based

src/route/user.rs

@@ -1,46 +1,12 @@
-use crate::get_pg;
-use crate::library::user::User;
-use crate::route::vec_to_api;
+use based::auth::{User, UserRole};
+use based::check_admin;
+use based::request::api::{api_error, vec_to_api, FallibleApiResponse};
 use rocket::get;
-use rocket::http::Status;
-use rocket::outcome::Outcome;
 use rocket::post;
-use rocket::request::FromRequest;
 use rocket::serde::json::Json;
-use rocket::Request;
 use serde::Deserialize;
 use serde_json::json;
 
-use super::api_error;
-use super::FallibleApiResponse;
-
-#[macro_export]
-macro_rules! check_admin {
-    ($u:ident) => {
-        if !$u.is_admin() {
-            return Err(api_error("Forbidden"));
-        }
-    };
-}
-
-#[rocket::async_trait]
-impl<'r> FromRequest<'r> for User {
-    type Error = ();
-
-    async fn from_request(request: &'r Request<'_>) -> rocket::request::Outcome<Self, Self::Error> {
-        match request.headers().get_one("token") {
-            Some(key) => {
-                if let Some(user) = sqlx::query_as("SELECT * FROM users WHERE username = (SELECT \"user\" FROM user_session WHERE token = $1)").bind(key).fetch_optional(get_pg!()).await.unwrap() {
-                    Outcome::Success(user)
-                } else {
-                    Outcome::Error((Status::Unauthorized, ()))
-                }
-            }
-            None => Outcome::Error((Status::Unauthorized, ())),
-        }
-    }
-}
-
 #[derive(Deserialize)]
 pub struct LoginData {
     pub username: String,
@@ -89,13 +55,9 @@ pub async fn users_route(u: User) -> FallibleApiResponse {
 pub async fn user_create_route(user: Json<LoginData>, u: User) -> FallibleApiResponse {
     check_admin!(u);
 
-    let new_user = User::create(
-        &user.username,
-        &user.password,
-        crate::library::user::UserRole::Regular,
-    )
-    .await
-    .unwrap();
+    let new_user = User::create(&user.username, &user.password, UserRole::Regular)
+        .await
+        .unwrap();
 
     Ok(json!({"created": new_user.username}))
 }