1 files changed, 52 insertions, 0 deletions

diff --git a/src/user/routes/login/post.rs b/src/user/routes/login/post.rs
new file mode 100644
index 0000000..39f9eea
--- /dev/null
+++ b/src/user/routes/login/post.rs
@@ -0,0 +1,52 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::Internal,
+    name::Name,
+    token::{app, extract::IdentityCookie},
+    user::{Password, User},
+};
+
+pub async fn handler(
+    State(app): State<App>,
+    RequestedAt(now): RequestedAt,
+    identity: IdentityCookie,
+    Json(request): Json<Request>,
+) -> Result<(IdentityCookie, Json<User>), Error> {
+    let (user, secret) = app
+        .tokens()
+        .login(&request.name, &request.password, &now)
+        .await
+        .map_err(Error)?;
+    let identity = identity.set(secret);
+    Ok((identity, Json(user)))
+}
+
+#[derive(serde::Deserialize)]
+pub struct Request {
+    pub name: Name,
+    pub password: Password,
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] pub app::LoginError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(error) = self;
+        match error {
+            app::LoginError::Rejected => {
+                // not error::Unauthorized due to differing messaging
+                (StatusCode::UNAUTHORIZED, "invalid name or password").into_response()
+            }
+            other => Internal::from(other).into_response(),
+        }
+    }
+}