From ad45a34cf3c1c626b49786a237148cad8ea0d402 Mon Sep 17 00:00:00 2001 From: Mika Date: Wed, 9 Apr 2025 20:32:13 +0200 Subject: [PATCH] feat: add AlreadyLoggedIn error and prevent duplicate logins --- crates/backend/src/controller/auth.rs | 4 ++++ crates/backend/src/error.rs | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/crates/backend/src/controller/auth.rs b/crates/backend/src/controller/auth.rs index a24ce35..ebd00ea 100644 --- a/crates/backend/src/controller/auth.rs +++ b/crates/backend/src/controller/auth.rs @@ -30,6 +30,10 @@ async fn login( .verify_local_user(&login_request.username, &login_request.password) .await?; + if session.get::("user").is_ok() { + return Err(ApiError::AlreadyLoggedIn); + } + session.insert("user", user_id)?; Ok(HttpResponse::Ok()) diff --git a/crates/backend/src/error.rs b/crates/backend/src/error.rs index dd52cb2..e24b0a5 100644 --- a/crates/backend/src/error.rs +++ b/crates/backend/src/error.rs @@ -1,4 +1,4 @@ -use actix_web::{cookie::time::error, http::StatusCode, HttpResponse, ResponseError}; +use actix_web::{HttpResponse, ResponseError, cookie::time::error, http::StatusCode}; use sea_orm::TransactionError; use thiserror::Error; @@ -18,6 +18,8 @@ pub enum ApiError { Argon2Error(String), #[error("Session insert error: {0}")] SessionInsertError(#[from] actix_session::SessionInsertError), + #[error("Already logged in")] + AlreadyLoggedIn, } impl ResponseError for ApiError { @@ -30,6 +32,7 @@ impl ResponseError for ApiError { ApiError::ValidationError(..) => StatusCode::BAD_REQUEST, ApiError::Argon2Error(..) => StatusCode::INTERNAL_SERVER_ERROR, ApiError::SessionInsertError(..) => StatusCode::INTERNAL_SERVER_ERROR, + ApiError::AlreadyLoggedIn => StatusCode::BAD_REQUEST, } }