Restrict access to admin routes
This commit is contained in:
parent
91fd763fe1
commit
da74acaed8
@ -7,6 +7,7 @@ use std::rc::Rc;
|
|||||||
use actix_identity::RequestIdentity;
|
use actix_identity::RequestIdentity;
|
||||||
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
|
use actix_web::{dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform}, Error, HttpResponse};
|
||||||
use actix_web::body::EitherBody;
|
use actix_web::body::EitherBody;
|
||||||
|
use askama::Template;
|
||||||
|
|
||||||
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES, LOGIN_ROUTE};
|
use crate::constants::{ADMIN_ROUTES, AUTHENTICATED_ROUTES, LOGIN_ROUTE};
|
||||||
use crate::controllers::base_controller::redirect_user;
|
use crate::controllers::base_controller::redirect_user;
|
||||||
@ -55,6 +56,10 @@ impl SessionStatus {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Template)]
|
||||||
|
#[template(path = "access_denied.html")]
|
||||||
|
struct AccessDeniedTemplate {}
|
||||||
|
|
||||||
pub struct AuthInnerMiddleware<S> {
|
pub struct AuthInnerMiddleware<S> {
|
||||||
service: Rc<S>,
|
service: Rc<S>,
|
||||||
}
|
}
|
||||||
@ -99,7 +104,12 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
|
|||||||
.map_into_right_body());
|
.map_into_right_body());
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO : restrict access to admin pages
|
// Restrict access to admin pages
|
||||||
|
if !identity.is_admin() && req.path().starts_with(ADMIN_ROUTES) {
|
||||||
|
return Ok(req.into_response(HttpResponse::Unauthorized()
|
||||||
|
.body(AccessDeniedTemplate {}.render().unwrap()))
|
||||||
|
.map_into_right_body());
|
||||||
|
}
|
||||||
|
|
||||||
service
|
service
|
||||||
.call(req)
|
.call(req)
|
||||||
|
12
templates/access_denied.html
Normal file
12
templates/access_denied.html
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
|
<head>
|
||||||
|
<meta charset="UTF-8">
|
||||||
|
<title>Access denied</title>
|
||||||
|
|
||||||
|
<link href="/assets/css/bootstrap.css" rel="stylesheet" crossorigin="anonymous"/>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<p>You are not allowed to access this resource.</p>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue
Block a user