login register

src/shared/guard.rs

@@ -23,21 +23,25 @@ pub async fn current_admin(auth: auth::JWT, ctx: &AppContext) -> Result<users::M
     Ok(user)
 }
 
+/// Soft auth for public pages: returns the user behind a valid auth cookie, or
+/// `None`. Never errors — used to decide chrome and post-login redirects, not
+/// to gate protected handlers (use [`current_admin`] for that).
+pub async fn current_user(ctx: &AppContext, jar: &CookieJar) -> Option<users::Model> {
+    let cookie = jar.get(AUTH_COOKIE)?;
+    let jwt_config = ctx.config.get_jwt_config().ok()?;
+    let claims = loco_rs::auth::jwt::JWT::new(&jwt_config.secret)
+        .validate(cookie.value())
+        .ok()?;
+    users::Model::find_by_pid(&ctx.db, &claims.claims.pid)
+        .await
+        .ok()
+}
+
 /// Soft check for public pages: does the request carry a valid admin auth
 /// cookie? Never errors — used only to decide whether to show admin chrome.
 pub async fn logged_in(ctx: &AppContext, jar: &CookieJar) -> bool {
-    let Some(cookie) = jar.get(AUTH_COOKIE) else {
-        return false;
-    };
-    let Ok(jwt_config) = ctx.config.get_jwt_config() else {
-        return false;
-    };
-    let Ok(claims) = loco_rs::auth::jwt::JWT::new(&jwt_config.secret).validate(cookie.value())
-    else {
-        return false;
-    };
-    let Ok(user) = users::Model::find_by_pid(&ctx.db, &claims.claims.pid).await else {
-        return false;
-    };
-    is_admin(ctx, &user)
+    match current_user(ctx, jar).await {
+        Some(user) => is_admin(ctx, &user),
+        None => false,
+    }
 }