blob: 7f0314f8cda50f6a734e162741d5bfe2b0baef47 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
use axum_extra::extract::cookie;
/// Show a login page.
async fn get() {
todo!()
}
/// Accept login and start the IndieAuth dance.
async fn post() {
todo!()
}
/// Accept the return of the IndieAuth dance. Set a cookie for the
/// required session.
async fn callback() {
todo!()
}
/// Show the form necessary for logout. If JS is enabled,
/// automatically POST the form.
///
/// This is essentially protection from CSRF and also from some kind
/// of crawlers working with a user's cookies (wget?). If a crawler is
/// stupid enough to execute JS and send a POST request though, that's
/// on the crawler.
async fn logout_page() {
todo!()
}
/// Erase the necessary cookies for login and invalidate the session.
async fn logout() {
todo!()
}
/// Produce a router for all of the above.
fn router(key: cookie::Key) -> axum::routing::Router<cookie::Key> {
axum::routing::Router::new()
.route("/start", axum::routing::get(get).post(post))
.route("/finish", axum::routing::get(callback))
.route("/logout", axum::routing::get(logout_page).post(logout))
// I'll need some kind of session store here too. It should be
// a key from UUIDs (128 bits is enough for a session token)
// to at least a URL, if not something more.
.with_state(key)
}
|