".to_string()))
}
#[get("/signup")]
pub async fn signup_page() -> Template {
Template::render("signup", context!())
#[get("/login")]
pub async fn login_page() -> Template {
Template::render("login", context!())
}
#[post("/login", data = "<cred>")]
pub async fn login(
conn: Connection<DbConn>,
mut db: Connection<DbConn>,
jar: &CookieJar<'_>,
cred: Json<UserCredentials>,
) -> Result<Json<String>, String> {
if let Ok(row) = sqlx::query!(
"SELECT id FROM users WHERE username = $1 AND password = $2",
cred.username,
cred.password,
)
.fetch_one(&mut **db)
.await
{
let session = Session::new(row.id as usize);
if let Err(e) = session.commit(&mut db).await {
eprintln!("Failed to create session: {}", e);
return Err(e.to_string());
}
jar.add_private(("session", session.token));
return Ok(Json("Signup successful".to_string()));
}
// TODO: implement actual login logic, e.g. verify password and generate token
Ok(Json("Login successful".to_string()))
Err("login failed".to_string())
}
pub struct SessionToken {
#[derive(Debug)]
pub struct Session {
pub token: String,
pub user_id: usize,
}
impl SessionToken {
impl Session {
pub fn new(user_id: usize) -> Self {
let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
let random: u32 = rand::rng().random();
let token = format!("{}-{}", current_time.as_secs(), random);
let hashed = format!("{:x}", Sha256::digest(token.as_bytes()));
SessionToken {
Self {
token: hashed,
user_id,
}
}
pub async fn commit(&self, db: &mut Connection<DbConn>) -> Result<PgQueryResult, sqlx::Error> {
sqlx::query!(
"INSERT INTO sessions (user_id, token) VALUES ($1, $2)",
self.user_id as i32,
self.token,
)
.execute(&mut ***db)
.await
}
}
type UserID = usize;
#[derive(Debug)]
pub struct AuthGuard(pub UserID);
#[rocket::async_trait]
impl<'r> FromRequest<'r> for AuthGuard {
impl<'r> FromRequest<'r> for Session {
type Error = ();
async fn from_request(request: &'r Request<'_>) -> request::Outcome<Self, Self::Error> {
@@ -110,16 +133,18 @@ impl<'r> FromRequest<'r> for AuthGuard {
let value = c.value();
let result = sqlx::query!(
"SELECT user_id FROM sessions WHERE token = $1 AND expires_at > NOW()",
"SELECT user_id, token FROM sessions WHERE token = $1 AND expires_at > NOW()",
value
)
.fetch_optional(&mut **pool)
.await
.expect("query failed!");
if let Some(token) = result {
let user_id = token.user_id;
Outcome::Success(AuthGuard(user_id as usize))
if let Some(session) = result {
Outcome::Success(Self {
user_id: session.user_id as usize,
token: session.token,
})
} else {
Outcome::Error((Status::Unauthorized, ()))
}
backend/src/llm.rs
+5 -2
View File
@@ -42,7 +42,7 @@ impl LlmWorker {
.json(&payload)
.send()
.await
.unwrap();
.map_err(|_| String::from("Failed to make request to LLM server"))?;
// The API returns a JSON with `choices[].message.content`
#[derive(Deserialize)]
@@ -54,7 +54,10 @@ impl LlmWorker {
message: Message,
}
let llm_resp: LlmResponse = resp.json().await.unwrap();
let llm_resp: LlmResponse = resp
.json()
.await
.map_err(|_| String::from("Failed to make request to LLM server"))?;
Ok(ChatMsg {
display_name: message.display_name.clone(),
backend/src/main.rs
+4 -3
View File
@@ -11,7 +11,7 @@ use rocket_db_pools::{Connection, Database};
use rocket_dyn_templates::Template;
use std::sync::Arc;
use crate::auth::AuthGuard;
use crate::auth::Session;
use crate::db::DbConn;
use crate::messages::ChatBroadcaster;
@@ -22,7 +22,7 @@ pub mod llm;
pub mod messages;
#[get("/users", rank = 2)]
async fn users(_ag: AuthGuard, mut db: Connection<DbConn>) -> Json<Vec<i32>> {
async fn users(_ag: Session, mut db: Connection<DbConn>) -> Json<Vec<i32>> {
sqlx::query!("SELECT id FROM users")
.fetch_all(&mut **db)
.await
@@ -34,7 +34,7 @@ async fn users(_ag: AuthGuard, mut db: Connection<DbConn>) -> Json<Vec<i32>> {
}
#[get("/users/<id>", rank = 1)]
async fn username_for_id(id: usize, _ag: AuthGuard, mut db: Connection<DbConn>) -> String {
async fn username_for_id(id: usize, _ag: Session, mut db: Connection<DbConn>) -> String {
sqlx::query!("SELECT username FROM users WHERE id = $1", id as i32)
.fetch_one(&mut **db)
.await
@@ -74,6 +74,7 @@ fn rocket() -> Rocket<Build> {
messages::event_stream,
auth::signup,
auth::signup_page,
auth::login_page,
auth::login
],
)
backend/src/messages.rs
+7 -7
View File
@@ -11,7 +11,7 @@ use serde::{Deserialize, Serialize};
use sqlx::prelude::FromRow;
use tokio::sync::broadcast;
use crate::{auth::AuthGuard, db::DbConn, llm::LlmWorker};
use crate::{auth::Session, db::DbConn, llm::LlmWorker};
/// ---------- shared broadcaster ----------
pub struct ChatBroadcaster {
@@ -47,14 +47,14 @@ pub async fn post_message(
mut msg: Json<ChatMsg>,
chat: &rocket::State<Arc<ChatBroadcaster>>,
mut db: Connection<DbConn>,
ag: AuthGuard,
session: Session,
) -> Result<(), String> {
const CHANNEL_ID: i32 = 1;
const LMSTUDIO_URI: &'static str = "http://127.0.0.1:1234/v1/chat/completions";
let chat = chat.inner().clone();
msg.user_id = ag.0;
msg.user_id = session.user_id;
chat.publish(msg.clone().into_inner()).await;
sqlx::query!(
@@ -92,7 +92,7 @@ pub async fn post_message(
}
#[get("/messages")]
pub async fn get_messages(mut db: Connection<DbConn>, _ag: AuthGuard) -> Json<Vec<ChatMsg>> {
pub async fn get_messages(mut db: Connection<DbConn>, _session: Session) -> Json<Vec<ChatMsg>> {
Json(
sqlx::query!(
"SELECT u.username, u.display_name, u.id, m.content, m.created_at FROM messages m JOIN users u ON m.user_id = u.id ORDER BY m.created_at DESC LIMIT 100"
@@ -117,7 +117,7 @@ pub async fn get_messages(mut db: Connection<DbConn>, _ag: AuthGuard) -> Json<Ve
pub async fn event_stream(
chat: &rocket::State<Arc<ChatBroadcaster>>,
db: Connection<DbConn>,
ag: AuthGuard,
ag: Session,
) -> EventStream![] {
let mut rx = chat.subscribe();
@@ -140,6 +140,6 @@ pub async fn event_stream(
}
#[get("/")]
pub async fn chat_page(ag: AuthGuard) -> Template {
Template::render("chat", context!(user_id: ag.0))
pub async fn chat_page(session: Session) -> Template {
Template::render("chat", context!(user_id: session.user_id))
}