Add router layer to require authentication

2024-11-24 14:25:45 -05:00
parent 6592d66f87
commit d1c8615105
3 changed files with 50 additions and 1 deletions
--- a/src/util/mod.rs
+++ b/src/util/mod.rs
@ -3,6 +3,7 @@ use cfg_if::cfg_if;
 cfg_if! {
 	if #[cfg(feature = "ssr")] {
 		pub mod audio;
+		pub mod require_auth;
 	}
 }

--- a/src/util/require_auth.rs
+++ b/src/util/require_auth.rs
@ -0,0 +1,46 @@
+use axum::extract::Request;
+use axum::response::Response;
+use axum::body::Body;
+use axum::middleware::Next;
+use axum_login::AuthSession;
+use http::StatusCode;
+
+use crate::auth_backend::AuthBackend;
+
+use axum::extract::FromRequestParts;
+
+// Things in pkg/ are allowed automatically. This includes the CSS/JS/WASM files
+const ALLOWED_PATHS: [&str; 5] = ["/login", "/signup", "/api/login", "/api/signup", "/favicon.ico"];
+
+/**
+ * Middleware to require authentication for all paths except those in ALLOWED_PATHS
+ * 
+ * If a user is not authenticated, they will be redirected to the login page
+ */
+pub async fn require_auth_middleware(req: Request, next: Next) -> Result<Response<Body>, (StatusCode, &'static str)> {
+	let path = req.uri().path();
+
+	if !ALLOWED_PATHS.iter().any(|&x| x == path) {
+		let (mut parts, body) = req.into_parts();
+
+		let auth_session = AuthSession::<AuthBackend>::from_request_parts(&mut parts, &())
+			.await?;
+
+		if auth_session.user.is_none() {
+			let response = Response::builder()
+				.status(StatusCode::TEMPORARY_REDIRECT)
+				.header("Location", "/login")
+				.body(Body::empty())
+				.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Failed to build response"))?;
+
+			return Ok(response);
+		}
+
+		let req = Request::from_parts(parts, body);
+		let response = next.run(req).await;
+		Ok(response)
+	} else {
+		let response = next.run(req).await;
+		Ok(response)
+	}
+}