Remove obsolete CaptureUserIdFromCookie middleware

Author: Turbo87

src/controllers/user/session.rs

@@ -5,7 +5,6 @@ use oauth2::reqwest::http_client;
 use oauth2::{AuthorizationCode, Scope, TokenResponse};
 
 use crate::github::GithubUser;
-use crate::middleware::current_user::TrustedUserId;
 use crate::models::{NewUser, User};
 use crate::schema::users;
 use crate::util::errors::ReadOnlyMode;
@@ -108,7 +107,6 @@ pub fn authorize(req: &mut dyn RequestExt) -> EndpointResult {
     // Log in by setting a cookie and the middleware authentication
     req.session_mut()
         .insert("user_id".to_string(), user.id.to_string());
-    req.mut_extensions().insert(TrustedUserId(user.id));
 
     super::me::me(req)
 }

src/controllers/util.rs

@@ -1,8 +1,8 @@
 use chrono::Utc;
+use conduit_cookie::RequestSession;
 
 use super::prelude::*;
 
-use crate::middleware::current_user::TrustedUserId;
 use crate::middleware::log_request;
 use crate::models::{ApiToken, User};
 use crate::util::errors::{
@@ -62,9 +62,11 @@ fn verify_origin(req: &dyn RequestExt) -> AppResult<()> {
 
 fn authenticate_user(req: &dyn RequestExt) -> AppResult<AuthenticatedUser> {
     let conn = req.db_conn()?;
-    let (user_id, token_id) = if let Some(id) =
-        req.extensions().find::<TrustedUserId>().map(|x| x.0)
-    {
+
+    let session = req.session();
+    let user_id_from_session = session.get("user_id").and_then(|s| s.parse::<i32>().ok());
+
+    let (user_id, token_id) = if let Some(id) = user_id_from_session {
         (id, None)
     } else {
         // Otherwise, look for an `Authorization` header on the request

src/middleware.rs

@@ -4,7 +4,6 @@ mod prelude {
 }
 
 use self::app::AppMiddleware;
-use self::current_user::CaptureUserIdFromCookie;
 use self::debug::*;
 use self::ember_html::EmberHtml;
 use self::head::Head;
@@ -14,7 +13,6 @@ use self::static_or_continue::StaticOrContinue;
 pub mod app;
 mod balance_capacity;
 mod block_traffic;
-pub mod current_user;
 mod debug;
 mod ember_html;
 mod ensure_well_formed_500;
@@ -70,9 +68,6 @@ pub fn build_middleware(app: Arc<App>, endpoints: R404) -> MiddlewareBuilder {
 
     m.add(AppMiddleware::new(app));
 
-    // Parse and save the user_id from the session cookie as part of the authentication logic
-    m.add(CaptureUserIdFromCookie);
-
     // Note: The following `m.around()` middleware is run from bottom to top
 
     // This is currently the final middleware to run. If a middleware layer requires a database

src/middleware/current_user.rs

@@ -2,10 +2,10 @@
 //! information that we care about like User-Agent
 
 use super::prelude::*;
-use crate::middleware::current_user::TrustedUserId;
 use crate::util::request_header;
 
 use conduit::{header, Host, RequestExt, Scheme, StatusCode};
+use conduit_cookie::RequestSession;
 use sentry::Level;
 
 use std::fmt::{self, Display, Formatter};
@@ -86,10 +86,7 @@ fn report_to_sentry(req: &dyn RequestExt, res: &AfterResult, response_time: u64)
         let url = format!("{}://{}{}", scheme, host, path).parse().ok();
 
         {
-            let id = req
-                .extensions()
-                .find::<TrustedUserId>()
-                .map(|x| x.0.to_string());
+            let id = req.session().get("user_id").map(|str| str.to_string());
 
             let user = sentry::User {
                 id,