From 50bfe09bcf810efeec4b500ddd7d4a28bc32d7c4 Mon Sep 17 00:00:00 2001 From: Greg Shuflin Date: Tue, 4 Feb 2025 01:04:37 -0800 Subject: [PATCH] Use Feed::write_to_database method in demo --- TODO.md | 14 -------------- src/demo.rs | 26 +------------------------- src/feeds.rs | 4 ++-- 3 files changed, 3 insertions(+), 41 deletions(-) diff --git a/TODO.md b/TODO.md index 3645ecc..74b65fa 100644 --- a/TODO.md +++ b/TODO.md @@ -1,24 +1,10 @@ # TODO List -## Security Improvements - -### Make Server Secret Configurable -Currently, the server secret used for cookie encryption is not configurable and uses Rocket's default. We should: -- Add a configuration option for the server secret -- Allow it to be set via environment variable or config file -- Generate and persist a random secret on first run if none is provided -- Add documentation about the security implications of the secret - ### Improve Session Management Current session management is basic and needs improvement: -- Replace simple user_id cookie with a proper session system - Add session expiry and renewal logic - Store sessions in the database with proper cleanup - Add ability to revoke sessions - Consider adding "remember me" functionality - Add session tracking (last used, IP, user agent, etc.) -Reference: [Current basic implementation in user.rs](src/user.rs) with the comment: -```rust -// TODO there should be a more complicated notion of a session -``` \ No newline at end of file diff --git a/src/demo.rs b/src/demo.rs index cbdcff3..cad30dc 100644 --- a/src/demo.rs +++ b/src/demo.rs @@ -1,6 +1,3 @@ -use chrono; -use rocket::serde; -use sqlx; use uuid::Uuid; use crate::feeds::Feed; @@ -80,28 +77,7 @@ pub async fn setup_demo_data(pool: &sqlx::SqlitePool) { let feeds = [bbc_news, xkcd, isidore, acx]; for feed in feeds { - // TODO: This insert logic is substantially the same as Feed::write_to_database. - // Should find a way to unify these two code paths to avoid duplication. - let categorization_json = serde::json::to_value(feed.categorization) - .map_err(|e| { - eprintln!("Failed to serialize categorization: {}", e); - sqlx::Error::Decode(Box::new(e)) - }) - .unwrap(); - println!("{}", categorization_json); - - sqlx::query( - "INSERT INTO feeds (feed_id, name, url, user_id, added_time, last_checked_time, categorization) - VALUES (?1, ?2, ?3, ?4, ?5, ?6, json(?7))", - ) - .bind(feed.feed_id.to_string()) - .bind(&feed.name) - .bind(feed.url.as_str()) - .bind(feed.user_id.to_string()) - .bind(feed.added_time.to_rfc3339()) - .bind(feed.last_checked_time.to_rfc3339()) - .bind(categorization_json.to_string()) - .execute(pool) + feed.write_to_database(pool) .await .expect("Failed to create demo feed"); } diff --git a/src/feeds.rs b/src/feeds.rs index 4dda05f..d8666d2 100644 --- a/src/feeds.rs +++ b/src/feeds.rs @@ -2,9 +2,9 @@ use rocket::http::Status; use rocket::serde::{self, json::Json, Deserialize, Serialize}; use rocket_db_pools::Connection; use sqlx::types::JsonValue; +use sqlx::Executor; use url::Url; use uuid::Uuid; -use sqlx::Executor; use crate::feed_utils::fetch_feed; use crate::user::AuthenticatedUser; @@ -38,7 +38,7 @@ impl Feed { pub async fn write_to_database<'a, E>(&self, executor: E) -> sqlx::Result<()> where - E: Executor<'a, Database = sqlx::Sqlite> + E: Executor<'a, Database = sqlx::Sqlite>, { // Convert categorization to JSON value let categorization_json = serde::json::to_value(&self.categorization).map_err(|e| {