cedros-login-server 0.0.39

Authentication server for cedros-login with email/password, Google OAuth, and Solana wallet sign-in
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

//! Admin organization handlers

use axum::{
    extract::{Path, Query, State},
    http::HeaderMap,
    Json,
};
use std::sync::Arc;
use uuid::Uuid;

use crate::callback::AuthCallback;
use crate::errors::{AppError, ERR_SYSTEM_ADMIN_REQUIRED};
use crate::models::{AdminOrgResponse, ListAdminOrgsResponse, ListOrgsQueryParams};
use crate::services::EmailService;
use crate::utils::authenticate;
use crate::AppState;

/// Validate system admin access
async fn validate_system_admin<C: AuthCallback, E: EmailService>(
    state: &Arc<AppState<C, E>>,
    headers: &HeaderMap,
) -> Result<Uuid, AppError> {
    // Authenticate via JWT or API key
    let auth_user = authenticate(state, headers).await?;

    let user = state
        .user_repo
        .find_by_id(auth_user.user_id)
        .await?
        .ok_or(AppError::InvalidToken)?;

    if !user.is_system_admin {
        return Err(AppError::Forbidden(ERR_SYSTEM_ADMIN_REQUIRED.into()));
    }

    Ok(auth_user.user_id)
}

/// GET /admin/orgs - List all organizations
///
/// Requires system admin privileges.
pub async fn list_orgs<C: AuthCallback, E: EmailService>(
    State(state): State<Arc<AppState<C, E>>>,
    headers: HeaderMap,
    Query(params): Query<ListOrgsQueryParams>,
) -> Result<Json<ListAdminOrgsResponse>, AppError> {
    validate_system_admin(&state, &headers).await?;

    let orgs = state.org_repo.list_all(params.limit, params.offset).await?;
    let total = state.org_repo.count().await?;

    let org_responses: Vec<AdminOrgResponse> = orgs.iter().map(AdminOrgResponse::from).collect();

    Ok(Json(ListAdminOrgsResponse {
        orgs: org_responses,
        total,
        limit: params.limit,
        offset: params.offset,
    }))
}

/// GET /admin/orgs/:org_id - Get a specific organization
///
/// Requires system admin privileges.
pub async fn get_org<C: AuthCallback, E: EmailService>(
    State(state): State<Arc<AppState<C, E>>>,
    headers: HeaderMap,
    Path(org_id): Path<Uuid>,
) -> Result<Json<AdminOrgResponse>, AppError> {
    validate_system_admin(&state, &headers).await?;

    let org = state
        .org_repo
        .find_by_id(org_id)
        .await?
        .ok_or(AppError::NotFound("Organization not found".into()))?;

    Ok(Json(AdminOrgResponse::from(&org)))
}