diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib.rs | 1 | ||||
-rw-r--r-- | src/login.rs | 45 | ||||
-rw-r--r-- | src/main.rs | 5 |
3 files changed, 50 insertions, 1 deletions
diff --git a/src/lib.rs b/src/lib.rs index c1bd965..04b3298 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -8,6 +8,7 @@ pub mod media; pub mod micropub; pub mod indieauth; pub mod webmentions; +pub mod login; pub mod companion { use std::{collections::HashMap, sync::Arc}; diff --git a/src/login.rs b/src/login.rs new file mode 100644 index 0000000..7f0314f --- /dev/null +++ b/src/login.rs @@ -0,0 +1,45 @@ +use axum_extra::extract::cookie; + +/// Show a login page. +async fn get() { + todo!() +} + +/// Accept login and start the IndieAuth dance. +async fn post() { + todo!() +} + +/// Accept the return of the IndieAuth dance. Set a cookie for the +/// required session. +async fn callback() { + todo!() +} + +/// Show the form necessary for logout. If JS is enabled, +/// automatically POST the form. +/// +/// This is essentially protection from CSRF and also from some kind +/// of crawlers working with a user's cookies (wget?). If a crawler is +/// stupid enough to execute JS and send a POST request though, that's +/// on the crawler. +async fn logout_page() { + todo!() +} + +/// Erase the necessary cookies for login and invalidate the session. +async fn logout() { + todo!() +} + +/// Produce a router for all of the above. +fn router(key: cookie::Key) -> axum::routing::Router<cookie::Key> { + axum::routing::Router::new() + .route("/start", axum::routing::get(get).post(post)) + .route("/finish", axum::routing::get(callback)) + .route("/logout", axum::routing::get(logout_page).post(logout)) + // I'll need some kind of session store here too. It should be + // a key from UUIDs (128 bits is enough for a session token) + // to at least a URL, if not something more. + .with_state(key) +} diff --git a/src/main.rs b/src/main.rs index b7a6035..9e541b9 100644 --- a/src/main.rs +++ b/src/main.rs @@ -221,6 +221,9 @@ async fn compose_kittybox( other => unimplemented!("Unsupported backend: {other}") }; + // TODO: load from environment + let cookie_key = axum_extra::extract::cookie::Key::generate(); + let router = router .route( "/.kittybox/static/:path", @@ -228,11 +231,11 @@ async fn compose_kittybox( ) .route("/.kittybox/coffee", teapot_route()) .nest("/.kittybox/micropub/client", kittybox::companion::router()) + .nest("/.kittybox/login", kittybox::login::router(cookie_key)) .layer(tower_http::trace::TraceLayer::new_for_http()) .layer(tower_http::catch_panic::CatchPanicLayer::new()) .layer(tower_http::sensitive_headers::SetSensitiveHeadersLayer::new([ axum::http::header::AUTHORIZATION, - // Not used yet, but will be eventually axum::http::header::COOKIE, axum::http::header::SET_COOKIE, ])); |