What is the correct way to define additional protected routes? #154

justmark · 2023-12-29T15:54:43Z

justmark
Dec 29, 2023

Hi,

Firstly, thanks for this crate!

I have used the Sqlite example to get going. I have been looking for details on how to add in additional pages beyond the example protected.html one, but I'm coming up empty handed.

I was looking to add a dashboard.html page, and went down the path of modifying the app.rs file with the following:

            .layer(HandleErrorLayer::new(|_: BoxError| async {
                StatusCode::BAD_REQUEST
            }))
            .layer(AuthManagerLayerBuilder::new(backend, session_layer).build());

        let dashboard = dashboard::router()
            .layer(auth_service)
            .route_layer(login_required!(Backend, login_url = "/login"));

        let app = protected::router()
            .route_layer(login_required!(Backend, login_url = "/login"))
            .merge(auth::router())
            .merge(dashboard);

I also added a dashboard.rs file to the web directory, using similar code from the protected.rs example. While my code compiles, and runs, it does generate an error after I login:

Can't extract auth session. Is AuthManagerLayer enabled?

I figure I'm on the right path, but everything I've tried hasn't worked. I changed the order of the dashboard::router() thinking that perhaps that might have an effect on the result, but it didn't. Any suggestions on how to add in multiple protected routes?

Thanks!

Answered by maxcountryman

Dec 29, 2023

Generally speaking, you'll want to install the auth layer at the lowest point in your route graph (at least for routes you plan to protect).

So for example, you might prefer something like this:

        let app = protected::router()
            .merge(dashboard::router())
            .route_layer(login_required!(Backend, login_url = "/login"))
            .merge(auth::router())
            .layer(auth_service);

Everything above the login_required macro is going to be protected.

View full answer

maxcountryman · 2023-12-29T16:10:35Z

maxcountryman
Dec 29, 2023
Maintainer

Generally speaking, you'll want to install the auth layer at the lowest point in your route graph (at least for routes you plan to protect).

So for example, you might prefer something like this:

        let app = protected::router()
            .merge(dashboard::router())
            .route_layer(login_required!(Backend, login_url = "/login"))
            .merge(auth::router())
            .layer(auth_service);

Everything above the login_required macro is going to be protected.

1 reply

justmark Dec 29, 2023
Author

That is the fastest response I've ever had! Thanks - your suggestion did the trick.

Much appreciated.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

What is the correct way to define additional protected routes? #154

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

What is the correct way to define additional protected routes? #154

justmark Dec 29, 2023

Replies: 1 comment · 1 reply

maxcountryman Dec 29, 2023 Maintainer

justmark Dec 29, 2023 Author

justmark
Dec 29, 2023

Replies: 1 comment 1 reply

maxcountryman
Dec 29, 2023
Maintainer

justmark Dec 29, 2023
Author