From 30b0bf5b56fcaea94e6e12846846fdf5d78a43ee Mon Sep 17 00:00:00 2001
From: Lennart <18233294+lennart-k@users.noreply.github.com>
Date: Sat, 12 Apr 2025 13:12:48 +0200
Subject: [PATCH] User middleware, fix #54

---
 crates/frontend/src/routes/login.rs |  2 +-
 crates/store/src/auth/middleware.rs | 22 ++++++++++++++--------
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/crates/frontend/src/routes/login.rs b/crates/frontend/src/routes/login.rs
index 58135a8..e99422c 100644
--- a/crates/frontend/src/routes/login.rs
+++ b/crates/frontend/src/routes/login.rs
@@ -33,7 +33,7 @@ pub async fn route_post_login<AP: AuthenticationProvider>(
         .validate_user_token(&form.username, &form.password)
         .await
     {
-        session.insert("user", user).unwrap();
+        session.insert("user", user.id).unwrap();
         Redirect::to(format!("/frontend/user/{}", &form.username))
             .see_other()
             .respond_to(&req)
diff --git a/crates/store/src/auth/middleware.rs b/crates/store/src/auth/middleware.rs
index e38bf38..6013fd9 100644
--- a/crates/store/src/auth/middleware.rs
+++ b/crates/store/src/auth/middleware.rs
@@ -1,17 +1,17 @@
 use super::{AuthenticationProvider, User};
 use actix_session::Session;
 use actix_web::{
-    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
-    http::header::Header,
     FromRequest, HttpMessage,
+    dev::{Service, ServiceRequest, ServiceResponse, Transform, forward_ready},
+    http::header::Header,
 };
 use actix_web_httpauth::headers::authorization::{Authorization, Basic};
 use std::{
-    future::{ready, Future, Ready},
+    future::{Future, Ready, ready},
     pin::Pin,
     sync::Arc,
 };
-use tracing::{info_span, Instrument};
+use tracing::{Instrument, info_span};
 
 pub struct AuthenticationMiddleware<AP: AuthenticationProvider> {
     auth_provider: Arc<AP>,
@@ -81,10 +81,16 @@ where
 
             // Extract user from session cookie
             if let Ok(session) = Session::extract(req.request()).await {
-                match session.get::<User>("user") {
-                    Ok(Some(user)) => {
-                        req.extensions_mut().insert(user);
-                    }
+                match session.get::<String>("user") {
+                    Ok(Some(user_id)) => match auth_provider.get_principal(&user_id).await {
+                        Ok(Some(user)) => {
+                            req.extensions_mut().insert(user);
+                        }
+                        Ok(None) => {}
+                        Err(err) => {
+                            dbg!(err);
+                        }
+                    },
                     Ok(None) => {}
                     Err(err) => {
                         dbg!(err);