When not logged in redirection to login page

Every page is locked behind a jwt, when it is not supplied neither other pages not api calls will work
2026-05-01 16:18:15 +02:00
parent b672fe9768
commit e54be14526
8 changed files with 221 additions and 68 deletions
--- a/backend/src/router.rs
+++ b/backend/src/router.rs
@@ -1,12 +1,13 @@
 use std::sync::Arc;

 use axum::{
-    Router,
+    Router, middleware,
    routing::{get, post},
 };

 use crate::{
    AppState,
+    cookie::validation::validate_token,
    handlers::{
        auth::{
            create_user, delete_user, get_current_user, get_user_by_id, get_users, login, logout,
@@ -17,7 +18,7 @@ use crate::{
 };

 pub fn create_router(state: Arc<AppState>) -> Router {
-    Router::new()
+    let protected_routes = Router::new()
        .route("/api/tickets", get(get_tickets))
        .route("/api/tickets/create", post(create_ticket))
        .route(
@@ -27,7 +28,6 @@ pub fn create_router(state: Arc<AppState>) -> Router {
                .patch(edit_ticket),
        )
        .route("/api/register", post(create_user))
-        .route("/api/login", post(login))
        .route("/api/logout", get(logout))
        .route("/api/users", get(get_users))
        .route("/api/users/current", get(get_current_user))
@@ -35,5 +35,13 @@ pub fn create_router(state: Arc<AppState>) -> Router {
            "/api/users/{id}",
            get(get_user_by_id).delete(delete_user).patch(update_user),
        )
+        .layer(middleware::from_fn_with_state(
+            state.clone(),
+            validate_token,
+        ));
+
+    Router::new()
+        .merge(protected_routes)
+        .route("/api/login", post(login))
        .with_state(state)
 }