schn33fuchs/ticketsystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
7f8afe1938514340cd1d5498678e4dae16f7b969
ticketsystem/backend/src/router.rs
schn33fuchs 721e43c380 Refined docs and stuff 
Docs link to each other and are generally better
2026-05-20 12:50:00 +02:00

89 lines
3.3 KiB
Rust
Raw Blame History

use std::sync::Arc;
use axum::{
Router, middleware,
routing::{get, post},
};
use crate::{
AppState,
cookie::validation::{validate_admin, validate_token},
handlers::{
auth::{
check_admin_exists, create_user, delete_user, get_current_user, get_user_by_id, get_users, login, logout,
setup_initial_admin, update_user,
},
ticket::{create_ticket, delete_ticket, edit_ticket, get_ticket_by_id, get_tickets},
},
};
/// Creates the complete router with all API endpoints.
///
/// The router is organized in layers for proper middleware application. Uses [`AppState`]
/// for shared application context across all routes.
///
/// ## Route Layers (from most to least restricted):
///
/// ### Admin-Only Routes (requires admin privilege + valid token)
/// - `GET /api/tickets/{id}` - Get specific ticket details (via `get_ticket_by_id`)
/// - `DELETE /api/tickets/{id}` - Delete a ticket (via `delete_ticket`)
/// - `PATCH /api/tickets/{id}` - Update ticket status (via `edit_ticket`)
/// - `POST /api/register` - Create a new user (via `create_user`)
/// - `GET /api/users` - List all users (via `get_users`)
/// - `GET /api/users/{id}` - Get user details (via `get_user_by_id`)
/// - `DELETE /api/users/{id}` - Delete a user (via `delete_user`)
/// - `PATCH /api/users/{id}` - Update user details (via `update_user`)
///
/// ### Protected Routes (requires valid token)
/// - `GET /api/tickets` - List all tickets (via `get_tickets`)
/// - `POST /api/tickets/create` - Create a new ticket (via `create_ticket`)
/// - `GET /api/logout` - Logout user (via `logout`)
/// - `GET /api/users/current` - Get current authenticated user (via `get_current_user`)
///
/// ### Public Routes (no authentication required)
/// - `POST /api/login` - User login (via `login`)
/// - `GET /api/check-admin` - Check if admin exists (via `check_admin_exists`)
/// - `POST /api/setup-admin` - Create initial admin account (via `setup_initial_admin`)
///
/// # Middleware Stack
/// - Admin routes have `validate_admin` middleware
/// - Protected routes have `validate_token` middleware
/// - Public routes have no authentication requirements
pub fn create_router(state: Arc<AppState>) -> Router {
let admin_routes = Router::new()
.route(
"/api/tickets/{id}",
get(get_ticket_by_id)
.delete(delete_ticket)
.patch(edit_ticket),
)
.route("/api/register", post(create_user))
.route("/api/users", get(get_users))
.route(
"/api/users/{id}",
get(get_user_by_id).delete(delete_user).patch(update_user),
)
.layer(middleware::from_fn_with_state(
state.clone(),
validate_admin,
));
let protected_routes = Router::new()
.merge(admin_routes)
.route("/api/tickets", get(get_tickets))
.route("/api/tickets/create", post(create_ticket))
.route("/api/logout", get(logout))
.route("/api/users/current", get(get_current_user))
.layer(middleware::from_fn_with_state(
state.clone(),
validate_token,
));
Router::new()
.merge(protected_routes)
.route("/api/login", post(login))
.route("/api/check-admin", get(check_admin_exists))
.route("/api/setup-admin", post(setup_initial_admin))
.with_state(state)
}
Reference in New Issue View Git Blame Copy Permalink