From 1c8fe09b1fd1919fa982ace24a014b68c2338e6d Mon Sep 17 00:00:00 2001
From: Alexander Ng <alexng353@gmail.com>
Date: Sat, 10 Jan 2026 02:54:01 -0800
Subject: [PATCH] fix: login code

---
 Cargo.lock           | 15 +++++++++++++++
 Cargo.toml           |  1 +
 Justfile             |  5 ++++-
 src/main.rs          |  8 ++++++++
 src/v1/auth/login.rs |  2 +-
 5 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index fefdf97..ebb13d5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -70,6 +70,7 @@ dependencies = [
  "sqlx",
  "tokio",
  "tower",
+ "tower-http",
  "utoipa",
  "utoipa-axum",
  "utoipa-swagger-ui",
@@ -1889,6 +1890,20 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "tower-http"
+version = "0.6.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
+dependencies = [
+ "bitflags",
+ "bytes",
+ "http",
+ "pin-project-lite",
+ "tower-layer",
+ "tower-service",
+]
+
 [[package]]
 name = "tower-layer"
 version = "0.3.3"
diff --git a/Cargo.toml b/Cargo.toml
index 864a2fe..1f95e39 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,6 +7,7 @@ edition = "2021"
 axum = { version = "0.8.1", features = ["macros", "json"] }
 tokio = { version = "1", features = ["full"] }
 tower = "0.5"
+tower-http = { version = "0.6.2", features = ["cors"] }
 utoipa = { version = "5.3.1", features = ["axum_extras"] }
 utoipa-swagger-ui = { version = "9.0.0", features = ["axum"] }
 utoipa-axum = "0.2.0"
diff --git a/Justfile b/Justfile
index 3249df8..3bcb7f5 100644
--- a/Justfile
+++ b/Justfile
@@ -9,4 +9,7 @@ build:
     cargo build --release
 
 run:
-    cargo run
\ No newline at end of file
+    cargo run
+
+dev:
+    cargo watch -x run -i "openapi.json"
\ No newline at end of file
diff --git a/src/main.rs b/src/main.rs
index e5705df..d038e79 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,6 +1,8 @@
 use std::{net::Ipv4Addr, sync::Arc};
+use axum::http::Method;
 use hmac::{Hmac, Mac};
 use tokio::net::TcpListener;
+use tower_http::cors::{Any, CorsLayer};
 use utoipa::OpenApi;
 use utoipa_axum::{router::OpenApiRouter, routes};
 use utoipa_swagger_ui::SwaggerUi;
@@ -69,11 +71,17 @@ async fn main() -> anyhow::Result<()> {
     jwt_key: Hmac::new_from_slice(jwt_secret.as_bytes()).context("Failed to create HMAC")? 
     };
 
+    let cors = CorsLayer::new()
+        .allow_methods(Any)
+        .allow_origin(["http://localhost:5173".parse().unwrap()])
+        .allow_headers(Any);
+
     let (router, api) = OpenApiRouter::with_openapi(ApiDoc::openapi())
         .routes(routes!(health_check))
         .routes(routes!(index))
         .with_state(state.clone())
         .nest("/api/v1", v1::router(state.clone()))
+        .layer(cors)
         .split_for_parts();
 
     tokio::fs::write("openapi.json", api.to_json()?).await?;
diff --git a/src/v1/auth/login.rs b/src/v1/auth/login.rs
index 6d7dd0a..e55ae5e 100644
--- a/src/v1/auth/login.rs
+++ b/src/v1/auth/login.rs
@@ -29,7 +29,7 @@ pub async fn login(
     .await?;
 
     let argon2 = Argon2::default();
-    let hash = PasswordHash::new(&body.password).expect("Password hashing failed");
+    let hash = PasswordHash::new(&user.password_hash).expect("Password hashing failed");
 
     if !argon2
         .verify_password(body.password.as_bytes(), &hash)