feat: implement user login functionality with session management

bruno/user/Verify User.bru

@@ -0,0 +1,18 @@
+meta {
+  name: Verify User
+  type: http
+  seq: 2
+}
+
+post {
+  url: {{api_base}}/auth/login
+  body: json
+  auth: inherit
+}
+
+body:json {
+  {
+    "username": "hure",
+    "password": "nüttchen"
+  }
+}

crates/backend/Cargo.toml

@@ -25,6 +25,7 @@ sea-orm = { version = "1.1", features = [
     "runtime-tokio-rustls",
     "macros",
 ] }
+uuid = "1"
 
 dotenvy = "0.15"
 

crates/backend/src/controller/auth.rs

@@ -1,11 +1,11 @@
 use actix_session::Session;
 use actix_web::{
-    HttpResponse, get, post,
+    HttpResponse, Responder, post,
     web::{self, ServiceConfig},
 };
 use serde::Deserialize;
 
-use crate::error::ApiError;
+use crate::{Database, error::ApiError};
 
 #[derive(Deserialize)]
 struct LoginRequest {
@@ -19,10 +19,17 @@ pub fn setup(cfg: &mut ServiceConfig) {
 
 #[post("/login")]
 async fn login(
+    db: web::Data<Database>,
     login_request: web::Json<LoginRequest>,
     session: Session,
-) -> Result<HttpResponse, ApiError> {
+) -> Result<impl Responder, ApiError> {
     let login_request = login_request.into_inner();
 
-    todo!()
+    let user_id = db
+        .verify_local_user(&login_request.username, &login_request.password)
+        .await?;
+
+    session.insert("user", user_id)?;
+
+    Ok(HttpResponse::Ok())
 }

crates/backend/src/controller/project.rs

@@ -1,5 +1,5 @@
 use actix_web::{Result, delete, get, post, put, web};
-use sea_orm::prelude::Uuid;
+use uuid::Uuid;
 use validator::Validate;
 
 use crate::db::Database;

crates/backend/src/db/project.rs

@@ -4,9 +4,9 @@ use log::debug;
 
 use crate::entity::project;
 use sea_orm::ActiveValue::{NotSet, Set, Unchanged};
-use sea_orm::prelude::Uuid;
 use sea_orm::{ActiveModelTrait, DeleteResult, EntityTrait};
 use serde::Deserialize;
+use uuid::Uuid;
 use validator::Validate;
 
 #[derive(Deserialize, Validate)]

crates/backend/src/db/user.rs

@@ -7,13 +7,11 @@ use sea_orm::{
     ActiveModelTrait,
     ActiveValue::{NotSet, Set},
     ColumnTrait, DbErr, EntityTrait, ModelTrait, QueryFilter, TransactionTrait,
-    prelude::Uuid,
 };
+use uuid::Uuid;
 
 use crate::{Database, entity};
 
-use super::entity::local_auth;
-
 impl Database {
     pub async fn create_user(
         &self,
@@ -81,7 +79,7 @@ impl Database {
             return Err(ApiError::Unauthorized);
         }
 
-        Ok(())
+        Ok(user.id)
     }
 
     pub async fn verify_ldap_user() {}

crates/backend/src/error.rs

@@ -16,6 +16,8 @@ pub enum ApiError {
     ValidationError(#[from] validator::ValidationErrors),
     #[error("Argon2 Error: {0}")]
     Argon2Error(String),
+    #[error("Session insert error: {0}")]
+    SessionInsertError(#[from] actix_session::SessionInsertError),
 }
 
 impl ResponseError for ApiError {
@@ -27,6 +29,7 @@ impl ResponseError for ApiError {
             ApiError::BadRequest(..) => StatusCode::BAD_REQUEST,
             ApiError::ValidationError(..) => StatusCode::BAD_REQUEST,
             ApiError::Argon2Error(..) => StatusCode::INTERNAL_SERVER_ERROR,
+            ApiError::SessionInsertError(..) => StatusCode::INTERNAL_SERVER_ERROR,
         }
     }