shared/api/endpoints/session.rs
1use crate::{
2 api::Method,
3 domain::session::{
4 CreateSessionOAuthPath, CreateSessionOAuthRequest, CreateSessionPath,
5 CreateSessionResponse, DeleteSessionPath, GetOAuthPath, GetOAuthUrlResponse,
6 },
7 error::EmptyError,
8};
9
10use super::ApiEndpoint;
11
12/// Sign in.
13///
14/// requires `Basic` auth in the form `BASE64(email:password)`
15/// see: <https://tools.ietf.org/html/rfc7617#section-2>
16pub struct Create;
17impl ApiEndpoint for Create {
18 type Path = CreateSessionPath;
19 type Req = ();
20 type Res = CreateSessionResponse;
21 type Err = EmptyError;
22 const METHOD: Method = Method::Post;
23}
24
25/// Sign in via oauth.
26///
27/// Note: If the account doesn't exist, but the oauth token is valid, it'll return a token that can be used to create an account.
28///
29/// # Errors
30/// (non exhaustive list)
31/// If there is already a user with the oauth user's email,
32/// and it isn't them - [`409 - Conflict`](http::StatusCode::CONFLICT)
33///
34/// # Flow (login)
35/// 1. [`GET /v1/session/oauth/url/{service}/{kind}`](GetOAuthUrl)
36/// 2. `POST /v1/session/oauth` (this route) with the token
37///
38/// # Flow (register)
39/// 1. [`GET /v1/session/oauth/url/{service}/{kind}`](GetOAuthUrl)
40/// * Returns the access token as a cookie + csrf token, in addition to any user profile info
41/// given by the OAuth provider.
42/// 2. `POST /v1/session/oauth` (this route) with the token
43/// 3. [`POST /v1/user/me/profile`](crate::api::endpoints::user::CreateProfile)
44/// * Optionally include the user profile information returned in #1
45pub struct CreateOAuth;
46impl ApiEndpoint for CreateOAuth {
47 type Path = CreateSessionOAuthPath;
48 type Req = CreateSessionOAuthRequest;
49 type Res = CreateSessionResponse;
50 type Err = EmptyError;
51 const METHOD: Method = Method::Post;
52}
53
54/// Get URL for oauth callback
55///
56/// # Flow (login/register)
57/// 1. `GET /v1/session/oauth/url/{service}/{kind}` (this route)
58/// 2. Continue from [`CreateOAuth`]
59pub struct GetOAuthUrl;
60impl ApiEndpoint for GetOAuthUrl {
61 type Path = GetOAuthPath;
62 type Req = ();
63 type Res = GetOAuthUrlResponse;
64 type Err = EmptyError;
65 const METHOD: Method = Method::Get;
66}
67
68/// Delete a session (logout)
69///
70/// # Authorization
71/// standard/any
72/// # Errors
73/// [`Unauthorized`](http::StatusCode::UNAUTHORIZED) if the authorization is invalid
74pub struct Delete;
75impl ApiEndpoint for Delete {
76 type Path = DeleteSessionPath;
77 type Req = ();
78 type Res = ();
79 type Err = EmptyError;
80 const METHOD: Method = Method::Delete;
81}