move to the proper HTTP methods

README.md

@@ -46,11 +46,12 @@ docker compose up --build
 
 Returns stored timezone and username for the given user ID.
 
-### `GET /set?timezone=<iana_timezone>`
+### `POST /set`
 
-Stores timezone for the authenticated user. Requires Discord OAuth session.
+Stores timezone for the authenticated user. Requires Discord OAuth session.  
+Body: `application/x-www-form-urlencoded` with `timezone=<iana_timezone>`
 
-### `GET /delete`
+### `DELETE /delete`
 
 Deletes the authenticated user's timezone entry. Requires Discord OAuth session.
 
@@ -69,7 +70,3 @@ Starts OAuth2 authentication flow.
 ### `GET /auth/discord/callback`
 
 Handles OAuth2 redirect and sets a session cookie.
-
-## License
-
-[BSD-3-Clause](LICENSE)

public/js/index.js

@@ -52,7 +52,11 @@ async function fetchUserInfo() {
 
 		deleteBtn.addEventListener("click", async () => {
 			try {
-				const res = await fetch("/delete", { credentials: "include" });
+				const res = await fetch("/delete", {
+					method: "DELETE",
+					credentials: "include"
+				});
+
 				if (!res.ok) throw new Error();
 
 				ts.clear();
@@ -74,8 +78,11 @@ setBtn.addEventListener("click", async () => {
 	if (!timezone) return;
 
 	try {
-		const res = await fetch(`/set?timezone=${encodeURIComponent(timezone)}`, {
+		const res = await fetch("/set", {
+			method: "POST",
 			credentials: "include",
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
+			body: `timezone=${encodeURIComponent(timezone)}`
 		});
 		if (!res.ok) throw new Error();
 		statusMsg.textContent = "Timezone updated!";

src/routes/mod.rs

@@ -2,13 +2,13 @@ use crate::db::AppState;
 use axum::{
     http::{HeaderValue, StatusCode},
     response::{Html, Response},
-    routing::{get, options},
+    routing::{delete, get, options, post},
     Router,
 };
 use std::fs;
 use tower_http::services::ServeDir;
 
-pub mod auth;
+mod auth;
 mod timezone;
 
 async fn preflight_handler() -> Response {
@@ -18,7 +18,7 @@ async fn preflight_handler() -> Response {
     headers.insert("access-control-allow-origin", HeaderValue::from_static("*"));
     headers.insert(
         "access-control-allow-methods",
-        HeaderValue::from_static("GET, POST, OPTIONS"),
+        HeaderValue::from_static("GET, POST, DELETE, OPTIONS"),
     );
     headers.insert(
         "access-control-allow-headers",
@@ -46,9 +46,9 @@ pub fn all() -> Router<AppState> {
     Router::new()
         .route("/", get(index_page))
         .route("/get", get(timezone::get_timezone))
-        .route("/set", get(timezone::set_timezone))
+        .route("/set", post(timezone::set_timezone))
         .route("/set", options(preflight_handler))
-        .route("/delete", get(timezone::delete_timezone))
+        .route("/delete", delete(timezone::delete_timezone))
         .route("/list", get(timezone::list_timezones))
         .route("/auth/discord", get(auth::start_oauth))
         .route("/auth/discord/callback", get(auth::handle_callback))

src/routes/timezone.rs

@@ -5,7 +5,7 @@ use axum::{
     extract::{Query, State},
     http::{HeaderMap, StatusCode},
     response::IntoResponse,
-    Json,
+    Form, Json,
 };
 use chrono_tz::Tz;
 use headers::{Cookie, HeaderMapExt};
@@ -182,7 +182,7 @@ pub async fn delete_timezone(
 pub async fn set_timezone(
     State(state): State<AppState>,
     headers: HeaderMap,
-    Query(query): Query<SetQuery>,
+    Form(query): Form<SetQuery>,
 ) -> impl IntoResponse {
     let Some(cookie_header) = headers.typed_get::<Cookie>() else {
         return (