90340725a4
BUG-M4 修复: 之前非 admin 用户发送 malformed body 到 admin 端点时, Axum 先反序列化 body 返回 422,绕过了权限检查。 - 新增 admin_guard_middleware (auth/mod.rs) 在中间件层拦截 - account::admin_routes() 拆分 (dashboard 独立) - billing::admin_routes() + account::admin_routes() 加 guard layer - 非 admin 用户无论 body 是否合法,统一返回 403
29 lines
1.2 KiB
Rust
29 lines
1.2 KiB
Rust
//! 账号管理模块
|
|
|
|
pub mod types;
|
|
pub mod service;
|
|
pub mod handlers;
|
|
|
|
use axum::routing::{delete, get, patch, post};
|
|
|
|
pub fn routes() -> axum::Router<crate::state::AppState> {
|
|
axum::Router::new()
|
|
.route("/api/v1/accounts", get(handlers::list_accounts))
|
|
.route("/api/v1/accounts/:id", get(handlers::get_account))
|
|
.route("/api/v1/accounts/:id", patch(handlers::update_account))
|
|
.route("/api/v1/accounts/:id/status", patch(handlers::update_status))
|
|
.route("/api/v1/tokens", get(handlers::list_tokens))
|
|
.route("/api/v1/tokens", post(handlers::create_token))
|
|
.route("/api/v1/tokens/:id", delete(handlers::revoke_token))
|
|
.route("/api/v1/logs/operations", get(handlers::list_operation_logs))
|
|
.route("/api/v1/devices", get(handlers::list_devices))
|
|
.route("/api/v1/devices/register", post(handlers::register_device))
|
|
.route("/api/v1/devices/heartbeat", post(handlers::device_heartbeat))
|
|
}
|
|
|
|
/// Admin-only 路由 (需 admin_guard_middleware 保护)
|
|
pub fn admin_routes() -> axum::Router<crate::state::AppState> {
|
|
axum::Router::new()
|
|
.route("/api/v1/admin/dashboard", get(handlers::dashboard_stats))
|
|
}
|