feat(server): implement signup POST request and automatic sign-in

otter/src/server/web/auth.rs

@@ -30,7 +30,7 @@ pub fn router(ctx: Context) -> Router<Context> {
         // loop
         .route("/login", get(get_login).post(post_login))
         .route("/logout", post(post_logout))
-        .route("/signup", get(get_signup))
+        .route("/signup", get(get_signup).post(post_signup))
 }
 
 /// Middleware that authenticates the current user via the session token. If the credentials are
@@ -206,7 +206,38 @@ async fn get_signup(State(ctx): State<Context>, headers: HeaderMap, jar: CookieJ
 
 async fn post_signup(
     State(ctx): State<Context>,
+    jar: CookieJar,
+    user_agent: Option<TypedHeader<UserAgent>>,
     Form(signup): Form<SignupForm>,
 ) -> AppResult<Response> {
-    todo!()
+    if signup.validate(&ctx)?.valid() {
+        // Create the user and log them in
+        match tokio::task::spawn_blocking(move || {
+            let user = ctx.store.create_user(&signup.username, &signup.password)?;
+            let user_agent = user_agent.map(|header| header.to_string());
+            let session = ctx.store.user(&user).create_session(user_agent)?;
+
+            Ok::<_, AuthErr>(session)
+        })
+        .await
+        .unwrap()
+        {
+            Ok(session) => Ok((
+                // Redirect forces htmx to reload the full page, refreshing the navbar
+                [("HX-Redirect", "/")],
+                (jar.add(
+                    Cookie::build((super::SESSION_ID_COOKIE, session.id.to_string()))
+                        .secure(true)
+                        .same_site(cookie::SameSite::Lax)
+                        .http_only(true)
+                        .path("/")
+                        .max_age(Duration::days(365)),
+                )),
+            )
+                .into_response()),
+            Err(err) => Err(AppError::from(err)),
+        }
+    } else {
+        todo!("return form with error messages")
+    }
 }