...

core/src/errors.rs

@@ -28,6 +28,9 @@ pub trait ErrorExt: StdError {
 /// An error caused by the user.
 #[derive(Copy, Clone, Debug)]
 pub enum UserErrorKind {
+    /// Forbidden
+    Forbidden,
+
     /// The user supplied bad credentials during login.
     BadUsernameOrPassword,
 }
@@ -37,12 +40,16 @@ pub enum UserErrorKind {
 pub enum ErrorKind {
     #[doc(hidden)]
     Bcrypt,
+
     #[doc(hidden)]
     Diesel,
+
     #[doc(hidden)]
     Migrations,
+
     #[doc(hidden)]
     R2d2,
+
     #[doc(hidden)]
     Tera,
 

frontend/src/guards.rs

@@ -1,8 +1,23 @@
-use core::models::User;
+use core::{models::User, Error, UserErrorKind};
 use warp::{Filter, Rejection};
 
+use crate::session::Session;
 use crate::extractors::get;
 
 pub fn require_login() -> impl Clone + Filter<Extract = (), Error = Rejection> {
-    get::<User>().map(|_| ()).untuple_one()
+    get::<Session>()
+        .and_then(|session: Session| 
+            match session.get_user() {
+                Some(user) => Ok(()),
+                None => Err(warp::reject::not_found())
+            }
+        )
+        .recover(|_| {
+            Err(warp::reject::custom(Error::user(
+                "You're not allowed to be here.",
+                UserErrorKind::Forbidden,
+            )))
+        })
+        .unify()
+        .untuple_one()
 }

frontend/src/lib.rs

@@ -56,8 +56,7 @@ pub fn routes(state: State) -> BoxedFilter<(impl Reply,)> {
         GET ("users" / "register") => users::get_register(),
         POST ("users" / "login") => users::post_login(),
         POST ("users" / "register") => users::post_register(),
-    }
+    };
-    .recover(Error::reply);
 
     let statics = warp::path("static")
         .and(warp::path::param())
@@ -73,5 +72,5 @@ pub fn routes(state: State) -> BoxedFilter<(impl Reply,)> {
             None => warp::reply::with_header(reply, "please", "fix this"),
         });
 
-    statics.or(routes).boxed()
+    statics.or(routes).recover(Error::reply).boxed()
 }

frontend/src/teams.rs

@@ -10,7 +10,7 @@ pub fn get_create() -> Resp!() {
     require_login()
         .and(navbar())
         .and(get_context())
-        .and_then(|ctx: Context| render_template("users/login.html", ctx.into()))
+        .and_then(|ctx: Context| render_template("teams/create.html", ctx.into()))
 }
 
 pub fn get_index() -> Resp!() {

frontend/templates/teams/create.html

@@ -2,4 +2,33 @@
 {% block title %}Create Team{% endblock %}
 
 {% block content %}
+<section class="hero">
+    <div class="hero-body">
+        <div class="container has-text-centered">
+            <div class="column is-4 is-offset-4">
+                <h3 class="title has-text-grey">Create Team</h3>
+                <div class="box">
+                    <form action="/teams/create" method="POST">
+                        <div class="field">
+                            <div class="control">
+                                <input class="input" type="text" name="name" placeholder="Team name" autofocus="">
+                            </div>
+                        </div>
+                        <div class="field">
+                            <div class="control">
+                                <input class="input" type="text" name="affiliation" placeholder="(optional) affiliation" autofocus="">
+                            </div>
+                        </div>
+                        <button class="button is-block is-info is-fullwidth">Login</button>
+                    </form>
+                </div>
+                <p>&nbsp;</p>
+                <h3 class="title has-text-grey">Join Team</h3>
+                <div class="box">
+                	<p>You need an invitation to join another team!</p>
+                </div>
+            </div>
+        </div>
+    </div>
+</section>
 {% endblock %}