diff --git a/html-router/src/middlewares/auth_middleware.rs b/html-router/src/middlewares/auth_middleware.rs
index 8db7f50..3212b08 100644
--- a/html-router/src/middlewares/auth_middleware.rs
+++ b/html-router/src/middlewares/auth_middleware.rs
@@ -46,3 +46,14 @@ pub async fn require_auth(auth: AuthSessionType, mut request: Request, next: Nex
}
}
}
+
+pub async fn require_admin(auth: AuthSessionType, mut request: Request, next: Next) -> Response {
+ match auth.current_user {
+ Some(user) if user.admin => {
+ request.extensions_mut().insert(user);
+ next.run(request).await
+ }
+ Some(_) => TemplateResponse::redirect("/").into_response(),
+ None => TemplateResponse::redirect("/signin").into_response(),
+ }
+}
diff --git a/html-router/src/routes/admin/handlers.rs b/html-router/src/routes/admin/handlers.rs
index 9b85a47..1355f30 100644
--- a/html-router/src/routes/admin/handlers.rs
+++ b/html-router/src/routes/admin/handlers.rs
@@ -23,10 +23,7 @@ use tracing::{error, info};
use crate::{
html_state::HtmlState,
- middlewares::{
- auth_middleware::RequireUser,
- response_middleware::{HtmlError, TemplateResponse},
- },
+ middlewares::response_middleware::{HtmlError, TemplateResponse},
};
#[derive(Serialize)]
@@ -60,7 +57,6 @@ pub struct AdminPanelQuery {
pub async fn show_admin_panel(
State(state): State,
- RequireUser(_user): RequireUser,
Query(query): Query,
) -> Result {
let section = match query.section.as_deref() {
@@ -131,14 +127,8 @@ pub struct RegistrationToggleData {
pub async fn toggle_registration_status(
State(state): State,
- RequireUser(user): RequireUser,
Form(input): Form,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let current_settings = SystemSettings::get_current(&state.db).await?;
let new_settings = SystemSettings {
@@ -175,14 +165,8 @@ pub struct ModelSettingsData {
pub async fn update_model_settings(
State(state): State,
- RequireUser(user): RequireUser,
Form(input): Form,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let current_settings = SystemSettings::get_current(&state.db).await?;
// Check if using FastEmbed - if so, embedding model/dimensions cannot be changed via UI
@@ -295,13 +279,7 @@ pub struct SystemPromptEditData {
pub async fn show_edit_system_prompt(
State(state): State,
- RequireUser(user): RequireUser,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let settings = SystemSettings::get_current(&state.db).await?;
Ok(TemplateResponse::new_template(
@@ -325,14 +303,8 @@ pub struct SystemPromptSectionData {
pub async fn patch_query_prompt(
State(state): State,
- RequireUser(user): RequireUser,
Form(input): Form,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let current_settings = SystemSettings::get_current(&state.db).await?;
let new_settings = SystemSettings {
@@ -359,13 +331,7 @@ pub struct IngestionPromptEditData {
pub async fn show_edit_ingestion_prompt(
State(state): State,
- RequireUser(user): RequireUser,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let settings = SystemSettings::get_current(&state.db).await?;
Ok(TemplateResponse::new_template(
@@ -384,14 +350,8 @@ pub struct IngestionPromptUpdateInput {
pub async fn patch_ingestion_prompt(
State(state): State,
- RequireUser(user): RequireUser,
Form(input): Form,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let current_settings = SystemSettings::get_current(&state.db).await?;
let new_settings = SystemSettings {
@@ -418,13 +378,7 @@ pub struct ImagePromptEditData {
pub async fn show_edit_image_prompt(
State(state): State,
- RequireUser(user): RequireUser,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let settings = SystemSettings::get_current(&state.db).await?;
Ok(TemplateResponse::new_template(
@@ -443,14 +397,8 @@ pub struct ImagePromptUpdateInput {
pub async fn patch_image_prompt(
State(state): State,
- RequireUser(user): RequireUser,
Form(input): Form,
) -> Result {
- // Early return if the user is not admin
- if !user.admin {
- return Ok(TemplateResponse::redirect("/"));
- }
-
let current_settings = SystemSettings::get_current(&state.db).await?;
let new_settings = SystemSettings {
diff --git a/html-router/src/routes/admin/mod.rs b/html-router/src/routes/admin/mod.rs
index 7bc8bc3..c77e47e 100644
--- a/html-router/src/routes/admin/mod.rs
+++ b/html-router/src/routes/admin/mod.rs
@@ -1,6 +1,7 @@
mod handlers;
use axum::{
extract::FromRef,
+ middleware::from_fn,
routing::{get, patch},
Router,
};
@@ -10,7 +11,7 @@ use handlers::{
toggle_registration_status, update_model_settings,
};
-use crate::html_state::HtmlState;
+use crate::{html_state::HtmlState, middlewares::auth_middleware::require_admin};
pub fn router() -> Router
where
@@ -27,4 +28,5 @@ where
.route("/update-ingestion-prompt", patch(patch_ingestion_prompt))
.route("/edit-image-prompt", get(show_edit_image_prompt))
.route("/update-image-prompt", patch(patch_image_prompt))
+ .route_layer(from_fn(require_admin))
}