login endpoint

src/api/auth.rs

@@ -0,0 +1,42 @@
+use axum::{
+    Json,
+    http::{HeaderMap, header},
+    response::{IntoResponse, Response},
+};
+use serde::Deserialize;
+
+use crate::users::{
+    User,
+    auth::{
+        AuthError, COOKIE_NAME, UserAuthRequired, UserAuthenticate,
+        implementation::authenticate_via_credentials,
+    },
+    sessions::Session,
+};
+
+#[derive(Deserialize)]
+pub struct LoginForm {
+    handle: String,
+    password: String,
+}
+
+pub async fn login(Json(creds): Json<LoginForm>) -> Result<Response, AuthError> {
+    let u = authenticate_via_credentials(&creds.handle, &creds.password)?.required()?;
+    let (_, token) = Session::new_for_user(&u)?;
+
+    let secure = match cfg!(debug_assertions) {
+        false => "; Secure",
+        true => "",
+    };
+    let cookie = format!(
+        "{COOKIE_NAME}={token}; Path=/; HttpOnly; SameSite=Lax; Max-Age={}{}",
+        Session::DEFAULT_PROLONGATION.num_seconds(),
+        secure
+    );
+
+    Ok(([(header::SET_COOKIE, cookie)], token).into_response())
+}
+
+pub async fn logout(headers: HeaderMap) -> Result<Response, AuthError> {
+    todo!()
+}

src/api/mod.rs

@@ -1,7 +1,7 @@
 use axum::{
     Router,
     response::{IntoResponse, Response},
-    routing::get,
+    routing::{get, post},
 };
 
 use crate::{
@@ -9,6 +9,7 @@ use crate::{
     users::{UserError, auth::AuthError, sessions::SessionError},
 };
 
+mod auth;
 mod sessions;
 mod tags;
 mod users;
@@ -17,6 +18,8 @@ mod users;
 pub fn api_router() -> Router {
     Router::new()
         .route("/api/live", get(async || "Mnemosyne lives"))
+        .route("/api/auth/login", post(auth::login))
+        .route("/api/auth/logout", post(auth::logout))
         .route("/api/users/me", get(users::get_me))
         .route("/api/users/{id}", get(users::get_by_id))
         .route("/api/users/@{handle}", get(users::get_by_handle))