azdle/zero-to-axum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add admin section w/ basic user roles system

Browse source
This commit is contained in:
azdle 2025-07-25 15:20:34 -05:00
parent ef3cc5a11b
commit 17f1b29951
8 changed files with 214 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
migrations/20250725194521_add-user-roles.sql Normal file
View file

@ -0,0 +1,6 @@
CREATE TABLE user_roles(
role TEXT NOT NULL,
user_id uuid NOT NULL
REFERENCES users (id),
PRIMARY KEY (user_id, role)
);

7
src/server/mod.rs
View file

@ -6,6 +6,7 @@ use axum::extract::FromRef;
use axum_extra::extract::cookie::Key; use axum_extra::extract::cookie::Key;
use futures_util::FutureExt as _; use futures_util::FutureExt as _;
use pin_project::pin_project; use pin_project::pin_project;
use session::GetPgPool;
use sqlx::postgres::PgPoolOptions; use sqlx::postgres::PgPoolOptions;
use sqlx::PgPool; use sqlx::PgPool;
use std::future::{Future, IntoFuture}; use std::future::{Future, IntoFuture};
@ -111,6 +112,12 @@ impl FromRef<AppState> for Key {
} }
} }
impl GetPgPool for AppState {
fn get_pg_pool(&self) -> PgPool {
self.db.clone()
}
}
async fn shutdown_signal() { async fn shutdown_signal() {
let ctrl_c = async { let ctrl_c = async {
signal::ctrl_c() signal::ctrl_c()

95
src/server/routes/admin/mod.rs Normal file
View file

@ -0,0 +1,95 @@
use anyhow::Context;
use askama::Template;
use askama_web::WebTemplate;
use axum::{extract::State, http::StatusCode, response::IntoResponse, routing::get, Router};
use tracing::info;
use uuid::Uuid;
use crate::server::{session::Auth, AppState};
use super::ErrorPage;
pub fn build() -> Router<AppState> {
Router::new()
.route("/", get(index_page))
.route("/users", get(users_page))
}
#[derive(Template, WebTemplate, Default)]
#[template(path = "admin.html")]
struct IndexPage;
#[tracing::instrument(skip(auth))]
pub async fn index_page(auth: Auth) -> impl IntoResponse {
info!("get admin index page");
if !auth.has_role(crate::server::session::Role::Admin) {
return (StatusCode::FORBIDDEN).into_response();
}
IndexPage.into_response()
}
#[derive(Template, WebTemplate, Default)]
#[template(path = "users.html")]
struct UsersPage {
users: Vec<UserRecord>,
}
struct UserRecord {
id: Uuid,
email: String,
status: String,
}
#[tracing::instrument(skip(auth))]
pub async fn users_page(
State(AppState { db, .. }): State<AppState>,
auth: Auth,
) -> Result<impl IntoResponse, AdminError> {
info!("get login page");
if !auth.has_role(crate::server::session::Role::Admin) {
return Ok((StatusCode::FORBIDDEN).into_response());
}
let users: Vec<UserRecord> = sqlx::query!(
r#"
SELECT id, email, status FROM users;
"#
)
.fetch_all(&db)
.await
.context("fetch users from db")?
.into_iter()
.map(|r| UserRecord {
id: r.id,
email: r.email,
status: r.status,
})
.collect();
Ok(UsersPage { users }.into_response())
}
#[derive(thiserror::Error, Debug)]
pub enum AdminError {
#[error("Unknown Error: {0}")]
Unknown(#[from] anyhow::Error),
}
impl IntoResponse for AdminError {
fn into_response(self) -> axum::response::Response {
let (status, message) = match self {
AdminError::Unknown(e) => (StatusCode::INTERNAL_SERVER_ERROR, e),
};
(
status,
ErrorPage {
error: message.to_string(),
},
)
.into_response()
}
}

4
src/server/routes/mod.rs
View file

@ -1,3 +1,4 @@
mod admin;
mod auth; mod auth;
mod subscriptions; mod subscriptions;
@ -12,6 +13,7 @@ pub fn build() -> Router<AppState> {
.route("/", get(homepage)) .route("/", get(homepage))
.route("/health", get(health_check)) .route("/health", get(health_check))
.nest("/auth", auth::build()) .nest("/auth", auth::build())
.nest("/admin", admin::build())
.nest("/subscriptions", subscriptions::build()) .nest("/subscriptions", subscriptions::build())
} }
@ -22,11 +24,13 @@ async fn health_check() {}
#[template(path = "homepage.html")] #[template(path = "homepage.html")]
struct Homepage { struct Homepage {
is_logged_in: bool, is_logged_in: bool,
is_admin: bool,
} }
async fn homepage(user: Auth) -> Homepage { async fn homepage(user: Auth) -> Homepage {
Homepage { Homepage {
is_logged_in: user.user.is_some(), is_logged_in: user.user.is_some(),
is_admin: user.has_role(super::session::Role::Admin),
} }
} }

70
src/server/session/mod.rs
View file

@ -8,19 +8,61 @@ use axum::{
use axum_extra::extract::{cookie::Cookie, CookieJar}; use axum_extra::extract::{cookie::Cookie, CookieJar};
use rand::{distr::Alphanumeric, rng, Rng as _}; use rand::{distr::Alphanumeric, rng, Rng as _};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sqlx::PgPool;
use tower_sessions::Session; use tower_sessions::Session;
use uuid::Uuid; use uuid::Uuid;
#[derive(Clone, Debug, Serialize, Deserialize)] #[derive(Clone, Debug, Serialize, Deserialize)]
pub struct User { pub struct User {
pub id: Uuid, pub id: Uuid,
// roles: Vec<String>, roles: Vec<Role>,
} }
impl User { impl User {
pub fn new(id: Uuid) -> User { pub fn new(id: Uuid) -> User {
User { id } User {
id,
roles: Vec::new(),
}
} }
pub async fn fetch(db: &PgPool, id: Uuid) -> Option<User> {
let roles = sqlx::query!(
r#"
SELECT role FROM user_roles WHERE user_id = $1;
"#,
id
)
.fetch_all(db)
.await;
if let Ok(roles) = roles {
Some(User {
id,
roles: roles
.into_iter()
.filter_map(|r| match r.role.as_str() {
"user" => Some(Role::User),
"admin" => Some(Role::Admin),
_ => None,
})
.collect(),
})
} else {
None
}
}
pub fn roles(&self) -> &[Role] {
&self.roles
}
}
#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
#[serde(rename_all = "kebab-case")]
pub enum Role {
User,
Admin,
} }
pub struct Auth { pub struct Auth {
@ -29,23 +71,45 @@ pub struct Auth {
pub user: Option<User>, pub user: Option<User>,
} }
impl Auth {
pub fn has_role(&self, role: Role) -> bool {
if let Some(user) = &self.user {
user.roles().contains(&role)
} else {
false
}
}
}
impl<S> FromRequestParts<S> for Auth impl<S> FromRequestParts<S> for Auth
where where
S: Send + Sync, S: Send + Sync + GetPgPool,
{ {
type Rejection = (StatusCode, &'static str); type Rejection = (StatusCode, &'static str);
async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> { async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
let session = Session::from_request_parts(parts, state).await?; let session = Session::from_request_parts(parts, state).await?;
let db = state.get_pg_pool();
let user: Option<User> = session.get("user").await.unwrap_or_default(); let user: Option<User> = session.get("user").await.unwrap_or_default();
// pull roles from db
let user = if let Some(user) = user {
User::fetch(&db, user.id).await
} else {
user
};
// session.insert("user", &data).await.unwrap(); // session.insert("user", &data).await.unwrap();
Ok(Self { session, user }) Ok(Self { session, user })
} }
} }
pub trait GetPgPool {
fn get_pg_pool(&self) -> PgPool;
}
pub struct CsrfCookie { pub struct CsrfCookie {
jar: CookieJar, jar: CookieJar,
token: String, token: String,

7
templates/admin.html Normal file
View file

@ -0,0 +1,7 @@
<!DOCTYPE html>
<html lang="en">
<title>Admin</title>
<ul>
<li><a href="/admin/users">Users</a></li>
</ul>
</html>

8
templates/homepage.html
View file

@ -8,9 +8,15 @@
<li><a href="/auth/signup">Signup</a></li> <li><a href="/auth/signup">Signup</a></li>
</ul> </ul>
{% if is_logged_in %} {% if is_logged_in %}
<h1>Super Secret Pages</h1> <h1>Secret Pages</h1>
<ul> <ul>
<li><a href="/auth/logout">Logout</a></li> <li><a href="/auth/logout">Logout</a></li>
</ul> </ul>
{% endif %} {% endif %}
{% if is_admin %}
<h1>Super Secret Pages</h1>
<ul>
<li><a href="/admin">Admin</a></li>
</ul>
{% endif %}
</html> </html>

21
templates/users.html Normal file
View file

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<title>Users</title>
<table>
<thead>
<tr>
<th>ID</th>
<th>Email</th>
<th>Status</th>
</tr>
</thead>
<tbody>
{% for user in users %}
<tr>
<th><a href="/admin/users/{{user.id}}">{{user.id}}</a></th>
<td>{{user.email}}</td>
<td>{{user.status}}</td>
{% endfor %}
<tbody>
</table>
</html>