Koucha/koucha/src/bin/webapi/routes/create_session.rs

use axum::{Json, extract::State};
use koucha::db::User as DbUser;
use reqwest::StatusCode;
use serde::{Serialize, Deserialize};

use crate::{
  AppState, routes::{ApiError, ApiResult, ApiResponse}, types::UserKey
};

#[derive(Deserialize)]
pub struct Input {
  pub user_name: String,
}

#[derive(Serialize, Deserialize)]
pub struct Output {
  user_key: UserKey,
}

pub async fn handler(
  State(mut state): State<AppState>,
  Json(body): Json<Input>,
) -> ApiResult<Output> {
  let dbuser = DbUser::temporary_auth(
      state.adapter.get_pool(),
      &body.user_name
    ).await.map_err(|_e| {
      // TODO: Logging
      ApiError {
        status: StatusCode::INTERNAL_SERVER_ERROR,
        error: "InternalError",
        message: String::from(
          "Error authentiating user ".to_owned() + &body.user_name
        ),
      }
    })?;

  let key = state.create_user_key(dbuser.key());

  Ok(ApiResponse(StatusCode::OK, Output { user_key: key }))
}
db&webapi, primitive session tokens adds a temporary auth method to users which does not require a password or similar. This is just for testing right now and assumes a self-hosted no-threats environment. Also adds a user_key state to keep track of authed users. These currently DO NOT EXPIRE which is pretty bad haha. The entire auth system will be redone. 2026-03-05 10:15:16 -08:00			`use axum::{Json, extract::State};`
			`use koucha::db::User as DbUser;`
			`use reqwest::StatusCode;`
			`use serde::{Serialize, Deserialize};`

			`use crate::{`
			`AppState, routes::{ApiError, ApiResult, ApiResponse}, types::UserKey`
			`};`

			`#[derive(Deserialize)]`
			`pub struct Input {`
			`pub user_name: String,`
			`}`

			`#[derive(Serialize, Deserialize)]`
			`pub struct Output {`
			`user_key: UserKey,`
			`}`

			`pub async fn handler(`
			`State(mut state): State<AppState>,`
			`Json(body): Json<Input>,`
			`) -> ApiResult<Output> {`
			`let dbuser = DbUser::temporary_auth(`
			`state.adapter.get_pool(),`
			`&body.user_name`
			`).await.map_err(\|_e\| {`
			`// TODO: Logging`
			`ApiError {`
			`status: StatusCode::INTERNAL_SERVER_ERROR,`
			`error: "InternalError",`
			`message: String::from(`
			`"Error authentiating user ".to_owned() + &body.user_name`
			`),`
			`}`
			`})?;`

			`let key = state.create_user_key(dbuser.key());`

			`Ok(ApiResponse(StatusCode::OK, Output { user_key: key }))`
			`}`