DEVELOPMENT ENVIRONMENT

~liljamo/deck-builder

5d0b5199c38d0807b8ff9cadde4ea27f86ab541e — Jonni Liljamo 1 year, 9 months ago 82c3e0c
feat(api): session validation
2 files changed, 20 insertions(+), 2 deletions(-)

M api/src/main.rs
M api/src/session.rs
M api/src/main.rs => api/src/main.rs +10 -1
@@ 29,7 29,16 @@ async fn ping() -> impl Responder {

#[get("/api/ping_sec")]
async fn ping_sec(session: Session) -> impl Responder {
    HttpResponse::Ok().body("pong")
    let session_validation = session::validate_session(&session);

    match session_validation {
        Err(err) => err,
        Ok(user_id) => {
            // NOTE: this is where one would spawn an action to do... something.
            // the user id can be used to check if the user can, e.g. start a game.
            return HttpResponse::Ok().body(format!("pong_sec for user_id: '{}'", user_id));
        }
    }
}

fn run_migrations(conn: &mut PgConnection) {

M api/src/session.rs => api/src/session.rs +10 -1
@@ 11,5 11,14 @@ use actix_web::HttpResponse;
use laurelin_shared::error::api::APIError;

pub(crate) fn validate_session(session: &Session) -> Result<String, HttpResponse> {
    Err(HttpResponse::Unauthorized().json(APIError::NotAuthorized))
    let user_id: Option<String> = session.get("user_id").unwrap_or(None);

    match user_id {
        None => Err(HttpResponse::Unauthorized().json(APIError::NotAuthorized)),
        Some(id) => {
            // keep alive
            session.renew();
            Ok(id)
        }
    }
}