diff options
| author | Tyler Murphy <tylermurphy534@gmail.com> | 2023-02-03 15:03:16 -0500 |
|---|---|---|
| committer | Tyler Murphy <tylermurphy534@gmail.com> | 2023-02-03 15:03:16 -0500 |
| commit | d85dd163e34ebdf963e1299b4ad3387ea713797f (patch) | |
| tree | 9f8dfedb0f48902b4fa5a2be7d57145ecf816333 /src/api/admin.rs | |
| parent | favicon fix / readme (diff) | |
| download | xssbook-d85dd163e34ebdf963e1299b4ad3387ea713797f.tar.gz xssbook-d85dd163e34ebdf963e1299b4ad3387ea713797f.tar.bz2 xssbook-d85dd163e34ebdf963e1299b4ad3387ea713797f.zip | |
docs is ssr'd
Diffstat (limited to 'src/api/admin.rs')
| -rw-r--r-- | src/api/admin.rs | 75 |
1 files changed, 74 insertions, 1 deletions
diff --git a/src/api/admin.rs b/src/api/admin.rs index a23d20f..8db3032 100644 --- a/src/api/admin.rs +++ b/src/api/admin.rs @@ -6,13 +6,29 @@ use tower_cookies::{Cookie, Cookies}; use crate::{ database, - public::admin, + public::{admin, docs::{EndpointDocumentation, EndpointMethod}}, types::{ extract::{AdminUser, Check, CheckResult, Json}, http::ResponseCode, }, }; +pub const ADMIN_AUTH: EndpointDocumentation = EndpointDocumentation { + uri: "/api/admin/auth", + method: EndpointMethod::Post, + description: "Authenticates on the admin panel", + body: Some(r#" + { + "secret" : "admin" + } + "#), + responses: &[ + (200, "Successfully executed SQL query"), + (400, " Successfully authed, admin cookie returned") + ], + cookie: None, +}; + #[derive(Deserialize)] struct AdminAuthRequest { secret: String, @@ -40,6 +56,24 @@ async fn auth(cookies: Cookies, Json(body): Json<AdminAuthRequest>) -> Response ResponseCode::Success.text("Successfully logged in") } +pub const ADMIN_QUERY: EndpointDocumentation = EndpointDocumentation { + uri: "/api/admin/query", + method: EndpointMethod::Post, + description: "Run a SQL query on the database", + body: Some(r#" + { + "query" : "DROP TABLE users;" + } + "#), + responses: &[ + (200, "Successfully executed SQL query"), + (400, "Body does not match parameters"), + (401, "Unauthorized"), + (500, "SQL query ran into an error") + ], + cookie: Some("admin"), +}; + #[derive(Deserialize)] struct QueryRequest { query: String, @@ -60,14 +94,53 @@ async fn query(_: AdminUser, Json(body): Json<QueryRequest>) -> Response { } } +pub const ADMIN_POSTS: EndpointDocumentation = EndpointDocumentation { + uri: "/api/admin/posts", + method: EndpointMethod::Post, + description: "Returns the entire posts table", + body: None, + responses: &[ + (200, "Returns sql table in <span>text/html</span>"), + (401, "Unauthorized"), + (500, "Failed to fetch data") + ], + cookie: Some("admin"), +}; + async fn posts(_: AdminUser) -> Response { admin::generate_posts() } +pub const ADMIN_USERS: EndpointDocumentation = EndpointDocumentation { + uri: "/api/admin/users", + method: EndpointMethod::Post, + description: "Returns the entire users table", + body: None, + responses: &[ + (200, "Returns sql table in <span>text/html</span>"), + (401, "Unauthorized"), + (500, "Failed to fetch data") + ], + cookie: Some("admin"), +}; + async fn users(_: AdminUser) -> Response { admin::generate_users() } +pub const ADMIN_SESSIONS: EndpointDocumentation = EndpointDocumentation { + uri: "/api/admin/sessions", + method: EndpointMethod::Post, + description: "Returns the entire sessions table", + body: None, + responses: &[ + (200, "Returns sql table in <span>text/html</span>"), + (401, "Unauthorized"), + (500, "Failed to fetch data") + ], + cookie: Some("admin"), +}; + async fn sessions(_: AdminUser) -> Response { admin::generate_sessions() } |