The following code represents a handler for the /signin request path and parses a query with the data from the HTML form using post_input!:

(POST) (/signin) => {
    let data = post_input!(request, {
        email: String,
        password: String,
    })?;
    let user_email = data.email;
    let user_password = data.password;
    {
        use self::schema::users::dsl::*;
        let conn = pool.get()?;
        let user = users.filter(email.eq(user_email))
            .first::<models::User>(&conn)?;
        let valid = pbkdf2_check(&user_password, &user.password)
            .map_err(|err| format_err!("pass check error: {}", err))?;
        if valid {
            let user_id = UserId {
                id: user.id,
            };
            Response::json(&user_id)
                .with_status_code(200)
        } else {
            Response::text("access denied")
                .with_status_code(403)
        }
    }
}

When the data has been extracted, we get a connection from a pool and use types generated by the diesel crate to send a query to the database. The code gets the first record from the users table with the provided email value. After that, we use the pbkdf2_check function to check that the password matches the stored one. If the user is valid, we return a JSON value with the user's ID. In the next chapters, we won't provide this service directly but will use it from another microservice. If the password doesn't match, we will return a response with a 403 status code.