Add auth functions for checking admin status

2024-05-19 12:20:50 -04:00 · 2024-05-19 12:20:50 -04:00 · fa26ee40ed
commit fa26ee40ed
parent c27ad19499
1 changed files with 34 additions and 0 deletions
--- a/src/auth.rs
+++ b/src/auth.rs
@ -121,3 +121,37 @@ pub async fn require_auth() -> Result<(), ServerFnError> {
 		}
 	})
 }
+
+/// Check if a user is an admin
+/// Returns a Result with a boolean indicating if the user is logged in and an admin
+#[server(endpoint = "check_admin")]
+pub async fn check_admin() -> Result<bool, ServerFnError> {
+	let auth_session = extract::<AuthSession<AuthBackend>>().await
+		.map_err(|e| ServerFnError::<NoCustomError>::ServerError(format!("Error getting auth session: {}", e)))?;
+
+	Ok(auth_session.user.as_ref().map(|u| u.admin).unwrap_or(false))
+}
+
+/// Require that a user is logged in and an admin
+/// Returns a Result with the error message if the user is not logged in or is not an admin
+/// Intended to be used at the start of a protected route, to ensure the user is logged in and an admin:
+/// ```rust
+/// use leptos::*;
+/// use libretunes::auth::require_admin;
+/// #[server(endpoint = "protected_admin_route")]
+/// pub async fn protected_admin_route() -> Result<(), ServerFnError> {
+/// 	require_admin().await?;
+/// 	// Continue with protected route
+/// 	Ok(())
+/// }
+/// ```
+#[cfg(feature = "ssr")]
+pub async fn require_admin() -> Result<(), ServerFnError> {
+	check_admin().await.and_then(|is_admin| {
+		if is_admin {
+			Ok(())
+		} else {
+			Err(ServerFnError::<NoCustomError>::ServerError(format!("Unauthorized")))
+		}
+	})
+}