Authentication and form for newsletter publishing

2025-09-01 15:47:27 +02:00
parent 6f6e6ab017
commit d47fba5cc9
16 changed files with 394 additions and 408 deletions
--- a/src/startup.rs
+++ b/src/startup.rs
@@ -1,4 +1,6 @@
-use crate::{configuration::Settings, email_client::EmailClient, routes::*};
+use crate::{
+    authentication::require_auth, configuration::Settings, email_client::EmailClient, routes::*,
+};
 use axum::{
    Router,
    extract::MatchedPath,
@@ -7,7 +9,7 @@ use axum::{
    routing::{get, post},
 };
 use axum_messages::MessagesManagerLayer;
-use secrecy::{ExposeSecret, SecretString};
+use secrecy::ExposeSecret;
 use sqlx::{PgPool, postgres::PgPoolOptions};
 use std::sync::Arc;
 use tokio::net::TcpListener;
@@ -29,7 +31,6 @@ pub struct AppState {
    pub connection_pool: PgPool,
    pub email_client: Arc<EmailClient>,
    pub base_url: String,
-    pub hmac_secret: SecretString,
 }

 impl Application {
@@ -58,7 +59,6 @@ impl Application {
            connection_pool,
            email_client,
            configuration.application.base_url,
-            configuration.application.hmac_secret,
            redis_store,
        );
        Ok(Self { listener, router })
@@ -78,18 +78,17 @@ pub fn app(
    connection_pool: PgPool,
    email_client: EmailClient,
    base_url: String,
-    hmac_secret: SecretString,
    redis_store: RedisStore<Pool>,
 ) -> Router {
    let app_state = AppState {
        connection_pool,
        email_client: Arc::new(email_client),
        base_url,
-        hmac_secret,
    };
    let admin_routes = Router::new()
        .route("/dashboard", get(admin_dashboard))
        .route("/password", get(change_password_form).post(change_password))
+        .route("/newsletters", get(publish_form).post(publish))
        .route("/logout", post(logout))
        .layer(middleware::from_fn(require_auth));
    Router::new()
@@ -98,7 +97,6 @@ pub fn app(
        .route("/health_check", get(health_check))
        .route("/subscriptions", post(subscribe))
        .route("/subscriptions/confirm", get(confirm))
-        .route("/newsletters", post(publish_newsletter))
        .nest("/admin", admin_routes)
        .layer(
            TraceLayer::new_for_http().make_span_with(|request: &Request<_>| {