diff --git a/gateway/src/api/latest.rs b/gateway/src/api/latest.rs index 8aebff559..1118e4077 100644 --- a/gateway/src/api/latest.rs +++ b/gateway/src/api/latest.rs @@ -765,6 +765,16 @@ impl ApiBuilder { } pub fn with_default_routes(mut self) -> Self { + let admin_routes = Router::new() + .route("/projects", get(get_projects)) + .route("/revive", post(revive_projects)) + .route("/destroy", post(destroy_projects)) + .route("/stats/load", get(get_load_admin).delete(delete_load_admin)) + // TODO: The `/swagger-ui` responds with a 303 See Other response which is followed in + // browsers but leads to 404 Not Found. This must be investigated. + .merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi())) + .layer(ScopedLayer::new(vec![Scope::Admin])); + self.router = self .router .route("/", get(get_status)) @@ -772,10 +782,6 @@ impl ApiBuilder { "/projects", get(get_projects_list.layer(ScopedLayer::new(vec![Scope::Project]))), ) - // .route( - // "/projects/:state", - // get(get_projects_list_with_filter.layer(ScopedLayer::new(vec![Scope::Project]))), - // ) .route( "/projects/:project_name", get(get_project.layer(ScopedLayer::new(vec![Scope::Project]))) @@ -784,31 +790,8 @@ impl ApiBuilder { ) .route("/projects/:project_name/*any", any(route_project)) .route("/stats/load", post(post_load).delete(delete_load)) - .route( - "/admin/projects", - get(get_projects.layer(ScopedLayer::new(vec![Scope::Admin]))), - ) - .route( - "/admin/revive", - post(revive_projects.layer(ScopedLayer::new(vec![Scope::Admin]))), - ) - .route( - "/admin/destroy", - post(destroy_projects.layer(ScopedLayer::new(vec![Scope::Admin]))), - ) - .route( - "/admin/stats/load", - get(get_load_admin) - .delete(delete_load_admin) - .layer(ScopedLayer::new(vec![Scope::Admin])), - ) - // TODO: The `/admin/swagger-ui` responds with a 303 See Other response which is followed in - // browsers but leads to 404 Not Found. This must be investigated. - .merge( - SwaggerUi::new("/admin/swagger-ui") - .url("/admin/api-docs/openapi.json", ApiDoc::openapi()), - ) - .layer(ScopedLayer::new(vec![Scope::Admin])); + .nest("/admin", admin_routes); + self } @@ -991,6 +974,38 @@ pub mod tests { .await .unwrap(); + let get_load = || { + Request::builder() + .method("GET") + .uri("/admin/stats/load") + .body(Body::empty()) + .unwrap() + }; + + // Non-admin user cannot access admin routes + router + .call(get_load().with_header(&authorization)) + .map_ok(|resp| { + assert_eq!(resp.status(), StatusCode::FORBIDDEN); + }) + .await + .unwrap(); + + // Create new admin user + let admin_neo_key = world.create_user("admin-neo"); + world.set_super_user("admin-neo"); + + let authorization = Authorization::bearer(&admin_neo_key).unwrap(); + + // Admin user can access admin routes + router + .call(get_load().with_header(&authorization)) + .map_ok(|resp| { + assert_eq!(resp.status(), StatusCode::OK); + }) + .await + .unwrap(); + // TODO: setting the user to admin here doesn't update the cached token, so the // commands will still fail. We need to add functionality for this or modify the test. // world.set_super_user("trinity");