Scienta
diff --git a/‎Cargo.lock‎
Lines changed: 156 additions & 204 deletions b/‎Cargo.lock‎
Lines changed: 156 additions & 204 deletions
diff --git a/‎backend/Cargo.toml‎
Lines changed: 3 additions & 1 deletion b/‎backend/Cargo.toml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎backend/src/html.rs‎
Lines changed: 13 additions & 11 deletions b/‎backend/src/html.rs‎
Lines changed: 13 additions & 11 deletions
diff --git a/‎backend/src/main.rs‎
Lines changed: 21 additions & 161 deletions b/‎backend/src/main.rs‎
Lines changed: 21 additions & 161 deletions
@@ -7,12 +7,12 @@ edition = "2021"
 anyhow = "1.0.95"
 askama = { version = "0.12.1", features = ["with-axum"] }
 askama_axum = "0.4.0"
-async-session = "3.0.0"
 async-trait = "0.1.83"
 axum = { version = "0.8.1", features = ["macros"] }
 axum-extra = { version = "0.10.0", features = ["cookie", "multipart", "typed-header"] }
 dotenv = "0.15.0"
 headers = "0.4.0"
+http = "1.2.0"
 oauth2 = "4.4.2"
 once_cell = "1.20.2"
 openidconnect = { version = "3.5.0", features = ["reqwest"]  }
@@ -27,6 +27,8 @@ sqlx = { version = "0.8.2", features = ["runtime-tokio-native-tls", "sqlite", "p
 time = "0.3.37"
 tokio = { version = "1.42.0", features = ["rt", "rt-multi-thread", "macros", "signal"] }
 tower-http = { version = "0.6.2", features = ["fs", "trace"] }
+tower-sessions = { version = "0.14.0", features = ["memory-store"] }
+#tower-sessions-memory-store = { version = "0.14.0", features = [] }
 tracing = { version = "0.1.41", features = ["std", "log"] }
 tracing-opentelemetry = { version = "0.28.0", features = [] }
 tracing-subscriber = { version = "0.3.19", features = ["env-filter", "registry", "fmt"] }
 
@@ -1,5 +1,6 @@
 use crate::model::*;
-use crate::{AppError, ServerImpl, SessionUser};
+use crate::session::SkjeraSessionData;
+use crate::{AppError, ServerImpl};
 use anyhow::Context;
 use askama_axum::Template;
 use axum::extract::{Path, State};
@@ -43,7 +44,7 @@ struct MeTemplate<'a> {
 #[tracing::instrument]
 pub async fn get_me(
     State(app): State<ServerImpl>,
-    user: SessionUser,
+    user: SkjeraSessionData,
 ) -> Result<Html<String>, AppError> {
     let me = app
         .employee_dao
@@ -79,7 +80,7 @@ pub(crate) struct MeForm {
 #[tracing::instrument]
 pub async fn post_me(
     State(app): State<ServerImpl>,
-    user: SessionUser,
+    user: SkjeraSessionData,
     Form(input): Form<MeForm>,
 ) -> Result<Redirect, AppError> {
     debug!("form: {:?}", input);
@@ -109,7 +110,7 @@ pub async fn post_me(
 
 pub async fn delete_some_account(
     State(app): State<ServerImpl>,
-    user: SessionUser,
+    user: SkjeraSessionData,
     Path(some_account_id): Path<SomeAccountId>,
 ) -> Result<Redirect, AppError> {
     info!(
@@ -138,7 +139,7 @@ pub(crate) struct AddSomeAccountForm {
 
 pub async fn add_some_account(
     State(app): State<ServerImpl>,
-    user: SessionUser,
+    user: SkjeraSessionData,
     Form(input): Form<AddSomeAccountForm>,
 ) -> Result<Redirect, AppError> {
     let _span = span!(Level::INFO, "add_some_account");
@@ -193,7 +194,7 @@ impl EmployeeTemplate {
 #[tracing::instrument]
 pub async fn employee(
     State(app): State<ServerImpl>,
-    _user: SessionUser,
+    _user: SkjeraSessionData,
     Path(employee_id): Path<EmployeeId>,
 ) -> Result<Html<String>, AppError> {
     let employee = app
@@ -210,21 +211,22 @@ pub async fn employee(
 #[derive(Template)]
 #[template(path = "hello.html"/*, print = "all"*/)]
 struct HelloTemplate {
-    pub user: Option<SessionUser>,
+    pub user: SkjeraSessionData,
     pub google_auth_url: Option<String>,
     pub employees: Option<Vec<Employee>>,
 }
 
-#[tracing::instrument]
 pub async fn hello_world(
     State(app): State<ServerImpl>,
-    user: Option<SessionUser>,
+    session: SkjeraSessionData,
 ) -> Result<Html<String>, AppError> {
+    let _span = span!(Level::INFO, "hello_world");
+
     let scope = "openid profile email";
 
     let mut employees = None::<Vec<Employee>>;
     let mut url = None::<String>;
-    if user.is_some() {
+    if session.authenticated() {
         employees = Some(app.employee_dao.employees().await?);
     } else {
         let u = Url::parse_with_params(
@@ -241,7 +243,7 @@ pub async fn hello_world(
     }
 
     let template = HelloTemplate {
-        user,
+        user: session,
         google_auth_url: url,
         employees,
     };
 
@@ -4,26 +4,17 @@ mod macros;
 mod meta;
 mod model;
 mod oauth;
+mod session;
 #[cfg(any())]
 mod skjera;
 mod slack;
 mod web;
 
 use crate::model::*;
 use crate::slack::SlackConnect;
-use anyhow::{anyhow, Error};
-use async_session::{MemoryStore, Session, SessionStore};
-use axum::extract::{FromRef, FromRequestParts, OptionalFromRequestParts};
-use axum::http::request::Parts;
-use axum::http::{header, StatusCode};
+use axum::http::StatusCode;
 use axum::response::{IntoResponse, Redirect, Response};
-use axum::RequestPartsExt;
-use axum_extra::typed_header::TypedHeaderRejectionReason;
-use axum_extra::TypedHeader;
-use headers;
 use oauth2::basic::BasicClient;
-use oauth2::{CsrfToken, PkceCodeVerifier};
-use openidconnect::Nonce;
 use opentelemetry::trace::TracerProvider as _;
 use opentelemetry::{global, KeyValue};
 use opentelemetry_appender_tracing::layer;
@@ -32,20 +23,18 @@ use opentelemetry_sdk::logs::LoggerProvider;
 use opentelemetry_sdk::trace::TracerProvider;
 use opentelemetry_sdk::{runtime, Resource};
 use reqwest::Client as ReqwestClient;
-use serde::{Deserialize, Serialize};
 use sqlx::postgres::PgConnectOptions;
 use std::env;
 use std::process::exit;
 use tokio::net::TcpListener;
 use tokio::signal;
 use tower_http::trace::TraceLayer;
+use tower_sessions::cookie::SameSite::Lax;
+use tower_sessions::{MemoryStore, SessionManagerLayer, SessionStore};
 use tracing::{debug, info, warn};
 use tracing_subscriber::prelude::*;
 use tracing_subscriber::EnvFilter;
 
-pub(crate) static COOKIE_NAME: &str = "SESSION";
-const USER_SESSION_KEY: &'static str = "user";
-
 #[tokio::main]
 async fn main() {
     // We don't care if there is a problem here
@@ -115,7 +104,6 @@ async fn main() {
         cfg,
         basic_client,
         employee_dao: EmployeeDao::new(pool),
-        store: MemoryStore::new(),
         slack_connect,
     };
 
@@ -125,7 +113,13 @@ async fn main() {
     //     info!(name: "my-event-name", target: "my-system", event_id = 20, user_name = "otel", user_email = "otel@opentelemetry.io", message = "This is an example message");
     // });
 
-    start_server(server_impl, "0.0.0.0:8080").await;
+    let session_store = MemoryStore::default();
+    let session_layer = SessionManagerLayer::new(session_store)
+        .with_secure(true)
+        .with_http_only(true)
+        .with_same_site(Lax);
+
+    start_server(server_impl, session_layer, "0.0.0.0:8080").await;
 
     providers.0.shutdown().unwrap();
     providers.1.shutdown().unwrap();
@@ -198,21 +192,20 @@ struct ServerImpl {
     ctx: ReqwestClient,
     cfg: Config,
     basic_client: BasicClient,
-    store: MemoryStore,
     pub employee_dao: EmployeeDao,
     pub slack_connect: Option<SlackConnect>,
 }
 
-impl FromRef<ServerImpl> for MemoryStore {
-    fn from_ref(state: &ServerImpl) -> Self {
-        state.store.clone()
-    }
-}
-
-async fn start_server(server_impl: ServerImpl, addr: &str) {
-    let app = web::create_router(server_impl);
-
-    let app = app.layer(TraceLayer::new_for_http());
+async fn start_server<SS>(
+    server_impl: ServerImpl,
+    session_layer: SessionManagerLayer<SS>,
+    addr: &str,
+) where
+    SS: SessionStore + Clone,
+{
+    let app = web::create_router(server_impl)
+        .layer(session_layer)
+        .layer(TraceLayer::new_for_http());
 
     // Run the server with graceful shutdown
     let listener = TcpListener::bind(addr).await.unwrap();
@@ -332,136 +325,3 @@ impl IntoResponse for AuthRedirect {
         Redirect::temporary("/").into_response()
     }
 }
-
-#[derive(Debug, Deserialize, Serialize)]
-pub struct SessionUser {
-    employee: EmployeeId,
-    email: String,
-    name: String,
-    slack_connect: Option<SlackConnectData>,
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-pub struct SlackConnectData {
-    csrf_token: CsrfToken,
-    nonce: Nonce,
-    pkce_verifier: PkceCodeVerifier,
-}
-
-impl SessionUser {
-    pub(crate) fn with_slack_connect(
-        self,
-        csrf_token: CsrfToken,
-        nonce: Nonce,
-        pkce_verifier: PkceCodeVerifier,
-    ) -> Self {
-        SessionUser {
-            slack_connect: Some(SlackConnectData {
-                csrf_token,
-                nonce,
-                pkce_verifier,
-            }),
-            ..self
-        }
-    }
-}
-
-async fn load_session_from_parts<S>(parts: &mut Parts, state: &S) -> anyhow::Result<Session>
-where
-    MemoryStore: FromRef<S>,
-    S: Send + Sync,
-{
-    let cookies = parts.extract::<TypedHeader<headers::Cookie>>().await?;
-
-    load_session(cookies, state).await
-}
-
-async fn load_session<S>(cookies: TypedHeader<headers::Cookie>, state: &S) -> anyhow::Result<Session>
-where
-    MemoryStore: FromRef<S>,
-    S: Send + Sync,
-{
-    let cookie = cookies
-        .get(COOKIE_NAME)
-        .ok_or(anyhow!("cookie not found"))?
-        .to_string();
-
-    let store = MemoryStore::from_ref(state);
-
-    match store.load_session(cookie).await? {
-        Some(session) => Ok(session),
-        _ => Err(anyhow!("Could not load session")),
-    }
-}
-
-impl<S> OptionalFromRequestParts<S> for SessionUser
-where
-    MemoryStore: FromRef<S>,
-    S: Send + Sync,
-{
-    type Rejection = ();
-
-    async fn from_request_parts(
-        parts: &mut Parts,
-        state: &S,
-    ) -> Result<Option<Self>, Self::Rejection> {
-        let session = load_session_from_parts(parts, state).await;
-
-        let user = session.and_then(|session| {
-            session
-                .get::<SessionUser>(USER_SESSION_KEY)
-                .ok_or(anyhow!("no user in session"))
-        });
-
-        Ok(user.ok())
-    }
-}
-
-impl<S> FromRequestParts<S> for SessionUser
-where
-    MemoryStore: FromRef<S>,
-    S: Send + Sync,
-{
-    type Rejection = AuthRedirect;
-
-    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
-        let session = load_session_from_parts(parts, state).await;
-
-        let user = session.and_then(|session| {
-            session
-                .get::<SessionUser>(USER_SESSION_KEY)
-                .ok_or(anyhow!("no user in session"))
-        });
-
-        user.map_err(|_| AuthRedirect)
-
-        // let store = MemoryStore::from_ref(state);
-        //
-        // async move {
-        //     let cookies = parts
-        //         .extract::<TypedHeader<headers::Cookie>>()
-        //         .await
-        //         .map_err(|e| match *e.name() {
-        //             header::COOKIE => match e.reason() {
-        //                 TypedHeaderRejectionReason::Missing => AuthRedirect,
-        //                 _ => panic!("unexpected error getting Cookie header(s): {e}"),
-        //             },
-        //             _ => panic!("unexpected error getting cookies: {e}"),
-        //         })?;
-        //     let session_cookie = cookies.get(COOKIE_NAME).ok_or(AuthRedirect)?;
-        //
-        //     let session = store
-        //         .load_session(session_cookie.to_string())
-        //         .await
-        //         .unwrap()
-        //         .ok_or(AuthRedirect)?;
-        //
-        //     let user = session
-        //         .get::<SessionUser>(USER_SESSION_KEY)
-        //         .ok_or(AuthRedirect)?;
-        //
-        //     Ok(user)
-        // }
-        // .await
-    }
-}