Added configuration file and loggign.
This commit is contained in:
+6
-2
@@ -1,5 +1,4 @@
|
||||
use cfg_if::cfg_if;
|
||||
|
||||
pub mod data;
|
||||
pub mod company;
|
||||
pub mod user;
|
||||
@@ -10,13 +9,17 @@ pub mod opening_hours;
|
||||
macro_rules! perm_check {
|
||||
($check:ident) => {
|
||||
use crate::backend::user::$check;
|
||||
use crate::backend::user::logged_in_user;
|
||||
use actix_web::http::StatusCode;
|
||||
use leptos_actix::ResponseOptions;
|
||||
use log::warn;
|
||||
|
||||
if !$check().await {
|
||||
let response = expect_context::<ResponseOptions>();
|
||||
response.set_status(StatusCode::FORBIDDEN);
|
||||
|
||||
warn!("Permission denied for user: {}", logged_in_user().await.unwrap_or_default().login);
|
||||
|
||||
return Ok(ApiResponse::Error("Forbidden".to_string()))
|
||||
}
|
||||
}
|
||||
@@ -26,7 +29,6 @@ macro_rules! perm_check {
|
||||
macro_rules! user_check {
|
||||
($check:expr) => {
|
||||
use crate::perm_check;
|
||||
use crate::backend::user::logged_in_user;
|
||||
|
||||
perm_check!(is_logged_in);
|
||||
let user = logged_in_user().await.unwrap_or(User::default());
|
||||
@@ -35,6 +37,8 @@ macro_rules! user_check {
|
||||
let response = expect_context::<ResponseOptions>();
|
||||
response.set_status(StatusCode::FORBIDDEN);
|
||||
|
||||
warn!("Try to update not owned data. User: {}", user.login);
|
||||
|
||||
return Ok(ApiResponse::Error("You can change your own profile only".to_string()))
|
||||
}
|
||||
}
|
||||
|
||||
+9
-1
@@ -8,6 +8,7 @@ cfg_if! { if #[cfg(feature = "ssr")] {
|
||||
use sqlx::{query_as, Error, PgPool, query};
|
||||
use actix_session::*;
|
||||
use leptos_actix::{extract, redirect};
|
||||
use log::{info, warn};
|
||||
|
||||
pub async fn has_admin_user(pool: &PgPool) -> Result<bool, Error> {
|
||||
let count: (i64,) = query_as(r#"SELECT COUNT(id) FROM "user" WHERE admin = $1"#)
|
||||
@@ -58,7 +59,7 @@ cfg_if! { if #[cfg(feature = "ssr")] {
|
||||
}
|
||||
}}
|
||||
|
||||
#[server(Login, "/api")]
|
||||
#[server]
|
||||
pub async fn login(username: String, password: String) -> Result<ApiResponse<()>, ServerFnError> {
|
||||
use actix_session::*;
|
||||
use leptos_actix::extract;
|
||||
@@ -75,10 +76,13 @@ pub async fn login(username: String, password: String) -> Result<ApiResponse<()>
|
||||
})
|
||||
.await?;
|
||||
|
||||
info!("User {} logged in", username);
|
||||
|
||||
redirect("/admin");
|
||||
return Ok(ApiResponse::Data(()));
|
||||
}
|
||||
|
||||
warn!("Login failed for user {}", username);
|
||||
let response = expect_context::<ResponseOptions>();
|
||||
response.set_status(StatusCode::UNAUTHORIZED);
|
||||
|
||||
@@ -230,6 +234,8 @@ pub async fn create_user(user: UserProfile) -> Result<ApiResponse<()>, ServerFnE
|
||||
.execute(&pool)
|
||||
.await?;
|
||||
|
||||
info!("Created user {}", user.login());
|
||||
|
||||
Ok(ApiResponse::Data(()))
|
||||
}
|
||||
|
||||
@@ -259,5 +265,7 @@ pub async fn delete_user(id: i32) -> Result<ApiResponse<()>, ServerFnError> {
|
||||
.execute(&get_pool().await?)
|
||||
.await?;
|
||||
|
||||
info!("User deleted");
|
||||
|
||||
Ok(ApiResponse::Data(()))
|
||||
}
|
||||
Reference in New Issue
Block a user