db&webapi, primitive session tokens

adds a temporary auth method to users which does not require a password or similar. This is just for testing right now and assumes a self-hosted no-threats environment. Also adds a user_key state to keep track of authed users. These currently *DO NOT EXPIRE* which is pretty bad haha. The entire auth system will be redone.
2026-03-05 10:15:16 -08:00 · 2026-03-05 10:15:16 -08:00 · b089f62bcd
commit b089f62bcd
parent 949a984d0c
5 changed files with 86 additions and 3 deletions
--- a/koucha/src/bin/webapi/routes/create_session.rs
+++ b/koucha/src/bin/webapi/routes/create_session.rs
@ -0,0 +1,41 @@
+use axum::{Json, extract::State};
+use koucha::db::User as DbUser;
+use reqwest::StatusCode;
+use serde::{Serialize, Deserialize};
+
+use crate::{
+  AppState, routes::{ApiError, ApiResult, ApiResponse}, types::UserKey
+};
+
+#[derive(Deserialize)]
+pub struct Input {
+  pub user_name: String,
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct Output {
+  user_key: UserKey,
+}
+
+pub async fn handler(
+  State(mut state): State<AppState>,
+  Json(body): Json<Input>,
+) -> ApiResult<Output> {
+  let dbuser = DbUser::temporary_auth(
+      state.adapter.get_pool(),
+      &body.user_name
+    ).await.map_err(|_e| {
+      // TODO: Logging
+      ApiError {
+        status: StatusCode::INTERNAL_SERVER_ERROR,
+        error: "InternalError",
+        message: String::from(
+          "Error authentiating user ".to_owned() + &body.user_name
+        ),
+      }
+    })?;
+
+  let key = state.create_user_key(dbuser.key());
+
+  Ok(ApiResponse(StatusCode::OK, Output { user_key: key }))
+}