From 5d0b5199c38d0807b8ff9cadde4ea27f86ab541e Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Thu, 2 Mar 2023 13:19:50 +0200
Subject: [PATCH] feat(api): session validation

---
 api/src/main.rs    | 11 ++++++++++-
 api/src/session.rs | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/api/src/main.rs b/api/src/main.rs
index a8e8957..06cef47 100644
--- a/api/src/main.rs
+++ b/api/src/main.rs
@@ -29,7 +29,16 @@ async fn ping() -> impl Responder {
 
 #[get("/api/ping_sec")]
 async fn ping_sec(session: Session) -> impl Responder {
-    HttpResponse::Ok().body("pong")
+    let session_validation = session::validate_session(&session);
+
+    match session_validation {
+        Err(err) => err,
+        Ok(user_id) => {
+            // NOTE: this is where one would spawn an action to do... something.
+            // the user id can be used to check if the user can, e.g. start a game.
+            return HttpResponse::Ok().body(format!("pong_sec for user_id: '{}'", user_id));
+        }
+    }
 }
 
 fn run_migrations(conn: &mut PgConnection) {
diff --git a/api/src/session.rs b/api/src/session.rs
index d2d642f..aec3bd8 100644
--- a/api/src/session.rs
+++ b/api/src/session.rs
@@ -11,5 +11,14 @@ use actix_web::HttpResponse;
 use laurelin_shared::error::api::APIError;
 
 pub(crate) fn validate_session(session: &Session) -> Result<String, HttpResponse> {
-    Err(HttpResponse::Unauthorized().json(APIError::NotAuthorized))
+    let user_id: Option<String> = session.get("user_id").unwrap_or(None);
+
+    match user_id {
+        None => Err(HttpResponse::Unauthorized().json(APIError::NotAuthorized)),
+        Some(id) => {
+            // keep alive
+            session.renew();
+            Ok(id)
+        }
+    }
 }
-- 
2.44.1