Reorganize and consolidate HTTP routes.

HTTP routes are now defined in a single, unified module, pulling them out of the topical modules they were formerly part of. This is intended to improve the navigability of the codebase. Previously, finding the handler corresponding to a specific endpoint required prior familiarity, though in practice you could usually guess from topic area. Now, all routes are defined in one place; if you know the path, you can read down the list to find the handler. Handlers themselves live with the domain they are most appropriately "part of," generally (in this version, universally) in a `handlers` submodule. The handlers themselves have been flattened down; rather than representing a path and a method, they now represent a named operation (which is suspiciously similar to the path in most cases). This means that we no longer have constructs like `crate::ui::routes::ch::channel` - it's now `crate::ui::handlers::channel` instead. ## Disclaimer I Solemnly Swear I Didn't Change Any Handlers. ## Prior art I've inadvertently reinvented Django's `urls.py` convention, and I've opted to lean into that. Merges flatter-routes-reorg into main.
author: ojacobson <ojacobson@noreply.codeberg.org> 2025-06-21 04:22:52 +0200
committer: ojacobson <ojacobson@noreply.codeberg.org> 2025-06-21 04:22:52 +0200
commit: cd1dc0dab4b46bc5712070812192d5ce34071470 (patch)
tree: c94f5a42f7e734b81892c1289a1d2b566706ba7c /src/user/handlers
parent: d84ba5cd09b713fac2f193d5c05af7415ea6742d (diff)
parent: 4e3d5ccac99b24934c972e088cd7eb02bb95df06 (diff)
7 files changed, 445 insertions, 0 deletions
diff --git a/src/user/handlers/login/mod.rs b/src/user/handlers/login/mod.rs
new file mode 100644
index 0000000..e80377e
--- /dev/null
+++ b/src/user/handlers/login/mod.rs
@@ -0,0 +1,55 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::Internal,
+    name::Name,
+    token::{app, extract::IdentityCookie},
+    user::{Password, User},
+};
+
+#[cfg(test)]
+mod test;
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(request): Json<Request>,
+) -> Result<(IdentityCookie, Json<User>), Error> {
+    let (user, secret) = app
+        .tokens()
+        .login(&request.name, &request.password, &now)
+        .await
+        .map_err(Error)?;
+    let identity = identity.set(secret);
+    Ok((identity, Json(user)))
+}
+
+#[derive(serde::Deserialize)]
+pub struct Request {
+    pub name: Name,
+    pub password: Password,
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::LoginError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        match error {
+            app::LoginError::Rejected => {
+                // not error::Unauthorized due to differing messaging
+                (StatusCode::UNAUTHORIZED, "invalid name or password").into_response()
+            }
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/user/handlers/login/test.rs b/src/user/handlers/login/test.rs
new file mode 100644
index 0000000..b8f24f6
--- /dev/null
+++ b/src/user/handlers/login/test.rs
@@ -0,0 +1,127 @@
+use axum::extract::{Json, State};
+
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn correct_credentials() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let request = super::Request {
+        name: name.clone(),
+        password,
+    };
+    let (identity, Json(response)) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect("logged in with valid credentials");
+
+    // Verify the return value's basic structure
+
+    assert_eq!(name, response.name);
+    let secret = identity
+        .secret()
+        .expect("logged in with valid credentials issues an identity cookie");
+
+    // Verify the semantics
+
+    let validated_at = fixtures::now();
+    let (_, validated_login) = app
+        .tokens()
+        .validate(&secret, &validated_at)
+        .await
+        .expect("identity secret is valid");
+
+    assert_eq!(response, validated_login);
+}
+
+#[tokio::test]
+async fn invalid_name() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let logged_in_at = fixtures::now();
+    let (name, password) = fixtures::user::propose();
+    let request = super::Request {
+        name: name.clone(),
+        password,
+    };
+    let super::Error(error) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn incorrect_password() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let login = fixtures::user::create(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::now();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = super::Request {
+        name: login.name,
+        password: fixtures::user::propose_password(),
+    };
+    let super::Error(error) =
+        super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+            .await
+            .expect_err("logged in with an incorrect password");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::LoginError::Rejected));
+}
+
+#[tokio::test]
+async fn token_expires() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let (name, password) = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+
+    // Call the endpoint
+
+    let logged_in_at = fixtures::ancient();
+    let identity = fixtures::cookie::not_logged_in();
+    let request = super::Request { name, password };
+    let (identity, _) = super::handler(State(app.clone()), logged_in_at, identity, Json(request))
+        .await
+        .expect("logged in with valid credentials");
+    let secret = identity.secret().expect("logged in with valid credentials");
+
+    // Verify the semantics
+
+    let expired_at = fixtures::now();
+    app.tokens()
+        .expire(&expired_at)
+        .await
+        .expect("expiring tokens never fails");
+
+    let verified_at = fixtures::now();
+    let error = app
+        .tokens()
+        .validate(&secret, &verified_at)
+        .await
+        .expect_err("validating an expired token");
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
diff --git a/src/user/handlers/logout/mod.rs b/src/user/handlers/logout/mod.rs
new file mode 100644
index 0000000..45a376a
--- /dev/null
+++ b/src/user/handlers/logout/mod.rs
@@ -0,0 +1,53 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::{Internal, Unauthorized},
+    token::{app, extract::IdentityCookie},
+};
+
+#[cfg(test)]
+mod test;
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(_): Json<Request>,
+) -> Result<(IdentityCookie, StatusCode), Error> {
+    if let Some(secret) = identity.secret() {
+        let (token, _) = app.tokens().validate(&secret, &now).await?;
+        app.tokens().logout(&token).await?;
+    }
+
+    let identity = identity.clear();
+    Ok((identity, StatusCode::NO_CONTENT))
+}
+
+// This forces the only valid request to be `{}`, and not the infinite
+// variation allowed when there's no body extractor.
+#[derive(Default, serde::Deserialize)]
+pub struct Request {}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::ValidateError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        match error {
+            app::ValidateError::InvalidToken | app::ValidateError::LoginDeleted => {
+                Unauthorized.into_response()
+            }
+            app::ValidateError::Name(_) | app::ValidateError::Database(_) => {
+                Internal::from(error).into_response()
+            }
+        }
+    }
+}
diff --git a/src/user/handlers/logout/test.rs b/src/user/handlers/logout/test.rs
new file mode 100644
index 0000000..8dc4636
--- /dev/null
+++ b/src/user/handlers/logout/test.rs
@@ -0,0 +1,79 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+};
+
+use crate::{test::fixtures, token::app};
+
+#[tokio::test]
+async fn successful() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+    let now = fixtures::now();
+    let creds = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+    let identity = fixtures::cookie::logged_in(&app, &creds, &now).await;
+    let secret = fixtures::cookie::secret(&identity);
+
+    // Call the endpoint
+
+    let (response_identity, response_status) = super::handler(
+        State(app.clone()),
+        fixtures::now(),
+        identity.clone(),
+        Json::default(),
+    )
+    .await
+    .expect("logged out with a valid token");
+
+    // Verify the return value's basic structure
+
+    assert!(response_identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, response_status);
+
+    // Verify the semantics
+    let error = app
+        .tokens()
+        .validate(&secret, &now)
+        .await
+        .expect_err("secret is invalid");
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
+
+#[tokio::test]
+async fn no_identity() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::not_logged_in();
+    let (identity, status) = super::handler(State(app), fixtures::now(), identity, Json::default())
+        .await
+        .expect("logged out with no token succeeds");
+
+    // Verify the return value's basic structure
+
+    assert!(identity.secret().is_none());
+    assert_eq!(StatusCode::NO_CONTENT, status);
+}
+
+#[tokio::test]
+async fn invalid_token() {
+    // Set up the environment
+
+    let app = fixtures::scratch_app().await;
+
+    // Call the endpoint
+
+    let identity = fixtures::cookie::fictitious();
+    let super::Error(error) =
+        super::handler(State(app), fixtures::now(), identity, Json::default())
+            .await
+            .expect_err("logged out with an invalid token fails");
+
+    // Verify the return value's basic structure
+
+    assert!(matches!(error, app::ValidateError::InvalidToken));
+}
diff --git a/src/user/handlers/mod.rs b/src/user/handlers/mod.rs
new file mode 100644
index 0000000..5cadbb5
--- /dev/null
+++ b/src/user/handlers/mod.rs
@@ -0,0 +1,7 @@
+mod login;
+mod logout;
+mod password;
+
+pub use login::handler as login;
+pub use logout::handler as logout;
+pub use password::handler as change_password;
diff --git a/src/user/handlers/password/mod.rs b/src/user/handlers/password/mod.rs
new file mode 100644
index 0000000..9158325
--- /dev/null
+++ b/src/user/handlers/password/mod.rs
@@ -0,0 +1,57 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::Internal,
+    token::{
+        app,
+        extract::{Identity, IdentityCookie},
+    },
+    user::{Password, User},
+};
+
+#[cfg(test)]
+mod test;
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: Identity,
+    cookie: IdentityCookie,
+    Json(request): Json<Request>,
+) -> Result<(IdentityCookie, Json<User>), Error> {
+    let (login, secret) = app
+        .tokens()
+        .change_password(&identity.user, &request.password, &request.to, &now)
+        .await
+        .map_err(Error)?;
+    let cookie = cookie.set(secret);
+    Ok((cookie, Json(login)))
+}
+
+#[derive(serde::Deserialize)]
+pub struct Request {
+    pub password: Password,
+    pub to: Password,
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::LoginError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        match error {
+            app::LoginError::Rejected => {
+                (StatusCode::BAD_REQUEST, "invalid name or password").into_response()
+            }
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
diff --git a/src/user/handlers/password/test.rs b/src/user/handlers/password/test.rs
new file mode 100644
index 0000000..42e41d8
--- /dev/null
+++ b/src/user/handlers/password/test.rs
@@ -0,0 +1,67 @@
+use axum::extract::{Json, State};
+
+use crate::{
+    test::fixtures,
+    token::app::{LoginError, ValidateError},
+};
+
+#[tokio::test]
+async fn password_change() {
+    // Set up the environment
+    let app = fixtures::scratch_app().await;
+    let creds = fixtures::user::create_with_password(&app, &fixtures::now()).await;
+    let cookie = fixtures::cookie::logged_in(&app, &creds, &fixtures::now()).await;
+    let identity = fixtures::identity::from_cookie(&app, &cookie, &fixtures::now()).await;
+
+    // Call the endpoint
+    let (name, password) = creds;
+    let to = fixtures::user::propose_password();
+    let request = super::Request {
+        password: password.clone(),
+        to: to.clone(),
+    };
+    let (new_cookie, Json(response)) = super::handler(
+        State(app.clone()),
+        fixtures::now(),
+        identity.clone(),
+        cookie.clone(),
+        Json(request),
+    )
+    .await
+    .expect("changing passwords succeeds");
+
+    // Verify that we have a new session
+    assert_ne!(cookie.secret(), new_cookie.secret());
+
+    // Verify that we're still ourselves
+    assert_eq!(identity.user, response);
+
+    // Verify that our original token is no longer valid
+    let validate_err = app
+        .tokens()
+        .validate(
+            &cookie
+                .secret()
+                .expect("original identity cookie has a secret"),
+            &fixtures::now(),
+        )
+        .await
+        .expect_err("validating the original identity secret should fail");
+    assert!(matches!(validate_err, ValidateError::InvalidToken));
+
+    // Verify that our original password is no longer valid
+    let login_err = app
+        .tokens()
+        .login(&name, &password, &fixtures::now())
+        .await
+        .expect_err("logging in with the original password should fail");
+    assert!(matches!(login_err, LoginError::Rejected));
+
+    // Verify that our new password is valid
+    let (login, _) = app
+        .tokens()
+        .login(&name, &to, &fixtures::now())
+        .await
+        .expect("logging in with the new password should succeed");
+    assert_eq!(identity.user, login);
+}
author	ojacobson <ojacobson@noreply.codeberg.org>	2025-06-21 04:22:52 +0200
committer	ojacobson <ojacobson@noreply.codeberg.org>	2025-06-21 04:22:52 +0200
commit	cd1dc0dab4b46bc5712070812192d5ce34071470 (patch)
tree	c94f5a42f7e734b81892c1289a1d2b566706ba7c /src/user/handlers
parent	d84ba5cd09b713fac2f193d5c05af7415ea6742d (diff)
parent	4e3d5ccac99b24934c972e088cd7eb02bb95df06 (diff)