feat(shield-axum): add auth required middleware

examples/leptos-axum/src/main.rs

@@ -3,19 +3,18 @@
 async fn main() {
     use std::sync::Arc;
 
-    use axum::Router;
+    use axum::{middleware::from_fn, routing::get, Router};
     use leptos::config::{get_configuration, LeptosOptions};
-    use leptos::logging::log;
     use leptos_axum::{generate_route_list, LeptosRoutes};
     use shield::{Shield, ShieldOptions};
     use shield_examples_leptos_axum::app::*;
-    use shield_leptos_axum::{provide_axum_integration, AuthRoutes, ShieldLayer};
+    use shield_leptos_axum::{auth_required, provide_axum_integration, AuthRoutes, ShieldLayer};
     use shield_memory::{MemoryStorage, User};
     use shield_oidc::{Keycloak, OidcProvider};
     use time::Duration;
     use tokio::net::TcpListener;
     use tower_sessions::{Expiry, MemoryStore, SessionManagerLayer};
-    use tracing::level_filters::LevelFilter;
+    use tracing::{info, level_filters::LevelFilter};
     use utoipa::OpenApi;
     use utoipa_swagger_ui::SwaggerUi;
 
@@ -66,6 +65,8 @@ async fn main() {
 
     // Initialize router
     let router = Router::new()
+        .route("/api/protected", get(|| async { "Protected" }))
+        .route_layer(from_fn(auth_required::<User>))
         .nest("/api/auth", AuthRoutes::router::<User, LeptosOptions>())
         .merge(SwaggerUi::new("/api-docs").url("/api/openapi.json", Docs::openapi()))
         .leptos_routes_with_context(
@@ -85,7 +86,7 @@ async fn main() {
         .layer(session_layer);
 
     // Start app
-    log!("listening on http://{}", &addr);
+    info!("listening on http://{}", &addr);
     let listener = TcpListener::bind(&addr).await.unwrap();
     axum::serve(listener, router.into_make_service())
         .await

packages/core/shield/src/shield.rs

@@ -42,6 +42,10 @@ impl<U: User> Shield<U> {
         &*self.storage
     }
 
+    pub fn options(&self) -> &ShieldOptions {
+        &self.options
+    }
+
     pub fn provider_by_id(&self, provider_id: &str) -> Option<&dyn Provider> {
         self.providers.get(provider_id).map(|v| &**v)
     }

packages/integrations/shield-axum/src/error.rs

@@ -8,7 +8,13 @@ use shield::{ShieldError, StorageError};
 
 #[derive(Serialize)]
 #[cfg_attr(feature = "utoipa", derive(utoipa::ToSchema))]
-#[cfg_attr(feature = "utoipa", schema(as = Error))]
+#[cfg_attr(feature = "utoipa", schema(as = Error, examples(
+    json!({
+        "status_code": 500,
+        "status_reason": "Internal Server Error",
+        "message": "Unknown"
+    })
+)))]
 #[serde(rename_all = "camelCase")]
 pub struct ErrorBody {
     status_code: u16,

packages/integrations/shield-axum/src/lib.rs

@@ -1,5 +1,6 @@
 mod error;
 mod extract;
+mod middleware;
 mod path;
 mod response;
 mod router;
@@ -8,4 +9,5 @@ mod routes;
 pub use shield_tower::*;
 
 pub use extract::*;
+pub use middleware::*;
 pub use router::*;

packages/integrations/shield-axum/src/middleware.rs

@@ -0,0 +1,31 @@
+use axum::{
+    extract::Request,
+    middleware::Next,
+    response::{IntoResponse, Redirect, Response},
+};
+use shield::{ShieldError, User};
+
+use crate::{error::RouteError, ExtractShield, ExtractUser};
+
+pub async fn auth_required<U: User>(
+    ExtractUser(user): ExtractUser<U>,
+    request: Request,
+    next: Next,
+) -> Response {
+    match user {
+        Some(_) => next.run(request).await,
+        None => RouteError::from(ShieldError::Unauthorized).into_response(),
+    }
+}
+
+pub async fn auth_required_redirect<U: User>(
+    ExtractShield(shield): ExtractShield<U>,
+    ExtractUser(user): ExtractUser<U>,
+    request: Request,
+    next: Next,
+) -> Response {
+    match user {
+        Some(_) => next.run(request).await,
+        None => Redirect::to(&shield.options().sign_in_redirect).into_response(),
+    }
+}