webapp 2.0.0

A web application completely written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

use chrono::{DateTime, Utc};
use sqlx::{PgPool, postgres::PgPoolOptions};
use std::{env, sync::OnceLock};

static POOL: OnceLock<PgPool> = OnceLock::new();

pub async fn init() -> Result<(), sqlx::Error> {
    let database_url =
        env::var("DATABASE_URL").unwrap_or_else(|_| "postgres://localhost/webapp".into());

    let pool = PgPoolOptions::new()
        .max_connections(5)
        .connect(&database_url)
        .await?;

    sqlx::migrate!().run(&pool).await?;

    POOL.set(pool).expect("database pool already initialized");

    Ok(())
}

pub fn pool() -> &'static PgPool {
    POOL.get().expect("database pool not initialized")
}

// User management

pub async fn create_user(username: &str, password_hash: &str) -> Result<(), sqlx::Error> {
    sqlx::query("INSERT INTO users (username, password_hash) VALUES ($1, $2)")
        .bind(username)
        .bind(password_hash)
        .execute(pool())
        .await?;
    Ok(())
}

pub async fn get_password_hash(username: &str) -> Result<Option<String>, sqlx::Error> {
    let row: Option<(String,)> =
        sqlx::query_as("SELECT password_hash FROM users WHERE username = $1")
            .bind(username)
            .fetch_optional(pool())
            .await?;
    Ok(row.map(|r| r.0))
}

pub async fn user_exists(username: &str) -> Result<bool, sqlx::Error> {
    let row: Option<(i32,)> = sqlx::query_as("SELECT 1 FROM users WHERE username = $1 LIMIT 1")
        .bind(username)
        .fetch_optional(pool())
        .await?;
    Ok(row.is_some())
}

// Session management

pub async fn create_session(
    token: &str,
    username: &str,
    expires_at: DateTime<Utc>,
) -> Result<(), sqlx::Error> {
    sqlx::query("INSERT INTO sessions (token, username, expires_at) VALUES ($1, $2, $3)")
        .bind(token)
        .bind(username)
        .bind(expires_at)
        .execute(pool())
        .await?;
    Ok(())
}

pub async fn session_exists(token: &str) -> Result<bool, sqlx::Error> {
    let row: Option<(i32,)> = sqlx::query_as("SELECT 1 FROM sessions WHERE token = $1 LIMIT 1")
        .bind(token)
        .fetch_optional(pool())
        .await?;
    Ok(row.is_some())
}

pub async fn update_session(
    old_token: &str,
    new_token: &str,
    expires_at: DateTime<Utc>,
) -> Result<bool, sqlx::Error> {
    let result = sqlx::query("UPDATE sessions SET token = $1, expires_at = $2 WHERE token = $3")
        .bind(new_token)
        .bind(expires_at)
        .bind(old_token)
        .execute(pool())
        .await?;
    Ok(result.rows_affected() > 0)
}

pub async fn delete_session(token: &str) -> Result<bool, sqlx::Error> {
    let result = sqlx::query("DELETE FROM sessions WHERE token = $1")
        .bind(token)
        .execute(pool())
        .await?;
    Ok(result.rows_affected() > 0)
}

pub async fn delete_expired_sessions() -> Result<u64, sqlx::Error> {
    let result = sqlx::query("DELETE FROM sessions WHERE expires_at < NOW()")
        .execute(pool())
        .await?;
    Ok(result.rows_affected())
}

#[cfg(test)]
mod tests {
    use super::*;

    async fn setup() {
        let database_url = env::var("DATABASE_URL").expect("DATABASE_URL must be set for tests");
        let pool = PgPoolOptions::new()
            .max_connections(5)
            .connect(&database_url)
            .await
            .expect("failed to connect to test database");
        // Drop existing tables and migration state to apply fresh schema
        sqlx::query("DROP TABLE IF EXISTS sessions")
            .execute(&pool)
            .await
            .unwrap();
        sqlx::query("DROP TABLE IF EXISTS users")
            .execute(&pool)
            .await
            .unwrap();
        sqlx::query("DROP TABLE IF EXISTS _sqlx_migrations")
            .execute(&pool)
            .await
            .unwrap();
        sqlx::migrate!()
            .run(&pool)
            .await
            .expect("failed to run migrations");
        let _ = POOL.set(pool);
    }

    #[tokio::test]
    async fn database_operations() {
        setup().await;

        // User creation and lookup
        create_user("alice", "$argon2id$hash").await.unwrap();
        assert!(user_exists("alice").await.unwrap());
        assert!(!user_exists("bob").await.unwrap());

        // Password hash retrieval
        let hash = get_password_hash("alice").await.unwrap();
        assert_eq!(hash.as_deref(), Some("$argon2id$hash"));
        assert!(get_password_hash("nobody").await.unwrap().is_none());

        // Session lifecycle
        let expires = Utc::now() + chrono::Duration::hours(1);
        create_session("tok1", "alice", expires).await.unwrap();
        assert!(session_exists("tok1").await.unwrap());

        let updated = update_session("tok1", "tok2", expires).await.unwrap();
        assert!(updated);
        assert!(!session_exists("tok1").await.unwrap());
        assert!(session_exists("tok2").await.unwrap());

        let deleted = delete_session("tok2").await.unwrap();
        assert!(deleted);
        assert!(!session_exists("tok2").await.unwrap());

        // Deleting nonexistent session returns false
        assert!(!delete_session("nonexistent").await.unwrap());

        // Expired session cleanup
        let past = Utc::now() - chrono::Duration::hours(1);
        create_session("expired_tok", "alice", past).await.unwrap();
        let count = delete_expired_sessions().await.unwrap();
        assert!(count > 0);
        assert!(!session_exists("expired_tok").await.unwrap());
    }
}