Added allow credentials

src/main.rs

@@ -35,7 +35,7 @@ async fn main() -> std::io::Result<()> {
             .wrap(DefaultHeaders::new().add((
                 "Access-Control-Allow-Origin",
                 app_state.allow_origins.join(","),
-            )))
+            )).add(("Access-Control-Allow-Credentials", "true")))
             .service(login)
             .service(register)
             .service(logout)

src/users.rs

@@ -1,5 +1,5 @@
 use crate::AppState;
-use actix_web::cookie::Cookie;
+use actix_web::cookie::{Cookie, SameSite};
 use actix_web::web::{Data, Json};
 use actix_web::{post, HttpRequest, HttpResponse, Responder};
 use argon2::password_hash::{
@@ -14,6 +14,8 @@ use serde::{Deserialize, Serialize};
 use sqlx::{query, query_as};
 use std::fs::File;
 use std::io::Read;
+use actix_web::cookie::time::{Duration, OffsetDateTime, UtcDateTime};
+use serde_json::{json, to_string};
 use uuid::Uuid;
 
 #[derive(Serialize, Deserialize)]
@@ -37,6 +39,11 @@ struct User {
     email: String,
 }
 
+struct WebUser {
+    uuid: String,
+    username: String,
+}
+
 #[derive(Serialize, Deserialize)]
 struct UserTokenClaims {
     exp: usize, // Required (validate_exp defaults to true in validation). Expiration time (as UTC timestamp)
@@ -83,23 +90,30 @@ async fn login(user_login: Json<UserLogin>, app_state: Data<AppState>) -> impl R
     let mut buf = vec![];
     key.read_to_end(&mut buf).unwrap();
     let token = encode(&header, &claims, &EncodingKey::from_ec_pem(&buf).unwrap()).unwrap();
+    let user = json!({
+        "uuid": user.uuid,
+        "username": user.username,
+        "token": token,
+    });
     // Send the JWT as cookie
     HttpResponse::Ok()
-        .cookie(Cookie::new("token", token))
+        .body(to_string(&user).unwrap())
-        .finish()
 }
 
 #[post("/logout")]
 async fn logout(req: HttpRequest, app_state: Data<AppState>) -> impl Responder {
     // Put the (KeyId, User) pair in the revoked table
     // And remove data from client
-    let token = req.cookie("token");
+    let token = req.headers().get("Authorization");
-    println!("token: {:?}", token);
     if token.is_none() {
         return HttpResponse::BadRequest().finish();
     }
     let token = token.unwrap();
-    let token = token.value();
+    let token = token.to_str();
+    if token.is_err() {
+        return HttpResponse::BadRequest().finish();
+    }
+    let token = token.unwrap().split_once(" ").unwrap().1;
     let mut key = File::open("pub.pem").unwrap();
     let mut buf = vec![];
     key.read_to_end(&mut buf).unwrap();
@@ -134,9 +148,7 @@ async fn logout(req: HttpRequest, app_state: Data<AppState>) -> impl Responder {
                 .finish();
         }
     }
-    let mut cookie = Cookie::new("token", "");
+    HttpResponse::Ok().finish()
-    cookie.make_removal();
-    HttpResponse::Ok().cookie(cookie).finish()
 }
 
 #[post("/register")]

src/utils.rs

@@ -12,6 +12,7 @@ async fn options(app_state: Data<AppState>) -> impl Responder {
             app_state.allow_origins.join(","),
         ))
         .append_header(("Access-Control-Allow-Methods", "GET, OPTIONS"))
-        .append_header(("Access-Control-Allow-Headers", "Content-Type"))
+        .append_header(("Access-Control-Allow-Headers", "Content-Type, Authorization"))
+        .append_header(("Access-Control-Allow-Credentials", "true"))
         .finish()
 }