1 files changed, 31 insertions, 12 deletions

diff --git a/src/login/routes.rs b/src/login/routes.rs
index c9def2a..a00982d 100644
--- a/src/login/routes.rs
+++ b/src/login/routes.rs
@@ -5,16 +5,20 @@ use axum::{
     routing::post,
     Router,
 };
-use axum_extra::extract::cookie::{Cookie, CookieJar};
 use chrono::Utc;
 use sqlx::sqlite::SqlitePool;
 
 use crate::error::InternalError;
 
-use super::repo::{logins::Provider as _, tokens::Provider as _};
+use super::{
+    extract::IdentityToken,
+    repo::{logins::Provider as _, tokens::Provider as _},
+};
 
 pub fn router() -> Router<SqlitePool> {
-    Router::new().route("/login", post(on_login))
+    Router::new()
+        .route("/login", post(on_login))
+        .route("/logout", post(on_logout))
 }
 
 #[derive(serde::Deserialize)]
@@ -25,10 +29,15 @@ struct Login {
 
 async fn on_login(
     State(db): State<SqlitePool>,
-    cookies: CookieJar,
+    identity: IdentityToken,
     Form(form): Form<Login>,
 ) -> Result<impl IntoResponse, InternalError> {
     let now = Utc::now();
+
+    if identity.token().is_some() {
+        return Ok((StatusCode::BAD_REQUEST, identity, "already logged in"));
+    }
+
     let mut tx = db.begin().await?;
 
     // Spelling the following in the more conventional form,
@@ -59,20 +68,30 @@ async fn on_login(
     tx.commit().await?;
 
     let resp = if let Some(token) = token {
-        let cookie = Cookie::build(("identity", token))
-            .http_only(true)
-            .permanent()
-            .build();
-        let cookies = cookies.add(cookie);
-
-        (StatusCode::OK, cookies, "logged in")
+        let identity = identity.set(&token);
+        (StatusCode::OK, identity, "logged in")
     } else {
         (
             StatusCode::UNAUTHORIZED,
-            cookies,
+            identity,
             "invalid name or password",
         )
     };
 
     Ok(resp)
 }
+
+async fn on_logout(
+    State(db): State<SqlitePool>,
+    identity: IdentityToken,
+) -> Result<impl IntoResponse, InternalError> {
+    if let Some(token) = identity.token() {
+        let mut tx = db.begin().await?;
+        tx.tokens().revoke(token).await?;
+        tx.commit().await?;
+    }
+
+    let identity = identity.clear();
+
+    Ok((StatusCode::OK, identity, "logged out"))
+}