alvaro/normogen
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: apply JWT auth middleware to protected routes including medications
Some checks failed
Lint and Build / Lint (push) Failing after 3s
Details
Lint and Build / Build (push) Has been skipped
Details
Lint and Build / Docker Build (push) Has been skipped
Details

Browse source
This commit is contained in:
goose 2026-03-07 15:50:16 -03:00
parent 6e7ce4de87
commit d673415bc6
1 changed files with 15 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

25
backend/src/main.rs
View file

@ -77,8 +77,6 @@ async fn main() -> anyhow::Result<()> {
let jwt_service = auth::JwtService::new(config.jwt.clone()); let jwt_service = auth::JwtService::new(config.jwt.clone());
// Get the underlying MongoDB database for security services // Get the underlying MongoDB database for security services
// We need to create a database instance for the security services
// Get it from the MongoDb struct by accessing its internal database
let database = db.get_database(); let database = db.get_database();
// Initialize security services (Phase 2.6) // Initialize security services (Phase 2.6)
@ -105,16 +103,17 @@ async fn main() -> anyhow::Result<()> {
}; };
eprintln!("Building router with security middleware..."); eprintln!("Building router with security middleware...");
let app = Router::new()
// Health and status endpoints (no auth required) // Build public routes (no auth required)
let public_routes = Router::new()
.route("/health", get(handlers::health_check).head(handlers::health_check)) .route("/health", get(handlers::health_check).head(handlers::health_check))
.route("/ready", get(handlers::ready_check)) .route("/ready", get(handlers::ready_check))
// Authentication endpoints
.route("/api/auth/register", post(handlers::register)) .route("/api/auth/register", post(handlers::register))
.route("/api/auth/login", post(handlers::login)) .route("/api/auth/login", post(handlers::login))
.route("/api/auth/recover-password", post(handlers::recover_password)) .route("/api/auth/recover-password", post(handlers::recover_password));
// Build protected routes (auth required)
let protected_routes = Router::new()
// User profile management // User profile management
.route("/api/users/me", get(handlers::get_profile)) .route("/api/users/me", get(handlers::get_profile))
.route("/api/users/me", put(handlers::update_profile)) .route("/api/users/me", put(handlers::update_profile))
@ -139,7 +138,7 @@ async fn main() -> anyhow::Result<()> {
.route("/api/sessions/:id", delete(handlers::revoke_session)) .route("/api/sessions/:id", delete(handlers::revoke_session))
.route("/api/sessions/all", delete(handlers::revoke_all_sessions)) .route("/api/sessions/all", delete(handlers::revoke_all_sessions))
// Medication management // Medication management (Phase 2.7)
.route("/api/medications", post(handlers::create_medication)) .route("/api/medications", post(handlers::create_medication))
.route("/api/medications", get(handlers::list_medications)) .route("/api/medications", get(handlers::list_medications))
.route("/api/medications/:id", get(handlers::get_medication)) .route("/api/medications/:id", get(handlers::get_medication))
@ -147,7 +146,13 @@ async fn main() -> anyhow::Result<()> {
.route("/api/medications/:id/delete", post(handlers::delete_medication)) .route("/api/medications/:id/delete", post(handlers::delete_medication))
.route("/api/medications/:id/log", post(handlers::log_dose)) .route("/api/medications/:id/log", post(handlers::log_dose))
.route("/api/medications/:id/adherence", get(handlers::get_adherence)) .route("/api/medications/:id/adherence", get(handlers::get_adherence))
.layer(axum::middleware::from_fn_with_state(
state.clone(),
middleware::jwt_auth_middleware
));
let app = public_routes
.merge(protected_routes)
.with_state(state) .with_state(state)
.layer( .layer(
ServiceBuilder::new() ServiceBuilder::new()