Move auth checking to middleware

src/main.rs

@@ -53,11 +53,17 @@ async fn main() -> std::io::Result<()> {
     app.with(middleware::session());
 
     app.at("/").get(routes::index);
-    app.at("/posts").post(routes::create_post);
+    app.at("/posts")
+        .with(middleware::require_auth)
+        .post(routes::create_post);
     app.at("/posts/:id").get(routes::single_post);
-    app.at("/posts/:id/edit").get(routes::edit_post);
+    app.at("/posts/:id/edit")
+        .with(middleware::require_auth)
+        .get(routes::edit_post);
     app.at("/login").get(routes::login_page).post(routes::login);
-    app.at("/logout").post(routes::logout);
+    app.at("/logout")
+        .with(middleware::require_auth)
+        .post(routes::logout);
 
     app.listen("127.0.0.1:8080").await?;
 

src/middleware.rs

@@ -1,10 +1,10 @@
 use tide::{
     http::mime,
     sessions::{CookieStore, SessionMiddleware},
-    Response, Result, StatusCode,
+    Next, Redirect, Request, Response, Result, StatusCode,
 };
 
-use std::{env, io::ErrorKind};
+use std::{env, future::Future, io::ErrorKind, pin::Pin};
 use tera::Context;
 
 use crate::routes;
@@ -21,6 +21,20 @@ pub fn session() -> SessionMiddleware<CookieStore> {
     )
 }
 
+pub fn require_auth<'a>(
+    req: Request<()>,
+    next: Next<'a, ()>,
+) -> Pin<Box<dyn Future<Output = Result> + 'a + Send>> {
+    Box::pin(async {
+        let logged_in: bool = req.session().get("logged_in").unwrap_or(false);
+        if logged_in {
+            Ok(next.run(req).await)
+        } else {
+            Ok(Redirect::new("/login").into())
+        }
+    })
+}
+
 pub async fn errors(mut res: Response) -> Result<Response> {
     let mut context = Context::new();
 

src/routes.rs

@@ -25,17 +25,12 @@ pub async fn index(req: Request<()>) -> Result {
 }
 
 pub async fn create_post(mut req: Request<()>) -> Result {
-    let logged_in: bool = req.session().get("logged_in").unwrap_or(false);
-    if !logged_in {
-        Ok(tide::Redirect::new("/login").into())
-    } else {
-        let mut post: Post = req.body_form().await?;
-        post.id = Uuid::new_v4().to_string();
-        post.date = Local::now().date().naive_local().to_string();
-        post.body = post.body.trim().to_owned();
-        post.save().await?;
-        Ok(tide::Redirect::new("/").into())
-    }
+    let mut post: Post = req.body_form().await?;
+    post.id = Uuid::new_v4().to_string();
+    post.date = Local::now().date().naive_local().to_string();
+    post.body = post.body.trim().to_owned();
+    post.save().await?;
+    Ok(tide::Redirect::new("/").into())
 }
 
 pub async fn single_post(req: Request<()>) -> Result {
@@ -50,17 +45,13 @@ pub async fn single_post(req: Request<()>) -> Result {
 
 pub async fn edit_post(req: Request<()>) -> Result {
     let logged_in: bool = req.session().get("logged_in").unwrap_or(false);
-    if !logged_in {
-        Ok(tide::Redirect::new("/login").into())
-    } else {
-        let mut context = Context::new();
-        context.insert("logged_in", &logged_in);
-        let post_id = req.param("id")?;
-        let mut post = fs::get_one_post(post_id).await?;
-        post.body = post.body.replace("<br>", "\n");
-        context.insert("post", &post);
-        render_response("edit.html", &context)
-    }
+    let mut context = Context::new();
+    context.insert("logged_in", &logged_in);
+    let post_id = req.param("id")?;
+    let mut post = fs::get_one_post(post_id).await?;
+    post.body = post.body.replace("<br>", "\n");
+    context.insert("post", &post);
+    render_response("edit.html", &context)
 }
 
 pub async fn login_page(mut req: Request<()>) -> Result {