partially correct cors, cookies works

2024-03-15 19:21:13 +05:00 · 2024-03-15 19:21:13 +05:00 · 721b1963a1
commit 721b1963a1
parent fb83b42393
5 changed files with 27 additions and 11 deletions
--- a/crates/frontend/build.rs
+++ b/crates/frontend/build.rs
@ -1,8 +1,21 @@
 use npm_rs::*;
+use std::{fs, io};

 fn main() {
    // TODO: add cargo:rerun-if-changed for important files

+    let paths = fs::read_dir(".")
+        .unwrap()
+        .filter(|entry| entry.is_ok())
+        .map(|file| file.map(|e| e.path()))
+        .collect::<Result<Vec<_>, io::Error>>()
+        .unwrap();
+
+    /*for path in paths {
+        println!("cargo:rerun-if-changed={}", path.to_str().unwrap());
+    }*/
+    //println!("cargo:rerun-if-changed=src/main.ts");
+
    NpmEnv::default()
        .with_node_env(&NodeEnv::from_cargo_profile().unwrap_or_default())
        .with_env("FOO", "bar")
--- a/crates/frontend/src/components/Login.vue
+++ b/crates/frontend/src/components/Login.vue
@ -4,22 +4,22 @@ const password = defineModel("password")

 async function login() {
    const response = await fetch(
-        "http://localhost:54600/api/v1/login_user",
+        "http://0.0.0.0:54600/api/v1/login_user",
        {
            method: "POST",
            headers: {
                //Accept: 'application/json',
                "Content-Type": "application/json",
+                //"Access-Control-Allow-Origin": "http://0.0.0.0"
            },
-            credentials: "same-origin",
+            credentials: "include",
            mode: "cors",
            body: JSON.stringify({ email: email.value, password: password.value })
        }
    );

-    console.log(response.headers.getSetCookie());
-    const data = await response.json();
-    console.log(data);
+    let { status, token } = await response.json();
+    console.log(status);
 }
 </script>

--- a/crates/frontend/src/main.ts
+++ b/crates/frontend/src/main.ts
@ -2,5 +2,6 @@ import { createApp } from 'vue'
 import App from './App.vue'
 import './assets/style.css'

+
 const app = createApp(App)
 app.mount('#app')
--- a/src/api/v1/mod.rs
+++ b/src/api/v1/mod.rs
@ -173,7 +173,8 @@ pub async fn login_user(
    let cookie = Cookie::build(("token", token.to_owned()))
        .path("/")
        .max_age(time::Duration::hours(1))
-        .same_site(SameSite::Lax)
+        .same_site(SameSite::None)
+        .secure(true)
        .http_only(true);

    let mut response =
@ -189,7 +190,8 @@ pub async fn logout_user() -> Result<impl IntoResponse, (StatusCode, Json<serde_
    let cookie = Cookie::build(("token", ""))
        .path("/")
        .max_age(time::Duration::hours(-1))
-        .same_site(SameSite::Lax)
+        .same_site(SameSite::None)
+        .secure(true)
        .http_only(true);

    let mut response = Response::new(serde_json::json!({"status": "success"}).to_string());
--- a/src/main.rs
+++ b/src/main.rs
@ -64,10 +64,10 @@ async fn main() {
    let lister = tokio::net::TcpListener::bind(&address).await.unwrap();

    let cors = CorsLayer::new()
-        .allow_methods([Method::GET, Method::POST])
-        .allow_headers(Any) //vec![ORIGIN, AUTHORIZATION, ACCEPT])
-        .allow_origin(Any);
-    //.allow_credentials(true); //"http://localhost:5173".parse::<HeaderValue>().unwrap());
+        .allow_methods([Method::GET, Method::POST, Method::OPTIONS])
+        .allow_headers(vec![ORIGIN, AUTHORIZATION, ACCEPT, CONTENT_TYPE])
+        .allow_origin("http://0.0.0.0:54600".parse::<HeaderValue>().unwrap()) //Any)
+        .allow_credentials(true); //"http://localhost:5173".parse::<HeaderValue>().unwrap());

    let app = Router::new()
        .route("/", get(home))