yuzucchii.xyz/src/app/views/login.zig

const std = @import("std");
const jetzig = @import("jetzig");
const uuid4 = @import("uuid").v4;

pub const layout = "panel";

pub fn index(request: *jetzig.Request, data: *jetzig.Data) !jetzig.View {
    const cookies = try request.cookies();
    const allowed = blk: {
        const session = cookies.get("session") orelse break :blk false;

        const session_query = jetzig.database.Query(.Session)
            .findBy(.{ .session_id = session.value });
        _ = request.repo.execute(session_query) catch break :blk false;
        break :blk true;
    };

    const root = try data.object();
    try root.put("allowed", allowed);

    if (cookies.get("session")) |session| if (session.value.len != 0)
        return request.redirect("/blogs", .moved_permanently);

    return request.render(.ok);
}

pub fn post(request: *jetzig.Request) !jetzig.View {
    // ask for password
    const cookies = try request.cookies();

    const env_map = try request.allocator.create(std.process.EnvMap);
    env_map.* = try std.process.getEnvMap(request.allocator);
    defer env_map.deinit();

    const secrets = @import("dev").BLOGS_PASSWORD;

    std.debug.print("body data: {s}\n", .{request.body});

    const login_data = std.json.parseFromSliceLeaky(struct {
        password: []const u8,
    }, request.allocator, request.body, .{}) catch {
        return request.fail(.bad_request);
    };

    var buf: [0x100]u8 = undefined;
    var fba = std.heap.FixedBufferAllocator.init(&buf);
    const allocator = fba.allocator();

    if (std.mem.eql(u8, login_data.password, secrets)) {
        // logged in, creating cookie
        const uuid = try std.fmt.allocPrint(allocator, "{d}", .{uuid4.new()});

        try cookies.put(.{
            .name = "session",
            .value = uuid,
            .path = "/",
            .domain = @import("dev").DOMAIN,
            .same_site = .lax,
            .http_only = true,
            .secure = false,
            .max_age = 60 * 60 * 24 * 7, // 1 week
            .partitioned = false,
        });

        // post to Session table

        try request.repo.insert(.Session, .{ .session_id = uuid });

        return request.render(.created);
    } else {
        return request.fail(.unauthorized);
    }
}