GW_MC/YANPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: GW_MC:b0c11c7c67dceac246b8e80192e4615dea58400a
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation
..
compare: GW_MC:feature/frontend-login
Branches Tags
GW_MC:master GW_MC:feature/upstream-service GW_MC:feature/agent-client GW_MC:feature/agent GW_MC:feature/frontend-login GW_MC:documentation

34 Commits
b0c11c7c67 ... feature/fr

Author SHA1 Message Date
GW_MC
dc7b70e039 Fix trailing whitespace
All checks were successful
Test / test-frontend (pull_request) Successful in 23s
Details
Test / lint-frontend (pull_request) Successful in 25s
Details
Test / frontend-build (pull_request) Successful in 29s
Details
Test / test (pull_request) Successful in 46s
Details
Verify / verify-generated-code (pull_request) Successful in 59s
Details
Verify / verify-openapi-spec (pull_request) Successful in 1m1s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 20s
Details
Test / lint (pull_request) Successful in 1m3s
Details
2025-12-20 18:48:35 +08:00
GW_MC
873b4a9d3a refactor: remove dead code annotations from UserService and SettingsStore traits
Some checks failed
Test / test-frontend (pull_request) Successful in 21s
Details
Test / lint-frontend (pull_request) Successful in 25s
Details
Test / frontend-build (pull_request) Successful in 29s
Details
Test / test (pull_request) Successful in 46s
Details
Verify / verify-generated-code (pull_request) Successful in 1m0s
Details
Verify / verify-openapi-spec (pull_request) Successful in 1m0s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 20s
Details
Test / lint (pull_request) Failing after 1m4s
Details
2025-12-20 18:23:43 +08:00
GW_MC
596eb8faea feat: add mock implementations for configuration settings and update AppState to include config 2025-12-20 18:22:33 +08:00
GW_MC
0cd6e837fc fix: include InvalidSignature in JWT validation error handling 2025-12-20 18:21:54 +08:00
GW_MC
be63fcbc37 feat: fix incorrect JWT cookie key 2025-12-20 16:40:41 +08:00
GW_MC
3f252a8abd feat: add required asterisk indicator to TextField component
All checks were successful
Test / test-frontend (pull_request) Successful in 22s
Details
Test / lint-frontend (pull_request) Successful in 25s
Details
Test / frontend-build (pull_request) Successful in 29s
Details
Verify / verify-generated-code (pull_request) Successful in 56s
Details
Test / test (pull_request) Successful in 46s
Details
Verify / verify-openapi-spec (pull_request) Successful in 57s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 22s
Details
Test / lint (pull_request) Successful in 1m6s
Details
2025-12-20 16:20:31 +08:00
GW_MC
0740072a60 Fix query message display code instead of message 2025-12-20 16:17:59 +08:00
GW_MC
ff752985c6 fix: update ESLint ignores to include 'build' and '.react-router'
All checks were successful
Test / test-frontend (pull_request) Successful in 30s
Details
Test / lint-frontend (pull_request) Successful in 33s
Details
Test / frontend-build (pull_request) Successful in 34s
Details
Verify / verify-generated-code (pull_request) Successful in 8m33s
Details
Verify / verify-openapi-spec (pull_request) Successful in 8m38s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 22s
Details
Test / test (pull_request) Successful in 8m58s
Details
Test / lint (pull_request) Successful in 1m8s
Details
2025-12-20 14:34:01 +08:00
GW_MC
feb5122843 reafctor toast messages into a single file 2025-12-20 14:32:42 +08:00
GW_MC
0260a03e1b Refactor query message toast 2025-12-20 14:27:08 +08:00
GW_MC
a88e4d7274 feat: add React and React Hooks support to ESLint configuration 2025-12-20 13:17:09 +08:00
GW_MC
7d99a4852b feat: implement authentication and health check providers with hooks for user management 2025-12-20 12:27:42 +08:00
GW_MC
e59e7ca4c8 feat: add user management API with endpoint to retrieve current user information 2025-12-20 12:27:10 +08:00
GW_MC
b0b765b8fa feat: implement CORS support with configuration options and middleware integration 2025-12-19 21:34:12 +08:00
GW_MC
d861e0cd7d Fix incorrect login fail handling 2025-12-19 21:20:54 +08:00
GW_MC
b2b1fbaf65 added init page 2025-12-19 21:16:52 +08:00
GW_MC
d1491b8d19 remove unused api interceptor 2025-12-19 21:16:31 +08:00
GW_MC
85e8668e34 Fix incorrect body data handling 2025-12-19 21:16:04 +08:00
GW_MC
a0a9584a4d feat: add InfoIcon component with tooltip support and integrate into TextField 2025-12-19 20:08:39 +08:00
GW_MC
737797f6dd feat: update SubmitButton component to support optional label properties and use Radix UI Button 2025-12-19 19:18:33 +08:00
GW_MC
1d1a469fe0 feat: add search parameter keys for redirect and message handling in login flow 2025-12-19 18:53:01 +08:00
GW_MC
227256e0e0 feat: implement frontend login functionality with form handling and error management 2025-12-19 18:33:34 +08:00
GW_MC
5060c84f28 added frontend linting workflow 2025-12-19 18:32:39 +08:00
GW_MC
903b7e6e5a Add ESLint plugin to Vite configuration for improved linting support 2025-12-19 13:32:30 +08:00
GW_MC
c8b7d6e09c Merge pull request 'feature/authentication service' (#9) from feature/authentication into master
All checks were successful
Test / test-frontend (push) Successful in 19s
Details
Test / frontend-build (push) Successful in 21s
Details
Verify / verify-generated-code (push) Successful in 58s
Details
Test / test (push) Successful in 46s
Details
Verify / verify-openapi-spec (push) Successful in 55s
Details
Verify / verify-frontend-api-client (push) Successful in 16s
Details
Test / lint (push) Successful in 59s
Details 
Reviewed-on: #9
 2025-12-19 12:24:45 +08:00
GW_MC
507b5f0e49 feat: enforce strict expiration checking for JWT and handle existing user identities in password strategy
All checks were successful
Test / test-frontend (pull_request) Successful in 20s
Details
Test / frontend-build (pull_request) Successful in 22s
Details
Verify / verify-generated-code (pull_request) Successful in 58s
Details
Test / test (pull_request) Successful in 47s
Details
Verify / verify-openapi-spec (pull_request) Successful in 57s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 16s
Details
Test / lint (pull_request) Successful in 1m0s
Details
2025-12-19 12:22:13 +08:00
GW_MC
ec81d3228b fix clippy warnings
Some checks failed
Test / test-frontend (pull_request) Successful in 38s
Details
Test / frontend-build (pull_request) Successful in 40s
Details
Verify / verify-generated-code (pull_request) Successful in 9m2s
Details
Verify / verify-openapi-spec (pull_request) Successful in 8m43s
Details
Verify / verify-frontend-api-client (pull_request) Successful in 18s
Details
Test / test (pull_request) Failing after 8m56s
Details
Test / lint (pull_request) Successful in 1m9s
Details
2025-12-19 10:25:55 +08:00
GW_MC
8111aaf672 feat: enhance health check with application state and initialization status 2025-12-19 10:25:22 +08:00
GW_MC
66b29b96ee remove unused user service in auth_state 2025-12-18 22:21:15 +08:00
GW_MC
86fb222d18 added serving openapi options 2025-12-18 22:19:16 +08:00
GW_MC
08b1a055a4 feat: add admin user initialization endpoint with request handling 2025-12-18 22:10:50 +08:00
GW_MC
8f2193bed2 Fix invalid query for settings and users 2025-12-18 22:10:10 +08:00
GW_MC
ed4a091d6e update swagger and api-client 2025-12-18 18:26:27 +08:00
GW_MC
ccd8bc7aa1 Include require auth middleware and login route 2025-12-18 18:26:10 +08:00
69 changed files with 4651 additions and 118 deletions
Expand all files Collapse all files

28
.github/workflows/test.yml vendored
View File

@@ -67,6 +67,34 @@ jobs:
- name: Check code formatting - name: Check code formatting
run: cargo fmt --all -- --check run: cargo fmt --all -- --check
lint-frontend:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- uses: pnpm/action-setup@v4
with:
version: 10
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
cache: 'pnpm'
cache-dependency-path: apps/frontend/pnpm-lock.yaml
- name: Install frontend dependencies
run: |
cd apps/frontend
pnpm install
- name: Run frontend linter
run: |
cd apps/frontend
pnpm lint
test-frontend: test-frontend:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

11
.vscode/settings.json vendored
View File

@@ -1,3 +1,12 @@
{ {
"cSpell.words": ["YANPM"] "cSpell.words": ["chrono", "jsonwebtoken", "oneshot", "utoipa", "YANPM"],
"sqltools.useNodeRuntime": true,
"sqltools.connections": [
{
"previewLimit": 50,
"driver": "SQLite",
"database": "${workspaceFolder:yet-another-nginx-proxy-manager}/apps/container/generated/sqlite/sqlite.db",
"name": "YANPM"
}
]
} }

49
Cargo.lock generated
View File

@@ -224,6 +224,28 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "axum-extra"
version = "0.12.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dbfe9f610fe4e99cf0cfcd03ccf8c63c28c616fe714d80475ef731f3b13dd21b"
dependencies = [
"axum",
"axum-core",
"bytes",
"cookie",
"futures-core",
"futures-util",
"http",
"http-body",
"http-body-util",
"mime",
"pin-project-lite",
"tower-layer",
"tower-service",
"tracing",
]
[[package]] [[package]]
name = "axum-macros" name = "axum-macros"
version = "0.5.0" version = "0.5.0"
@@ -607,6 +629,17 @@ dependencies = [
"unicode-segmentation", "unicode-segmentation",
] ]
[[package]]
name = "cookie"
version = "0.18.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
dependencies = [
"percent-encoding",
"time",
"version_check",
]
[[package]] [[package]]
name = "core-foundation" name = "core-foundation"
version = "0.9.4" version = "0.9.4"
@@ -3942,6 +3975,20 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "tower-http"
version = "0.6.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
dependencies = [
"bitflags 2.10.0",
"bytes",
"http",
"pin-project-lite",
"tower-layer",
"tower-service",
]
[[package]] [[package]]
name = "tower-layer" name = "tower-layer"
version = "0.3.3" version = "0.3.3"
@@ -4665,6 +4712,7 @@ dependencies = [
"argon2", "argon2",
"async-trait", "async-trait",
"axum", "axum",
"axum-extra",
"chrono", "chrono",
"clap", "clap",
"config", "config",
@@ -4679,6 +4727,7 @@ dependencies = [
"serde_json", "serde_json",
"tokio", "tokio",
"tower", "tower",
"tower-http",
"tracing", "tracing",
"tracing-subscriber", "tracing-subscriber",
"utoipa", "utoipa",

5
apps/api/Cargo.toml
View File

@@ -7,7 +7,8 @@ edition = "2024"
database = { path = "../../public/database" } database = { path = "../../public/database" }
migration = { path = "../../public/migration" } migration = { path = "../../public/migration" }
axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"]} axum = { version = "0.8.7", features = ["form", "http1", "http2", "json", "matched-path", "original-uri", "query", "tokio", "tower-log", "tracing", "macros"] }
axum-extra = { version = "0.12.2", features = ["cookie"] }
async-trait = { version = "0.1.89" } async-trait = { version = "0.1.89" }
chrono = { version = "0.4.42", features = ["clock", "std", "oldtime", "wasmbind", "serde"] } chrono = { version = "0.4.42", features = ["clock", "std", "oldtime", "wasmbind", "serde"] }
config = { version = "0.15.19", features = ["toml", "json", "yaml", "ini", "ron", "json5", "convert-case", "async"] } config = { version = "0.15.19", features = ["toml", "json", "yaml", "ini", "ron", "json5", "convert-case", "async"] }
@@ -26,3 +27,5 @@ once_cell = { version = "1.21.3" }
argon2 = { version = "0.5.3", features = ["std"] } argon2 = { version = "0.5.3", features = ["std"] }
jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] } jsonwebtoken = { version = "10.2.0", features = ["rust_crypto"] }
uuid = { version = "1.19.0", features = ["v4", "serde", "fast-rng"] } uuid = { version = "1.19.0", features = ["v4", "serde", "fast-rng"] }
tower-http = { version = "0.6.8", features = ["cors"] }

31
apps/api/src/cmd/start_server.rs
View File

@@ -13,7 +13,11 @@ use crate::{
log, log,
routes::{self, AppService, AppState}, routes::{self, AppService, AppState},
services::{ services::{
auth::{authentication::AuthenticationServiceImpl, user::UserServiceImpl}, auth::{
authentication::{AuthenticationServiceImpl, strategies::password::PasswordStrategy},
user::UserServiceImpl,
},
server_state::ServerStateService,
settings::SettingsService, settings::SettingsService,
}, },
tasks, tasks,
@@ -84,7 +88,23 @@ pub async fn start_server() {
// build the axum app and run the server... // build the axum app and run the server...
info!("Starting application..."); info!("Starting application...");
let app: Router = routes::get_root_router(Arc::new(get_app_state(&db_connection, &settings))); let mut app: Router = routes::get_root_router(
Arc::new(get_app_state(&db_connection, &settings)),
Arc::new(settings.server.cors.clone()),
);
if settings.server.serve_openapi {
info!("Enabling OpenAPI documentation endpoint at /openapi.json");
app = app.route(
"/openapi.json",
axum::routing::get(|| async {
use utoipa::OpenApi;
let doc = routes::ApiDoc::openapi();
doc.to_pretty_json()
.expect("Failed to serialize OpenAPI doc to JSON")
}),
);
}
let address = format!("{}:{}", settings.server.address, settings.server.port); let address = format!("{}:{}", settings.server.address, settings.server.port);
info!("Starting server at http://{}", address); info!("Starting server at http://{}", address);
@@ -127,11 +147,18 @@ fn get_app_state(
) -> AppState { ) -> AppState {
AppState { AppState {
database_connection: db_connection.clone(), database_connection: db_connection.clone(),
config: Arc::new(settings.clone()),
service: Arc::new(AppService { service: Arc::new(AppService {
server_state: Arc::new(ServerStateService::new(db_connection.clone())),
settings: Arc::new(SettingsService::new(db_connection.clone())), settings: Arc::new(SettingsService::new(db_connection.clone())),
auth_state: routes::AuthState {
strategy: routes::AuthStrategy {
password: Arc::new(PasswordStrategy::new(db_connection.clone())),
},
authentication: Arc::new(AuthenticationServiceImpl::new( authentication: Arc::new(AuthenticationServiceImpl::new(
settings.auth.jwt_secret.clone(), settings.auth.jwt_secret.clone(),
)), )),
},
user: Arc::new(UserServiceImpl::new(db_connection.clone())), user: Arc::new(UserServiceImpl::new(db_connection.clone())),
}), }),
} }

12
apps/api/src/configs.rs
View File

@@ -11,6 +11,8 @@ use tracing::{debug, error};
pub trait FromConfig: Sized { pub trait FromConfig: Sized {
fn from_config(config: &Config) -> Result<Self, String>; fn from_config(config: &Config) -> Result<Self, String>;
fn validate(&self) -> Result<(), String>; fn validate(&self) -> Result<(), String>;
#[cfg(test)]
fn mock() -> Self;
} }
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
@@ -40,6 +42,16 @@ impl FromConfig for ProgramSettings {
self.auth.validate()?; self.auth.validate()?;
Ok(()) Ok(())
} }
#[cfg(test)]
fn mock() -> Self {
ProgramSettings {
logging: logging::LoggingSettings::mock(),
database: database::DatabaseSettings::mock(),
server: server::ServerSettings::mock(),
auth: auth::AuthSettings::mock(),
}
}
} }
pub fn get_program_settings() -> ProgramSettings { pub fn get_program_settings() -> ProgramSettings {

9
apps/api/src/configs/auth.rs
View File

@@ -48,4 +48,13 @@ impl FromConfig for AuthSettings {
fn validate(&self) -> Result<(), String> { fn validate(&self) -> Result<(), String> {
Ok(()) Ok(())
} }
#[cfg(test)]
fn mock() -> Self {
AuthSettings {
jwt_secret: Some("mock_jwt_secret".to_string()),
default_admin_username: Some("admin".to_string()),
default_admin_password: Some("password".to_string()),
}
}
} }

9
apps/api/src/configs/database.rs
View File

@@ -50,4 +50,13 @@ impl FromConfig for DatabaseSettings {
fn validate(&self) -> Result<(), String> { fn validate(&self) -> Result<(), String> {
Ok(()) Ok(())
} }
#[cfg(test)]
fn mock() -> Self {
DatabaseSettings {
url: "sqlite::memory:".to_string(),
max_connections: 5,
migrate_on_startup: true,
}
}
} }

3
apps/api/src/configs/key.rs
View File

@@ -3,6 +3,9 @@ pub(crate) const LOGGING_UTC_KEY: &str = "LOGGING.UTC";
// //
pub(crate) const SERVER_ADDRESS_KEY: &str = "SERVER.ADDRESS"; pub(crate) const SERVER_ADDRESS_KEY: &str = "SERVER.ADDRESS";
pub(crate) const SERVER_PORT_KEY: &str = "SERVER.PORT"; pub(crate) const SERVER_PORT_KEY: &str = "SERVER.PORT";
pub(crate) const SERVER_SERVE_OPENAPI_KEY: &str = "SERVER.SERVE_OPENAPI";
pub(crate) const SERVER_CORS_ALLOWED_ORIGINS_KEY: &str = "SERVER.CORS.ALLOWED_ORIGINS";
pub(crate) const SERVER_COOKIES_SECURE_KEY: &str = "SERVER.COOKIES.SECURE";
// //
pub(crate) const DATABASE_URL_KEY: &str = "DATABASE.URL"; pub(crate) const DATABASE_URL_KEY: &str = "DATABASE.URL";
pub(crate) const DATABASE_MAX_CONNECTIONS_KEY: &str = "DATABASE.MAX_CONNECTIONS"; pub(crate) const DATABASE_MAX_CONNECTIONS_KEY: &str = "DATABASE.MAX_CONNECTIONS";

8
apps/api/src/configs/logging.rs
View File

@@ -49,4 +49,12 @@ impl FromConfig for LoggingSettings {
fn validate(&self) -> Result<(), String> { fn validate(&self) -> Result<(), String> {
Ok(()) Ok(())
} }
#[cfg(test)]
fn mock() -> Self {
LoggingSettings {
level: Level::INFO,
utc: false,
}
}
} }

77
apps/api/src/configs/server.rs
View File

@@ -3,6 +3,10 @@ use std::net::IpAddr;
use config::{Config, ConfigError}; use config::{Config, ConfigError};
use tracing::warn; use tracing::warn;
use crate::configs::key::{
SERVER_COOKIES_SECURE_KEY, SERVER_CORS_ALLOWED_ORIGINS_KEY, SERVER_SERVE_OPENAPI_KEY,
};
use super::{ use super::{
FromConfig, FromConfig,
key::{SERVER_ADDRESS_KEY, SERVER_PORT_KEY}, key::{SERVER_ADDRESS_KEY, SERVER_PORT_KEY},
@@ -12,6 +16,19 @@ use super::{
pub struct ServerSettings { pub struct ServerSettings {
pub address: IpAddr, pub address: IpAddr,
pub port: u16, pub port: u16,
pub serve_openapi: bool,
pub cors: CORSSettings,
pub cookies: CookiesSettings,
}
#[derive(Debug, Clone)]
pub struct CORSSettings {
pub allowed_origins: Vec<String>,
}
#[derive(Debug, Clone)]
pub struct CookiesSettings {
pub secure: bool,
} }
impl FromConfig for ServerSettings { impl FromConfig for ServerSettings {
@@ -43,6 +60,53 @@ impl FromConfig for ServerSettings {
); );
DEFAULT_PORT DEFAULT_PORT
}) as u16, }) as u16,
serve_openapi: _config
.get_bool(SERVER_SERVE_OPENAPI_KEY)
.unwrap_or_else(|err| {
const DEFAULT_SERVE_OPENAPI: bool = false;
warn!(
"{} not set or invalid in configuration, defaulting to {}. Error: {}",
SERVER_SERVE_OPENAPI_KEY, DEFAULT_SERVE_OPENAPI, err
);
DEFAULT_SERVE_OPENAPI
}),
cors: CORSSettings {
allowed_origins: _config
.get_array(SERVER_CORS_ALLOWED_ORIGINS_KEY)
.unwrap_or_else(|_| vec![])
.into_iter()
.filter_map(|val| match val.into_string() {
Ok(s) => Some(s),
Err(e) => {
warn!(
"Invalid origin in {} configuration: {}",
SERVER_CORS_ALLOWED_ORIGINS_KEY, e
);
None
}
})
.collect(),
},
cookies: CookiesSettings {
secure: _config
.get_bool(SERVER_COOKIES_SECURE_KEY)
.inspect(|is_secure| {
if !*is_secure {
warn!("Cookie 'secure' flag is disabled; this is not recommended in production environments.");
}
})
.unwrap_or_else(|err| {
const DEFAULT_COOKIES_SECURE: bool = true;
warn!(
"{} not set or invalid in configuration, defaulting to {}. Error: {}",
SERVER_COOKIES_SECURE_KEY, DEFAULT_COOKIES_SECURE, err
);
DEFAULT_COOKIES_SECURE
}),
},
}) })
} }
@@ -53,4 +117,17 @@ impl FromConfig for ServerSettings {
} }
Ok(()) Ok(())
} }
#[cfg(test)]
fn mock() -> Self {
ServerSettings {
address: "0.0.0.0".parse().unwrap(),
port: 8080,
serve_openapi: false,
cors: CORSSettings {
allowed_origins: vec![],
},
cookies: CookiesSettings { secure: true },
}
}
} }

2
apps/api/src/helpers/constants.rs
View File

@@ -1 +1,3 @@
pub const ADMIN_INIT_SECRET_KEY: &str = "admin_init_secret"; pub const ADMIN_INIT_SECRET_KEY: &str = "admin_init_secret";
//
pub const JWT_COOKIE_NAME: &str = "session_jwt";

2
apps/api/src/main.rs
View File

@@ -1,3 +1,5 @@
#![forbid(unsafe_code)]
mod cmd; mod cmd;
mod configs; mod configs;
mod errors; mod errors;

45
apps/api/src/middlewares.rs
View File

@@ -1,25 +1,60 @@
pub mod request_info;
pub mod require_auth;
use std::{sync::Arc, time::Duration};
use axum::{ use axum::{
BoxError, Router, BoxError, Router,
error_handling::HandleErrorLayer, error_handling::HandleErrorLayer,
http::{Method, StatusCode, Uri}, http::{HeaderValue, Method, StatusCode, Uri},
}; };
use std::time::Duration;
use tower::{ServiceBuilder, timeout::TimeoutLayer}; use tower::{ServiceBuilder, timeout::TimeoutLayer};
use tower_http::cors::{AllowHeaders, AllowOrigin, CorsLayer};
use tracing::warn; use tracing::warn;
use crate::{configs::server::CORSSettings, routes::AppState};
pub const TIMEOUT_DURATION_SECS: u64 = 30; pub const TIMEOUT_DURATION_SECS: u64 = 30;
pub fn apply_root_middleware(router: Router) -> Router { pub fn apply_root_middleware(
router: Router,
_state: Arc<AppState>,
cors_settings: Arc<CORSSettings>,
) -> Router {
let timeout_layer = TimeoutLayer::new(Duration::from_secs(TIMEOUT_DURATION_SECS)); let timeout_layer = TimeoutLayer::new(Duration::from_secs(TIMEOUT_DURATION_SECS));
let service_builder = ServiceBuilder::new() let service_builder = ServiceBuilder::new()
.layer(HandleErrorLayer::new(handle_timeout_error)) .layer(HandleErrorLayer::new(handle_timeout_error))
.layer(timeout_layer); .layer(timeout_layer)
.layer(get_cors_layer(cors_settings));
router.layer(service_builder) router.layer(service_builder)
} }
pub fn get_cors_layer(cors_settings: Arc<CORSSettings>) -> CorsLayer {
let mut cors_layer = CorsLayer::new()
.allow_credentials(true)
.allow_headers(AllowHeaders::mirror_request());
let allowed_origins = &cors_settings.allowed_origins;
if allowed_origins.contains(&"*".to_string()) {
cors_layer = cors_layer.allow_origin(AllowOrigin::mirror_request());
warn!(
"Wildcard origin is found in allowed origins. CORS is configured to allow requests from any origin. Only use this setting in development or if you understand the security implications."
);
} else {
for origin in allowed_origins {
if let Ok(header_value) = HeaderValue::from_str(origin) {
cors_layer = cors_layer.allow_origin(AllowOrigin::exact(header_value));
} else {
warn!("Invalid CORS origin: {}", origin);
}
}
}
cors_layer
}
pub async fn handle_timeout_error( pub async fn handle_timeout_error(
method: Method, method: Method,
uri: Uri, uri: Uri,

6
apps/api/src/middlewares/request_info.rs Normal file
View File

@@ -0,0 +1,6 @@
use uuid::Uuid;
#[derive(Clone, Debug)]
pub struct RequestInfo {
pub user_id: Option<Uuid>,
}

70
apps/api/src/middlewares/require_auth.rs Normal file
View File

@@ -0,0 +1,70 @@
use std::sync::Arc;
use axum::{
extract::State,
http::{Request, StatusCode},
middleware::Next,
response::Response,
};
use axum_extra::extract::cookie::CookieJar;
use tracing::debug;
use uuid::Uuid;
use crate::{
errors::service_error::ServiceError, helpers::constants::JWT_COOKIE_NAME,
middlewares::request_info::RequestInfo, routes::AppState,
};
pub async fn require_auth(
cookies: CookieJar,
State(state): State<Arc<AppState>>,
req: Request<axum::body::Body>,
next: Next,
) -> Result<Response, StatusCode> {
// get jwt from cookies
let auth_service = &state.service.auth_state.authentication;
let token = if let Some(cookie) = cookies.get(JWT_COOKIE_NAME) {
cookie.value().to_string()
} else {
debug!("No JWT cookie found. cookies: {:?}", cookies);
return handle_unauthenticated().await;
};
// validate jwt
let is_valid = auth_service.is_valid_jwt(&token, None).await;
let user_id = match is_valid {
Ok(Some(claims)) => claims
.sub
.parse::<Uuid>()
.map_err(|_| StatusCode::UNAUTHORIZED)?,
Ok(None) => return handle_unauthenticated().await,
Err(err) => {
tracing::error!("Error validating JWT: {}", err);
return Err(StatusCode::INTERNAL_SERVER_ERROR);
}
};
// ensure user exists
if let Err(err) = state.service.user.get_user_by_id(user_id, None).await {
match err {
ServiceError::NotFound(_) => return handle_unauthenticated().await,
_ => {
tracing::error!("Error fetching user by ID: {}", err);
return Err(StatusCode::INTERNAL_SERVER_ERROR);
}
}
}
let mut req = req;
let user = req
.extensions_mut()
.get_or_insert_with(|| RequestInfo { user_id: None });
user.user_id = Some(user_id);
Ok(next.run(req).await)
}
async fn handle_unauthenticated() -> Result<Response, StatusCode> {
// TODO: log unauthenticated access attempts
Err(StatusCode::UNAUTHORIZED)
}

45
apps/api/src/routes.rs
View File

@@ -9,44 +9,57 @@ use axum::{Extension, Router};
use migration::sea_orm::DatabaseConnection; use migration::sea_orm::DatabaseConnection;
use crate::{ use crate::{
configs::{ProgramSettings, server::CORSSettings},
middlewares, middlewares,
services::{ services::{
auth::{authentication::AuthenticationService, user::UserService}, auth::{
authentication::{AuthenticationService, strategies::password::PasswordStrategy},
user::UserService,
},
server_state::ServerStateStore,
settings::SettingsStore, settings::SettingsStore,
}, },
}; };
#[derive(Clone)] #[derive(Clone)]
pub struct AppState { pub struct AppState {
// TODO: remove dead_code allowances when fields are used
#[allow(dead_code)]
pub database_connection: Arc<DatabaseConnection>, pub database_connection: Arc<DatabaseConnection>,
// TODO: remove dead_code allowances when fields are used
#[allow(dead_code)]
pub service: Arc<AppService>, pub service: Arc<AppService>,
pub config: Arc<ProgramSettings>,
} }
pub type ServiceState<T> = Arc<T>; pub type ServiceState<T> = Arc<T>;
pub struct AppService { pub struct AuthStrategy {
#[allow(dead_code)] // TODO: remove when used pub password: ServiceState<PasswordStrategy>,
pub settings: ServiceState<dyn SettingsStore>,
#[allow(dead_code)] // TODO: remove when used
pub authentication: ServiceState<dyn AuthenticationService>,
#[allow(dead_code)] // TODO: remove when used
pub user: ServiceState<dyn UserService>,
} }
pub fn get_root_router(state: impl Into<Arc<AppState>>) -> Router { pub struct AuthState {
pub strategy: AuthStrategy,
pub authentication: ServiceState<dyn AuthenticationService>,
}
pub struct AppService {
pub settings: ServiceState<dyn SettingsStore>,
pub auth_state: AuthState,
pub user: ServiceState<dyn UserService>,
pub server_state: ServiceState<dyn ServerStateStore>,
}
pub fn get_root_router(
state: impl Into<Arc<AppState>>,
cors_settings: Arc<CORSSettings>,
) -> Router {
let mut router = Router::new(); let mut router = Router::new();
let state = state.into();
router = router router = router
.nest("/api", api::get_api_router()) .nest("/api", api::get_api_router(state.clone()))
.merge(view::get_view_router()); .merge(view::get_view_router());
router = middlewares::apply_root_middleware(router); router = middlewares::apply_root_middleware(router, state.clone(), cors_settings);
router = router.layer(Extension(state.into())); router = router.layer(Extension(state.clone()));
router router
} }

12
apps/api/src/routes/api.rs
View File

@@ -1,13 +1,21 @@
mod auth;
mod health; mod health;
mod openapi; mod openapi;
mod restricted;
use std::sync::Arc;
use crate::routes::AppState;
pub use self::openapi::ApiDoc; pub use self::openapi::ApiDoc;
use axum::{Router, response::IntoResponse, routing::any}; use axum::{Router, response::IntoResponse, routing::any};
pub fn get_api_router() -> Router { pub fn get_api_router(state: Arc<AppState>) -> Router {
Router::new() Router::new()
.nest("/health", health::get_health_router()) .nest("/health", health::get_health_router(state.clone()))
.merge(auth::get_basic_auth_router(state.clone()))
.merge(restricted::get_restricted_router(state.clone()))
// explicit fallback for unmatched API routes // explicit fallback for unmatched API routes
.route("/{*wildcard}", any(api_fallback_handler)) .route("/{*wildcard}", any(api_fallback_handler))
} }

15
apps/api/src/routes/api/auth.rs Normal file
View File

@@ -0,0 +1,15 @@
pub mod init_admin;
pub mod login;
use std::sync::Arc;
use axum::{Router, routing::post};
use crate::routes::AppState;
pub fn get_basic_auth_router(state: Arc<AppState>) -> Router {
Router::new()
.route("/auth/login", post(login::login))
.route("/auth/init_admin", post(init_admin::init_admin))
.with_state(state)
}

143
apps/api/src/routes/api/auth/init_admin.rs Normal file
View File

@@ -0,0 +1,143 @@
use std::sync::Arc;
use axum::{
Json,
extract::State,
http::StatusCode,
response::{IntoResponse, Response},
};
use database::generated::entities::user;
use sea_orm::{ColumnTrait, EntityTrait, QueryFilter, TransactionTrait};
use serde::{Deserialize, Serialize};
use serde_json::{Value, from_value};
use tracing::{debug, error, info, warn};
use crate::{
helpers::constants::ADMIN_INIT_SECRET_KEY,
routes::{AppState, api::openapi::tag::AUTH_TAG},
services::auth::user::NewUser,
};
/// Login request payload
#[derive(Serialize, Deserialize, utoipa::ToSchema)]
pub struct AdminInitRequest {
username: String,
password: String,
// The secret key required to initialize the admin user
setup_secret: String,
}
/// Initializes the admin user
///
/// Initializes the admin user if no admin user exists and the correct setup secret is provided.
#[utoipa::path(
post,
path = "/api/auth/init_admin",
request_body = AdminInitRequest,
responses(
(status = 200, description = "Admin user initialized successfully"),
(status = 400, description = "Invalid request payload"),
(status = 401, description = "Unauthorized: Admin user already exists or invalid setup secret"),
(status = 500, description = "Internal server error"),
),
tag = AUTH_TAG,
)]
pub async fn init_admin(
State(state): State<Arc<AppState>>,
Json(payload): Json<Value>,
) -> Response {
if user::Entity::find()
.filter(user::Column::IsAdmin.eq(true))
.filter(user::Column::IsActive.eq(true))
.one(state.database_connection.as_ref())
.await
.map_err(|err| {
error!("Failed to query for existing admin user: {}", err);
StatusCode::INTERNAL_SERVER_ERROR
})
.unwrap_or(None)
.is_some()
{
warn!("Admin user already exists. Skipping admin initialization.");
return (StatusCode::UNAUTHORIZED).into_response();
}
let init_request: AdminInitRequest = match from_value(payload) {
Ok(req) => req,
Err(e) => {
warn!("Invalid login request: {}", e);
return (StatusCode::BAD_REQUEST).into_response();
}
};
let admin_secret = match state
.service
.settings
.get_setting(ADMIN_INIT_SECRET_KEY)
.await
{
Ok(secret) => secret,
Err(e) => {
error!(
"Failed to retrieve admin initialization secret. Invalid internal state?: {}",
e
);
return (StatusCode::INTERNAL_SERVER_ERROR).into_response();
}
};
if init_request.setup_secret != admin_secret {
info!("{},{}", init_request.setup_secret, admin_secret);
warn!("Invalid admin initialization secret provided.");
return (StatusCode::UNAUTHORIZED).into_response();
}
let mut tx = match state.database_connection.begin().await {
Ok(tx) => tx,
Err(e) => {
error!("Failed to start transaction: {}", e);
return (StatusCode::INTERNAL_SERVER_ERROR).into_response();
}
};
let user = match state
.service
.user
.create_user(
NewUser {
username: init_request.username,
is_admin: true,
},
Some(&mut tx),
)
.await
{
Ok(user) => user,
Err(e) => {
error!("Failed to initialize admin user: {}", e);
return (StatusCode::INTERNAL_SERVER_ERROR).into_response();
}
};
debug!("Created admin user with ID: {}", user.id);
match state
.service
.auth_state
.strategy
.password
.create_identity(user.id, &init_request.password, Some(&mut tx))
.await
{
Ok(_) => {}
Err(e) => {
error!("Failed to create admin user identity: {}", e);
return (StatusCode::INTERNAL_SERVER_ERROR).into_response();
}
};
tx.commit().await.unwrap_or_else(|e| {
error!("Failed to commit transaction: {}", e);
});
(StatusCode::OK).into_response()
}

107
apps/api/src/routes/api/auth/login.rs Normal file
View File

@@ -0,0 +1,107 @@
use std::sync::Arc;
use axum::{
Json,
body::Body,
extract::State,
http::{StatusCode, header::SET_COOKIE},
response::{IntoResponse, Response},
};
use serde::{Deserialize, Serialize};
use serde_json::{Value, from_value};
use tracing::{error, warn};
use crate::{
helpers::constants::JWT_COOKIE_NAME,
routes::{AppState, api::openapi::tag::AUTH_TAG},
};
/// Login request payload
#[derive(Serialize, Deserialize, utoipa::ToSchema)]
pub struct LoginRequest {
username: String,
password: String,
}
/// Login endpoint
///
/// Authenticates a user and returns a JWT in an HttpOnly cookie.
#[utoipa::path(
post,
path = "/api/auth/login",
request_body = LoginRequest,
responses(
(status = 200, description = "User authenticated successfully", body = ()),
(status = 401, description = "Authentication failed"),
(status = 500, description = "Internal server error"),
),
tag = AUTH_TAG,
)]
pub async fn login(State(state): State<Arc<AppState>>, Json(payload): Json<Value>) -> Response {
let login_request: LoginRequest = match from_value(payload) {
Ok(req) => req,
Err(e) => {
warn!("Invalid login request: {}", e);
return (StatusCode::BAD_REQUEST).into_response();
}
};
let user_id = match state
.service
.auth_state
.strategy
.password
.authenticate(&login_request.username, &login_request.password, None)
.await
{
Ok(user_id) => user_id,
Err(e) => {
warn!(
"Authentication failed for user {}: {}",
login_request.username, e
);
return (StatusCode::UNAUTHORIZED).into_response();
}
};
let (jwt, claims) = match state
.service
.auth_state
.authentication
.generate_jwt(user_id, 3600)
.await
{
Ok(token) => token,
Err(e) => {
error!("Error generating JWT for user {}: {}", user_id, e);
return (StatusCode::INTERNAL_SERVER_ERROR).into_response();
}
};
let response_builder = Response::builder()
.status(StatusCode::OK)
// add jwt as cookie
.header(
SET_COOKIE,
format!(
"{}={}; HttpOnly; Path=/; Max-Age={}; SameSite=Strict;{}",
JWT_COOKIE_NAME,
jwt,
claims.exp - claims.iat,
if state.config.server.cookies.secure {
" Secure;"
} else {
""
}
),
)
.body(Body::from(()));
match response_builder {
Ok(resp) => resp,
Err(e) => {
error!("Error building response: {}", e);
(StatusCode::INTERNAL_SERVER_ERROR).into_response()
}
}
}

9
apps/api/src/routes/api/health.rs
View File

@@ -5,8 +5,13 @@ use std::sync::Arc;
use axum::{Router, routing::get}; use axum::{Router, routing::get};
pub fn get_health_router() -> Router { use crate::routes::{AppState, api::health::state::AppStateWithHealth};
pub fn get_health_router(app_state: Arc<AppState>) -> Router {
Router::new() Router::new()
.route("/info", get(info::get_health_info)) .route("/info", get(info::get_health_info))
.with_state(Arc::new(state::HealthState::default())) .with_state(Arc::new(AppStateWithHealth {
app_state: app_state.clone(),
health_state: Arc::new(state::HealthState::default()),
}))
} }

63
apps/api/src/routes/api/health/info.rs
View File

@@ -3,8 +3,9 @@ use std::sync::Arc;
use axum::{Json, extract::State, http::StatusCode}; use axum::{Json, extract::State, http::StatusCode};
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tracing::error;
use crate::routes::api::{health::state::HealthState, openapi::tag::HEALTH_TAG}; use crate::routes::api::{health::state::AppStateWithHealth, openapi::tag::HEALTH_TAG};
const STATUS_HEALTHY: &str = "healthy"; const STATUS_HEALTHY: &str = "healthy";
const STATUS_UNHEALTHY: &str = "unhealthy"; const STATUS_UNHEALTHY: &str = "unhealthy";
@@ -20,6 +21,8 @@ pub struct HealthInfo {
pub up_since: DateTime<Utc>, pub up_since: DateTime<Utc>,
/// List of error messages if unhealthy /// List of error messages if unhealthy
pub errors: Option<Vec<String>>, pub errors: Option<Vec<String>>,
/// Is initialized
pub is_initialized: bool,
} }
/// Health check endpoint /// Health check endpoint
@@ -35,12 +38,23 @@ pub struct HealthInfo {
tag = HEALTH_TAG, tag = HEALTH_TAG,
)] )]
pub async fn get_health_info( pub async fn get_health_info(
State(state): State<Arc<HealthState>>, State(app_state_with_health): State<Arc<AppStateWithHealth>>,
) -> (StatusCode, Json<HealthInfo>) { ) -> (StatusCode, Json<HealthInfo>) {
#[allow(unused_mut)] #[allow(unused_mut)]
let mut errors = vec![]; let mut errors = vec![];
let is_healthy = errors.is_empty(); let is_healthy = errors.is_empty();
let health_state = &app_state_with_health.health_state;
let app_state = &app_state_with_health.app_state;
let is_initialized = match app_state.service.server_state.is_server_initialized().await {
Ok(initialized) => initialized,
Err(err) => {
errors.push("Failed to determine if server is initialized".to_string());
error!("Error checking server initialization status: {}", err);
false
}
};
( (
if is_healthy { if is_healthy {
@@ -55,14 +69,30 @@ pub async fn get_health_info(
STATUS_UNHEALTHY.into() STATUS_UNHEALTHY.into()
}, },
version: env!("CARGO_PKG_VERSION").into(), version: env!("CARGO_PKG_VERSION").into(),
up_since: *state.get_start_at(), up_since: *health_state.get_start_at(),
errors: if is_healthy { None } else { Some(errors) }, errors: if is_healthy { None } else { Some(errors) },
is_initialized,
}), }),
) )
} }
#[cfg(test)] #[cfg(test)]
mod test { mod test {
use crate::configs::FromConfig;
use crate::{
routes::{AppState, api::health::state::HealthState},
services::{
auth::{
authentication::{
AuthenticationServiceImpl, strategies::password::PasswordStrategy,
},
user::UserServiceImpl,
},
server_state::ServerStateService,
settings::SettingsService,
},
};
use super::*; use super::*;
use axum::body::to_bytes; use axum::body::to_bytes;
use axum::{ use axum::{
@@ -70,14 +100,39 @@ mod test {
body::Body, body::Body,
http::{Request, StatusCode}, http::{Request, StatusCode},
}; };
use sea_orm::MockDatabase;
use tower::ServiceExt; use tower::ServiceExt;
#[tokio::test] #[tokio::test]
async fn test_get_health_info() { async fn test_get_health_info() {
let health_state = Arc::new(HealthState::default()); let health_state = Arc::new(HealthState::default());
let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
.append_query_results(vec![Vec::<sea_orm::MockRow>::new()])
.into_connection();
let db = Arc::new(db);
let app_state = Arc::new(AppState {
database_connection: db.clone(),
config: Arc::new(crate::configs::ProgramSettings::mock()),
service: Arc::new(crate::routes::AppService {
settings: Arc::new(SettingsService::new(db.clone())),
auth_state: crate::routes::AuthState {
strategy: crate::routes::AuthStrategy {
password: Arc::new(PasswordStrategy::new(db.clone())),
},
authentication: Arc::new(AuthenticationServiceImpl::new(None)),
},
user: Arc::new(UserServiceImpl::new(db.clone())),
server_state: Arc::new(ServerStateService::new(db.clone())),
}),
});
let app = Router::new() let app = Router::new()
.route("/info", axum::routing::get(get_health_info)) .route("/info", axum::routing::get(get_health_info))
.with_state(health_state); .with_state(Arc::new(AppStateWithHealth {
app_state: app_state.clone(),
health_state: health_state.clone(),
}));
let response = app let response = app
.oneshot(Request::builder().uri("/info").body(Body::empty()).unwrap()) .oneshot(Request::builder().uri("/info").body(Body::empty()).unwrap())

9
apps/api/src/routes/api/health/state.rs
View File

@@ -1,5 +1,14 @@
use std::sync::Arc;
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use crate::routes::AppState;
pub struct AppStateWithHealth {
pub app_state: Arc<AppState>,
pub health_state: Arc<HealthState>,
}
pub struct HealthState { pub struct HealthState {
start_at: DateTime<Utc>, start_at: DateTime<Utc>,
} }

20
apps/api/src/routes/api/openapi.rs
View File

@@ -1,18 +1,32 @@
pub mod tag { pub mod tag {
/// Health tag constant /// Health tag constant
pub const HEALTH_TAG: &str = "Health"; pub const HEALTH_TAG: &str = "Health";
pub const AUTH_TAG: &str = "Authentication";
pub const USER_TAG: &str = "User";
} }
#[derive(utoipa::OpenApi)] #[derive(utoipa::OpenApi)]
#[openapi( #[openapi(
paths( paths(
crate::routes::api::health::info::get_health_info crate::routes::api::health::info::get_health_info,
// Authentication paths
crate::routes::api::auth::login::login,
crate::routes::api::auth::init_admin::init_admin,
// User management paths
crate::routes::api::restricted::user::me::get_user_info,
), ),
components( components(
schemas(crate::routes::api::health::info::HealthInfo) // Register any schemas used in your paths schemas(crate::routes::api::health::info::HealthInfo),
// Authentication schemas
schemas(crate::routes::api::auth::login::LoginRequest),
schemas(crate::routes::api::auth::init_admin::AdminInitRequest),
// User management schemas
schemas(crate::routes::api::restricted::user::me::UserInfo),
), ),
tags( tags(
(name = tag::HEALTH_TAG, description = "Health information API") (name = tag::HEALTH_TAG, description = "Health information API"),
(name = tag::AUTH_TAG, description = "Authentication API"),
(name = tag::USER_TAG, description = "User management API")
) )
)] )]
pub struct ApiDoc; pub struct ApiDoc;

16
apps/api/src/routes/api/restricted.rs Normal file
View File

@@ -0,0 +1,16 @@
pub mod user;
use std::sync::Arc;
use axum::Router;
use crate::{middlewares::require_auth::require_auth, routes::AppState};
pub fn get_restricted_router(state: Arc<AppState>) -> Router {
Router::new()
.nest("/user", user::get_user_router(state.clone()))
.layer(axum::middleware::from_fn_with_state(
state.clone(),
require_auth,
))
}

13
apps/api/src/routes/api/restricted/user.rs Normal file
View File

@@ -0,0 +1,13 @@
pub mod me;
use std::sync::Arc;
use axum::Router;
use crate::routes::AppState;
pub fn get_user_router(state: Arc<AppState>) -> Router {
Router::new()
.route("/me", axum::routing::get(me::get_user_info))
.with_state(state)
}

64
apps/api/src/routes/api/restricted/user/me.rs Normal file
View File

@@ -0,0 +1,64 @@
use std::sync::Arc;
use axum::{
Extension, Json,
extract::State,
http::StatusCode,
response::{IntoResponse, Response},
};
use serde::{Deserialize, Serialize};
use tracing::error;
use crate::{
middlewares::request_info::RequestInfo,
routes::{AppState, api::openapi::tag::USER_TAG},
};
/// System health information
#[derive(Serialize, Deserialize, utoipa::ToSchema)]
pub struct UserInfo {
/// User ID
pub id: uuid::Uuid,
/// Username
pub username: String,
}
/// Get current user information
///
/// Returns the information of the currently authenticated user.
#[utoipa::path(
get,
path = "/api/user/me",
responses(
(status = 200, description = "User information retrieved successfully", body = UserInfo),
(status = 401, description = "Unauthorized"),
(status = 500, description = "Internal server error"),
),
tag = USER_TAG,
)]
pub async fn get_user_info(
State(app_state): State<Arc<AppState>>,
request_info: Extension<Arc<RequestInfo>>,
) -> Response {
let user_id = match request_info.user_id {
Some(id) => id,
None => {
error!("User ID not found in request info");
return (StatusCode::UNAUTHORIZED).into_response();
}
};
match app_state.service.user.get_user_by_id(user_id, None).await {
Ok(user) => {
let user_info = UserInfo {
id: user.id,
username: user.username,
};
(StatusCode::OK, Json(user_info)).into_response()
}
Err(err) => {
error!("Error fetching user info: {}", err);
(StatusCode::INTERNAL_SERVER_ERROR).into_response()
}
}
}

1
apps/api/src/services.rs
View File

@@ -1,2 +1,3 @@
pub mod auth; pub mod auth;
pub mod server_state;
pub mod settings; pub mod settings;

58
apps/api/src/services/auth/authentication.rs
View File

@@ -5,7 +5,7 @@ use std::{collections::HashSet, sync::Arc};
use argon2::password_hash::{SaltString, rand_core::OsRng}; use argon2::password_hash::{SaltString, rand_core::OsRng};
use jsonwebtoken::{ use jsonwebtoken::{
DecodingKey, EncodingKey, Header, Validation, decode, encode, DecodingKey, EncodingKey, Header, Validation, decode, encode,
errors::ErrorKind::{ExpiredSignature, InvalidSubject, InvalidToken}, errors::ErrorKind::{ExpiredSignature, InvalidSignature, InvalidSubject, InvalidToken},
}; };
use sea_orm::prelude::Uuid; use sea_orm::prelude::Uuid;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@@ -14,6 +14,7 @@ use tokio::sync::RwLock;
use crate::errors::service_error::ServiceError; use crate::errors::service_error::ServiceError;
// Number of requests between invalidation cache cleanups // Number of requests between invalidation cache cleanups
#[allow(dead_code)] // TODO: remove when used
const INVALIDATE_CACHE_CLEANUP_INTERVAL_REQUESTS: usize = 100; // Cleanup every 100 for invalidation checks const INVALIDATE_CACHE_CLEANUP_INTERVAL_REQUESTS: usize = 100; // Cleanup every 100 for invalidation checks
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize, Clone)]
@@ -28,17 +29,25 @@ pub struct Claims {
#[async_trait::async_trait] #[async_trait::async_trait]
pub trait AuthenticationService: Send + Sync { pub trait AuthenticationService: Send + Sync {
async fn generate_jwt(&self, user_id: Uuid, duration_secs: u64) async fn generate_jwt(
-> Result<String, ServiceError>; &self,
user_id: Uuid,
duration_secs: u64,
) -> Result<(String, Claims), ServiceError>;
async fn is_valid_jwt( async fn is_valid_jwt(
&self, &self,
token: &str, token: &str,
target_sub: Option<String>, target_sub: Option<String>,
) -> Result<bool, ServiceError>; ) -> Result<Option<Claims>, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn parse_jwt(&self, token: &str) -> Result<Claims, ServiceError>; async fn parse_jwt(&self, token: &str) -> Result<Claims, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn invalidate_jwt(&self, token: &str) -> Result<(), ServiceError>; async fn invalidate_jwt(&self, token: &str) -> Result<(), ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn refresh_jwt(&self, token: &str, duration_secs: u64) -> Result<String, ServiceError>; async fn refresh_jwt(&self, token: &str, duration_secs: u64) -> Result<String, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn logout(&self, token: &str) -> Result<(), ServiceError>; async fn logout(&self, token: &str) -> Result<(), ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn cleanup_invalidation_cache(&self); async fn cleanup_invalidation_cache(&self);
} }
@@ -51,7 +60,9 @@ struct InvalidationEntry {
pub struct AuthenticationServiceImpl { pub struct AuthenticationServiceImpl {
secret: String, secret: String,
#[allow(dead_code)] // TODO: remove when used
invalidation_cache: Arc<RwLock<HashSet<InvalidationEntry>>>, invalidation_cache: Arc<RwLock<HashSet<InvalidationEntry>>>,
#[allow(dead_code)] // TODO: remove when used
cache_cleanup_counter: Arc<RwLock<usize>>, cache_cleanup_counter: Arc<RwLock<usize>>,
} }
@@ -76,7 +87,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
&self, &self,
user_id: Uuid, user_id: Uuid,
duration_secs: u64, duration_secs: u64,
) -> Result<String, ServiceError> { ) -> Result<(String, Claims), ServiceError> {
let header = Header::default(); let header = Header::default();
let expiration = chrono::Utc::now() let expiration = chrono::Utc::now()
.checked_add_signed(chrono::Duration::seconds(duration_secs as i64)) .checked_add_signed(chrono::Duration::seconds(duration_secs as i64))
@@ -95,23 +106,25 @@ impl AuthenticationService for AuthenticationServiceImpl {
&EncodingKey::from_secret(self.secret.as_ref()), &EncodingKey::from_secret(self.secret.as_ref()),
) )
.map_err(|e| ServiceError::InternalError(format!("JWT generation error: {}", e)))?; .map_err(|e| ServiceError::InternalError(format!("JWT generation error: {}", e)))?;
Ok(token) Ok((token, claims))
} }
async fn is_valid_jwt( async fn is_valid_jwt(
&self, &self,
token: &str, token: &str,
target_sub: Option<String>, target_sub: Option<String>,
) -> Result<bool, ServiceError> { ) -> Result<Option<Claims>, ServiceError> {
let mut validation = Validation::default(); let mut validation = Validation::default();
// disable leeway for strict expiration checking
validation.leeway = 0;
if let Some(expected_sub) = target_sub { if let Some(expected_sub) = target_sub {
validation.sub = Some(expected_sub); validation.sub = Some(expected_sub);
} }
let decoding_key = DecodingKey::from_secret(self.secret.as_ref()); let decoding_key = DecodingKey::from_secret(self.secret.as_ref());
match decode::<Claims>(token, &decoding_key, &validation) { match decode::<Claims>(token, &decoding_key, &validation) {
Ok(_) => Ok(true), Ok(data) => Ok(Some(data.claims)),
Err(err) => match *err.kind() { Err(err) => match *err.kind() {
InvalidToken | InvalidSubject | ExpiredSignature => Ok(false), InvalidToken | InvalidSubject | ExpiredSignature | InvalidSignature => Ok(None),
_ => Err(ServiceError::InternalError(format!( _ => Err(ServiceError::InternalError(format!(
"JWT validation error: {}", "JWT validation error: {}",
err err
@@ -156,7 +169,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
let user_id = Uuid::parse_str(&claims.sub).map_err(|e| { let user_id = Uuid::parse_str(&claims.sub).map_err(|e| {
ServiceError::InternalError(format!("Invalid user ID in JWT claims: {}", e)) ServiceError::InternalError(format!("Invalid user ID in JWT claims: {}", e))
})?; })?;
let new_token = self.generate_jwt(user_id, duration_secs).await?; let (new_token, _) = self.generate_jwt(user_id, duration_secs).await?;
Ok(new_token) Ok(new_token)
} }
@@ -181,7 +194,7 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string())); let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
let token = service let (token, _) = service
.generate_jwt(user_id, 60) .generate_jwt(user_id, 60)
.await .await
.expect("generate jwt"); .expect("generate jwt");
@@ -190,8 +203,7 @@ mod tests {
.is_valid_jwt(&token, None) .is_valid_jwt(&token, None)
.await .await
.expect("validate jwt"); .expect("validate jwt");
assert!(valid, "Generated token should be valid"); assert!(valid.is_some(), "Generated token should be valid");
let claims = service.parse_jwt(&token).await.expect("parse jwt"); let claims = service.parse_jwt(&token).await.expect("parse jwt");
assert_eq!(claims.sub, user_id.to_string()); assert_eq!(claims.sub, user_id.to_string());
} }
@@ -201,11 +213,14 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string())); let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
let token = service.generate_jwt(user_id, 60).await.unwrap(); let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
let other_sub = Uuid::new_v4().to_string(); let other_sub = Uuid::new_v4().to_string();
let valid = service.is_valid_jwt(&token, Some(other_sub)).await.unwrap(); let valid = service.is_valid_jwt(&token, Some(other_sub)).await.unwrap();
assert!(!valid, "Token should be invalid for a different subject"); assert!(
valid.is_none(),
"Token should be invalid for a different subject"
);
} }
#[tokio::test] #[tokio::test]
@@ -221,7 +236,7 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string())); let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
let token = service.generate_jwt(user_id, 60).await.unwrap(); let (token, _) = service.generate_jwt(user_id, 60).await.unwrap();
let new_token = service.refresh_jwt(&token, 120).await.unwrap(); let new_token = service.refresh_jwt(&token, 120).await.unwrap();
let claims = service.parse_jwt(&new_token).await.unwrap(); let claims = service.parse_jwt(&new_token).await.unwrap();
@@ -234,11 +249,16 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string())); let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
let token = service.generate_jwt(user_id, 1).await.unwrap(); let (token, claims) = service.generate_jwt(user_id, 1).await.unwrap();
sleep(Duration::from_secs(2)).await; sleep(Duration::from_secs(2)).await;
let valid = service.is_valid_jwt(&token, None).await.unwrap(); let valid = service.is_valid_jwt(&token, None).await.unwrap();
assert!(!valid, "Token should be expired and thus invalid"); assert!(
valid.is_none(),
"Token should be expired and thus invalid. Current time: {:?}. Diff: {}",
chrono::Utc::now(),
chrono::Utc::now().timestamp() - claims.exp as i64
);
} }
#[tokio::test] #[tokio::test]
@@ -246,7 +266,7 @@ mod tests {
let service = AuthenticationServiceImpl::new(Some("secret".to_string())); let service = AuthenticationServiceImpl::new(Some("secret".to_string()));
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
let token = service.generate_jwt(user_id, 1).await.unwrap(); let (token, _) = service.generate_jwt(user_id, 1).await.unwrap();
service.invalidate_jwt(&token).await.unwrap(); service.invalidate_jwt(&token).await.unwrap();

71
apps/api/src/services/auth/authentication/strategies/password.rs
View File

@@ -68,7 +68,7 @@ impl PasswordStrategy {
Ok(user.id) Ok(user.id)
} }
#[allow(dead_code)] // TODO: remove when used
pub async fn revoke_identity( pub async fn revoke_identity(
&self, &self,
user_id: Uuid, user_id: Uuid,
@@ -102,12 +102,30 @@ impl PasswordStrategy {
) -> Result<(), ServiceError> { ) -> Result<(), ServiceError> {
Self::is_valid_password(password).map_err(ServiceError::BadRequest)?; Self::is_valid_password(password).map_err(ServiceError::BadRequest)?;
// If an identity already exists for this user/provider, treat as success.
// This also allows tests using MockDatabase to provide a query result
// for an existing identity without requiring an insert exec result.
let existing = with_conn!(&*self.connection, tx, conn, {
user_identity::Entity::find()
.filter(user_identity::Column::UserId.eq(user_id))
.filter(user_identity::Column::Provider.eq(PASSWORD_PROVIDER.to_string()))
.one(*conn)
.await?
});
if existing.is_some() {
return Err(ServiceError::BadRequest(
"Identity already exists".to_string(),
));
}
let password_hash = Argon2::default() let password_hash = Argon2::default()
.hash_password(password.as_bytes(), &SaltString::generate(&mut OsRng)) .hash_password(password.as_bytes(), &SaltString::generate(&mut OsRng))
.map_err(|_| ServiceError::InternalError("Failed to hash password".to_string()))? .map_err(|_| ServiceError::InternalError("Failed to hash password".to_string()))?
.to_string(); .to_string();
let new_identity = user_identity::ActiveModel { let new_identity = user_identity::ActiveModel {
id: sea_orm::ActiveValue::Set(Uuid::new_v4()),
user_id: sea_orm::ActiveValue::Set(user_id), user_id: sea_orm::ActiveValue::Set(user_id),
provider: sea_orm::ActiveValue::Set(PASSWORD_PROVIDER.to_string()), provider: sea_orm::ActiveValue::Set(PASSWORD_PROVIDER.to_string()),
password_hash: sea_orm::ActiveValue::Set(Some(password_hash)), password_hash: sea_orm::ActiveValue::Set(Some(password_hash)),
@@ -125,7 +143,7 @@ impl PasswordStrategy {
Ok(()) Ok(())
} }
#[allow(dead_code)] // TODO: remove when used
pub async fn update_password( pub async fn update_password(
&self, &self,
user_id: Uuid, user_id: Uuid,
@@ -362,19 +380,14 @@ mod test {
#[tokio::test] #[tokio::test]
async fn create_identity_success() { async fn create_identity_success() {
let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite) let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
.append_query_results(vec![vec![user_identity::Model { // No existing identity
id: Uuid::new_v4(), .append_query_results(vec![Vec::<sea_orm::MockRow>::new()])
user_id: Uuid::new_v4(), // Insert exec result (mock exec result for insert)
email: None, .append_exec_results(vec![sea_orm::MockExecResult {
provider: PASSWORD_PROVIDER.to_string(), rows_affected: 1,
password_hash: Some("somehash".to_string()), last_insert_id: 0,
metadata: None, }])
is_revoked: false, // Return inserted identity for any subsequent queries
revoked_at: None,
created_at: chrono::Utc::now(),
updated_at: chrono::Utc::now(),
password_changed_at: None,
}]])
.into_connection(); .into_connection();
let strategy = PasswordStrategy::new(Arc::new(db)); let strategy = PasswordStrategy::new(Arc::new(db));
@@ -390,6 +403,30 @@ mod test {
); );
} }
#[tokio::test]
async fn create_identity_existing() {
let user_id = Uuid::new_v4();
let identity = user_identity::Model {
id: Uuid::new_v4(),
user_id,
email: None,
provider: PASSWORD_PROVIDER.to_string(),
password_hash: Some("hash".to_string()),
metadata: None,
is_revoked: false,
revoked_at: None,
created_at: chrono::Utc::now(),
updated_at: chrono::Utc::now(),
password_changed_at: None,
};
let db = MockDatabase::new(sea_orm::DatabaseBackend::Sqlite)
.append_query_results(vec![vec![identity]])
.into_connection();
let strategy = PasswordStrategy::new(Arc::new(db));
let result = strategy.create_identity(user_id, "ValidPass1!", None).await;
assert!(matches!(result, Err(ServiceError::BadRequest(_))));
}
#[tokio::test] #[tokio::test]
async fn update_password_not_found() { async fn update_password_not_found() {
let user_id = Uuid::new_v4(); let user_id = Uuid::new_v4();
@@ -412,7 +449,7 @@ mod test {
user_id, user_id,
email: None, email: None,
provider: PASSWORD_PROVIDER.to_string(), provider: PASSWORD_PROVIDER.to_string(),
password_hash: Some("oldhash".to_string()), password_hash: Some("old_hash".to_string()),
metadata: None, metadata: None,
is_revoked: false, is_revoked: false,
revoked_at: None, revoked_at: None,
@@ -429,7 +466,7 @@ mod test {
user_id, user_id,
email: None, email: None,
provider: PASSWORD_PROVIDER.to_string(), provider: PASSWORD_PROVIDER.to_string(),
password_hash: Some("newhash".to_string()), password_hash: Some("new_hash".to_string()),
metadata: None, metadata: None,
is_revoked: false, is_revoked: false,
revoked_at: None, revoked_at: None,

11
apps/api/src/services/auth/user.rs
View File

@@ -17,11 +17,13 @@ pub trait UserService: Send + Sync {
user_id: Uuid, user_id: Uuid,
tx: Option<&mut DatabaseTransaction>, tx: Option<&mut DatabaseTransaction>,
) -> Result<User, ServiceError>; ) -> Result<User, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn is_admin( async fn is_admin(
&self, &self,
user_id: Uuid, user_id: Uuid,
tx: Option<&mut DatabaseTransaction>, tx: Option<&mut DatabaseTransaction>,
) -> Result<bool, ServiceError>; ) -> Result<bool, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn user_exists( async fn user_exists(
&self, &self,
username: &str, username: &str,
@@ -32,12 +34,14 @@ pub trait UserService: Send + Sync {
user: NewUser, user: NewUser,
tx: Option<&mut DatabaseTransaction>, tx: Option<&mut DatabaseTransaction>,
) -> Result<User, ServiceError>; ) -> Result<User, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn update_user( async fn update_user(
&self, &self,
user_id: Uuid, user_id: Uuid,
user: UpdateUser, user: UpdateUser,
tx: Option<&mut DatabaseTransaction>, tx: Option<&mut DatabaseTransaction>,
) -> Result<User, ServiceError>; ) -> Result<User, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn delete_user( async fn delete_user(
&self, &self,
user_id: Uuid, user_id: Uuid,
@@ -48,6 +52,7 @@ pub trait UserService: Send + Sync {
pub struct User { pub struct User {
pub id: Uuid, pub id: Uuid,
pub username: String, pub username: String,
#[allow(dead_code)] // TODO: remove when used
pub is_admin: bool, pub is_admin: bool,
} }
@@ -67,12 +72,16 @@ pub struct NewUser {
} }
pub struct UpdateUser { pub struct UpdateUser {
#[allow(dead_code)] // TODO: remove when used
pub username: Option<String>, pub username: Option<String>,
#[allow(dead_code)] // TODO: remove when used
pub is_admin: Option<bool>, pub is_admin: Option<bool>,
#[allow(dead_code)] // TODO: remove when used
pub is_active: Option<bool>, pub is_active: Option<bool>,
} }
impl UpdateUser { impl UpdateUser {
#[allow(dead_code)] // TODO: remove when used
fn apply_to_active_model(&self, model: &mut UserActiveModel) { fn apply_to_active_model(&self, model: &mut UserActiveModel) {
if let Some(username) = &self.username { if let Some(username) = &self.username {
model.name = ActiveValue::Set(username.clone()); model.name = ActiveValue::Set(username.clone());
@@ -163,7 +172,7 @@ impl UserService for UserServiceImpl {
tx: Option<&mut DatabaseTransaction>, tx: Option<&mut DatabaseTransaction>,
) -> Result<User, ServiceError> { ) -> Result<User, ServiceError> {
let user_active_model = UserActiveModel { let user_active_model = UserActiveModel {
id: ActiveValue::NotSet, id: ActiveValue::Set(Uuid::new_v4()),
name: ActiveValue::Set(user.username), name: ActiveValue::Set(user.username),
is_admin: ActiveValue::Set(user.is_admin), is_admin: ActiveValue::Set(user.is_admin),
is_active: ActiveValue::Set(true), is_active: ActiveValue::Set(true),

36
apps/api/src/services/server_state.rs Normal file
View File

@@ -0,0 +1,36 @@
use std::sync::Arc;
use sea_orm::{DatabaseConnection, prelude::*};
use crate::errors::service_error::ServiceError;
#[async_trait::async_trait]
pub trait ServerStateStore: Send + Sync {
async fn is_server_initialized(&self) -> Result<bool, ServiceError>;
}
pub struct ServerStateService {
connection: Arc<DatabaseConnection>,
}
impl ServerStateService {
pub fn new(connection: Arc<DatabaseConnection>) -> Self {
Self { connection }
}
}
#[async_trait::async_trait]
impl ServerStateStore for ServerStateService {
async fn is_server_initialized(&self) -> Result<bool, ServiceError> {
// For example, check if any admin user exists to determine if the server is initialized
let admin_exists = database::generated::entities::user::Entity::find()
.filter(database::generated::entities::user::Column::IsAdmin.eq(true))
.filter(database::generated::entities::user::Column::IsActive.eq(true))
.one(&*self.connection)
.await
.map_err(ServiceError::from)?
.is_some();
Ok(admin_exists)
}
}

12
apps/api/src/services/settings.rs
View File

@@ -11,14 +11,11 @@ use crate::errors::service_error::ServiceError;
#[async_trait::async_trait] #[async_trait::async_trait]
pub trait SettingsStore: Send + Sync { pub trait SettingsStore: Send + Sync {
#[allow(dead_code)] // TODO: remove when used
async fn get_setting(&self, key: &str) -> Result<String, ServiceError>; async fn get_setting(&self, key: &str) -> Result<String, ServiceError>;
#[allow(dead_code)] // TODO: remove when used
async fn set_setting(&self, key: &str, value: String) -> Result<(), ServiceError>; async fn set_setting(&self, key: &str, value: String) -> Result<(), ServiceError>;
} }
pub struct SettingsService { pub struct SettingsService {
#[allow(dead_code)] // TODO: remove when used
connection: Arc<DatabaseConnection>, connection: Arc<DatabaseConnection>,
} }
@@ -77,10 +74,11 @@ impl SettingsStore for SettingsService {
Ok(None) => { Ok(None) => {
handle_not_found(key.to_string(), value).await?; handle_not_found(key.to_string(), value).await?;
} }
Ok(Some(mut record)) => { Ok(Some(record)) => {
record.value = value; let mut record_active_model = record.into_active_model();
record record_active_model.value = ActiveValue::Set(value);
.into_active_model() record_active_model.updated_at = ActiveValue::Set(chrono::Utc::now());
record_active_model
.update(&*self.connection) .update(&*self.connection)
.await .await
.map_err(ServiceError::from)?; .map_err(ServiceError::from)?;

170
apps/api/swagger.json
View File

@@ -9,6 +9,78 @@
"version": "0.1.0" "version": "0.1.0"
}, },
"paths": { "paths": {
"/api/auth/init_admin": {
"post": {
"tags": [
"Authentication"
],
"summary": "Initializes the admin user",
"description": "Initializes the admin user if no admin user exists and the correct setup secret is provided.",
"operationId": "init_admin",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AdminInitRequest"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Admin user initialized successfully"
},
"400": {
"description": "Invalid request payload"
},
"401": {
"description": "Unauthorized: Admin user already exists or invalid setup secret"
},
"500": {
"description": "Internal server error"
}
}
}
},
"/api/auth/login": {
"post": {
"tags": [
"Authentication"
],
"summary": "Login endpoint",
"description": "Authenticates a user and returns a JWT in an HttpOnly cookie.",
"operationId": "login",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LoginRequest"
}
}
},
"required": true
},
"responses": {
"200": {
"description": "User authenticated successfully",
"content": {
"application/json": {
"schema": {
"default": null
}
}
}
},
"401": {
"description": "Authentication failed"
},
"500": {
"description": "Internal server error"
}
}
}
},
"/api/health/info": { "/api/health/info": {
"get": { "get": {
"tags": [ "tags": [
@@ -33,17 +105,66 @@
} }
} }
} }
},
"/api/user/me": {
"get": {
"tags": [
"User"
],
"summary": "Get current user information",
"description": "Returns the information of the currently authenticated user.",
"operationId": "get_user_info",
"responses": {
"200": {
"description": "User information retrieved successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/UserInfo"
}
}
}
},
"401": {
"description": "Unauthorized"
},
"500": {
"description": "Internal server error"
}
}
}
} }
}, },
"components": { "components": {
"schemas": { "schemas": {
"AdminInitRequest": {
"type": "object",
"description": "Login request payload",
"required": [
"username",
"password",
"setup_secret"
],
"properties": {
"password": {
"type": "string"
},
"setup_secret": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"HealthInfo": { "HealthInfo": {
"type": "object", "type": "object",
"description": "System health information", "description": "System health information",
"required": [ "required": [
"status", "status",
"version", "version",
"up_since" "up_since",
"is_initialized"
], ],
"properties": { "properties": {
"errors": { "errors": {
@@ -56,6 +177,10 @@
}, },
"description": "List of error messages if unhealthy" "description": "List of error messages if unhealthy"
}, },
"is_initialized": {
"type": "boolean",
"description": "Is initialized"
},
"status": { "status": {
"type": "string", "type": "string",
"description": "Health status: \"healthy\" or \"unhealthy\"" "description": "Health status: \"healthy\" or \"unhealthy\""
@@ -70,6 +195,41 @@
"description": "Application version" "description": "Application version"
} }
} }
},
"LoginRequest": {
"type": "object",
"description": "Login request payload",
"required": [
"username",
"password"
],
"properties": {
"password": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"UserInfo": {
"type": "object",
"description": "System health information",
"required": [
"id",
"username"
],
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "User ID"
},
"username": {
"type": "string",
"description": "Username"
}
}
} }
} }
}, },
@@ -77,6 +237,14 @@
{ {
"name": "Health", "name": "Health",
"description": "Health information API" "description": "Health information API"
},
{
"name": "Authentication",
"description": "Authentication API"
},
{
"name": "User",
"description": "User management API"
} }
] ]
} }

10
apps/frontend/app/app.css
View File

@@ -1,15 +1,9 @@
@import "tailwindcss"; @import 'tailwindcss';
@theme { @theme {
--font-sans: "Inter", ui-sans-serif, system-ui, sans-serif, --font-sans: 'Inter', ui-sans-serif, system-ui, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
"Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
} }
html, html,
body { body {
@apply bg-white dark:bg-gray-950;
@media (prefers-color-scheme: dark) {
color-scheme: dark;
}
} }

46
apps/frontend/app/components/Form/Button.tsx Normal file
View File

@@ -0,0 +1,46 @@
import { Button, type ButtonProps } from '@radix-ui/themes';
import { LoaderCircle } from 'lucide-react';
export type SubmitButtonProps = {
loading?: boolean;
label?:
| {
default?: string;
loading?: string;
}
| string;
} & React.ButtonHTMLAttributes<HTMLButtonElement> &
ButtonProps;
export function SubmitButton({ loading, label, ...props }: SubmitButtonProps) {
return (
<Button
type="submit"
disabled={loading}
style={{
padding: '10px 14px',
borderRadius: 6,
border: 'none',
backgroundColor: 'var(--iris-9)',
}}
size="3"
{...props}
>
{loading
? typeof label === 'string'
? label
: label?.loading ?? <LoaderCircle className="animate-spin" style={{ width: 24, height: 24, marginRight: 4, verticalAlign: 'middle', color: 'white' }} />
: typeof label === 'string'
? label
: label?.default ?? 'Submit'}
</Button>
);
}
export function ResetButton(props: React.ButtonHTMLAttributes<HTMLButtonElement>) {
return (
<button type="reset" {...props} style={{ padding: '10px 14px', borderRadius: 6, border: '1px solid var(--gray-5)', background: 'white', ...props.style }}>
{props.children ?? 'Reset'}
</button>
);
}

103
apps/frontend/app/components/Form/TextField.tsx Normal file
View File

@@ -0,0 +1,103 @@
import type { AnyFieldMeta } from '@tanstack/react-form';
import { LucideEye, LucideEyeClosed } from 'lucide-react';
import { useCallback, useId, useState } from 'react';
import { InfoIcon, type InfoIconProps } from '../info';
import { Text } from '@radix-ui/themes';
export type TextFieldProps = {
label?: string;
value?: string;
onChange?: (e: React.ChangeEvent<HTMLInputElement>) => void;
labelProps?: React.LabelHTMLAttributes<HTMLLabelElement>;
labelDivProps?: React.HTMLAttributes<HTMLDivElement>;
infoIconProps?: InfoIconProps;
} & React.InputHTMLAttributes<HTMLInputElement> & {
type?: 'password';
showPasswordToggle?: boolean;
};
export function TextField({ label, value, onChange, labelProps, labelDivProps, showPasswordToggle, infoIconProps, ...rest }: TextFieldProps) {
const id = useId();
const [isPasswordVisible, setIsPasswordVisible] = useState(false);
const handlePasswordVisibilitySet = useCallback(
(e: React.MouseEvent | React.TouchEvent, visible: boolean) => {
if (rest.type !== 'password') return;
e.preventDefault();
setIsPasswordVisible(() => visible);
},
[rest.type]
);
return (
<label htmlFor={id} style={{ display: 'block', marginBottom: 8 }} {...labelProps}>
{label && (
<div style={{ fontSize: 12, color: 'var(--gray-9)', marginBottom: 6, display: 'flex', alignItems: 'center' }} {...labelDivProps}>
{label}
{rest?.required && (
<Text size="3" style={{ color: 'var(--red-9)', marginLeft: 2 }}>
*
</Text>
)}
{infoIconProps && <InfoIcon {...infoIconProps} style={{ marginLeft: 4, verticalAlign: 'middle' }} />}
</div>
)}
<div style={{ position: 'relative', display: 'flex', alignItems: 'center', gap: 8 }}>
<input
{...rest}
type={rest.type === 'password' ? (isPasswordVisible && showPasswordToggle ? 'text' : 'password') : rest.type}
id={id}
value={value}
onChange={onChange}
style={{
width: '100%',
padding: '10px 12px',
borderRadius: 6,
border: '1px solid var(--gray-5)',
...rest?.style,
}}
/>
<div
style={{ position: 'absolute', right: 12 }}
onMouseDown={(e) => {
handlePasswordVisibilitySet(e, true);
}}
onMouseUp={(e) => {
handlePasswordVisibilitySet(e, false);
}}
onMouseLeave={(e) => {
handlePasswordVisibilitySet(e, false);
}}
onTouchStart={(e) => {
handlePasswordVisibilitySet(e, true);
}}
onTouchEnd={(e) => {
handlePasswordVisibilitySet(e, false);
}}
>
{showPasswordToggle ? isPasswordVisible ? <LucideEye size={16} /> : <LucideEyeClosed size={16} /> : null}
</div>
</div>
</label>
);
}
export type TextFieldErrorMessageProps = AnyFieldMeta & {
errorMessage?: string;
};
export function TextFieldErrorMessage({ isValid, errors, errorMessage }: TextFieldErrorMessageProps) {
return (
!isValid && (
<div
style={{
marginTop: 4,
fontSize: 12,
color: 'var(--red-9)',
}}
>
{errorMessage ?? errors?.reduce((msg, err) => msg + err.message + ' ', '')}
</div>
)
);
}

27
apps/frontend/app/components/home/TablePlaceholder.tsx Normal file
View File

@@ -0,0 +1,27 @@
import React from 'react';
import { Flex, Text, Button, Separator, Box, Badge } from '@radix-ui/themes';
export default function TablePlaceholder() {
return (
<Flex direction="column" gap="3" p="4">
<Flex justify="between" align="center">
<Text weight="bold">Proxy Hosts</Text>
<Button size="1">Add Host</Button>
</Flex>
<Separator size="4" />
{[1, 2, 3].map((i) => (
<Flex key={i} justify="between" align="center">
<Box>
<Text size="2" weight="bold" as="div">
{`host-${i}.example.com`}
</Text>
<Text size="1" color="gray">
{`http://10.0.0.${i}:8080`}
</Text>
</Box>
<Badge color="green">Online</Badge>
</Flex>
))}
</Flex>
);
}

59
apps/frontend/app/components/info.tsx Normal file
View File

@@ -0,0 +1,59 @@
import { Box } from '@radix-ui/themes';
import { Info, type LucideProps } from 'lucide-react';
import { Tooltip } from 'radix-ui';
import type { PropsWithChildren } from 'react';
export type InfoIconProps = PropsWithChildren<
{
tooltipContainerProps?: Omit<Tooltip.TooltipContentProps & React.RefAttributes<HTMLDivElement>, 'children'>;
} & Omit<LucideProps, 'ref'> &
React.RefAttributes<SVGSVGElement>
>;
export function InfoIcon({ tooltipContainerProps, children, ...iconProps }: InfoIconProps) {
return (
<Tooltip.Root>
<Tooltip.Trigger asChild>
<Info size={16} {...iconProps} />
</Tooltip.Trigger>
<Tooltip.Portal>
<Tooltip.Content
//
side="top"
align="center"
sideOffset={5}
alignOffset={0}
avoidCollisions={true}
style={{
color: 'black',
backgroundColor: 'white',
fontSize: 12,
boxShadow: '0 2px 10px rgba(0, 0, 0, 0.3)',
border: '1px solid var(--gray-5)',
}}
{...tooltipContainerProps}
>
{children}
<Tooltip.Arrow className="TooltipArrow" fill="white" />
</Tooltip.Content>
</Tooltip.Portal>
</Tooltip.Root>
);
}
export function TooltipContentContainer({ children, ...props }: React.HTMLAttributes<HTMLDivElement>) {
return (
<Box
style={{
padding: '8px 12px',
color: 'black',
backgroundColor: 'white',
borderRadius: 4,
fontSize: 12,
}}
{...props}
>
{children}
</Box>
);
}

89
apps/frontend/app/components/layout/SidebarContent.tsx Normal file
View File

@@ -0,0 +1,89 @@
import type React from 'react';
import { Box, Button, Flex, Heading, Separator, Text } from '@radix-ui/themes';
import type { NavItem } from './types';
import { Home, Globe, ArrowRight, Lock, Settings, User } from 'lucide-react';
import { useLayout } from '../../providers/LayoutProvider';
const navItems: { label: NavItem; icon: React.ReactNode }[] = [
{ label: 'Dashboard', icon: <Home size={16} /> },
{ label: 'Proxy Hosts', icon: <Globe size={16} /> },
{ label: 'Redirection', icon: <ArrowRight size={16} /> },
{ label: 'SSL', icon: <Lock size={16} /> },
{ label: 'Settings', icon: <Settings size={16} /> },
{ label: 'Profile', icon: <User size={16} /> },
] as const;
export function SidebarContent() {
const { activeTab, setActiveTab, setIsMobileMenuOpen } = useLayout();
return (
<Flex direction="column" gap="2" p="4" style={{ height: '100%' }}>
<Flex align="center" gap="2" mb="6" px="2">
<Box
style={{
width: 32,
height: 32,
backgroundColor: 'var(--iris-9)',
borderRadius: 'var(--radius-2)',
display: 'flex',
alignItems: 'center',
justifyContent: 'center',
color: 'white',
fontWeight: 'bold',
}}
>
Y
</Box>
<Heading size="4" weight="bold">
YANPM
</Heading>
</Flex>
<Flex direction="column" gap="1">
{navItems.map((item) => (
<Button
key={item.label}
variant={activeTab === item.label ? 'soft' : 'ghost'}
color={activeTab === item.label ? 'iris' : 'gray'}
onClick={() => {
setActiveTab(item.label);
setIsMobileMenuOpen(false);
}}
style={{ cursor: 'pointer', width: '100%', justifyContent: 'flex-start' }}
>
<Flex align="center" gap="3">
{item.icon}
<Text size="2" weight={activeTab === item.label ? 'bold' : 'medium'}>
{item.label}
</Text>
</Flex>
</Button>
))}
</Flex>
<Box style={{ marginTop: 'auto' }} pt="4">
<Separator size="4" mb="4" />
<Flex align="center" gap="3" px="2">
<Box
style={{
width: 32,
height: 32,
backgroundColor: 'var(--gray-5)',
borderRadius: '50%',
}}
/>
<Box>
<Text size="1" weight="bold" as="div">
Admin User
</Text>
<Text size="1" color="gray">
admin@example.com
</Text>
</Box>
</Flex>
</Box>
</Flex>
);
}
export default SidebarContent;

1
apps/frontend/app/components/layout/types.ts Normal file
View File

@@ -0,0 +1 @@
export type NavItem = 'Dashboard' | 'Proxy Hosts' | 'Redirection' | 'SSL' | 'Settings' | 'Profile';

16
apps/frontend/app/components/theme.tsx Normal file
View File

@@ -0,0 +1,16 @@
import type React from 'react';
import { Theme } from '@radix-ui/themes';
export type AppThemeProps = {
children: React.ReactNode;
};
export function AppTheme({ children }: AppThemeProps) {
return (
<Theme accentColor="iris" grayColor="slate" panelBackground="translucent" radius="large">
{children}
</Theme>
);
}
export default AppTheme;

1
apps/frontend/app/empty-toastify.css Normal file
View File

@@ -0,0 +1 @@
/* intentionally empty: used to stub react-toastify CSS in production builds */

66
apps/frontend/app/generated/api-client/api-client.ts
View File

@@ -1,11 +1,15 @@
export namespace Schemas { export namespace Schemas {
// <Schemas> // <Schemas>
export type AdminInitRequest = { password: string; setup_secret: string; username: string };
export type HealthInfo = { export type HealthInfo = {
errors?: (Array<string> | null) | undefined; errors?: (Array<string> | null) | undefined;
is_initialized: boolean;
status: string; status: string;
up_since: string; up_since: string;
version: string; version: string;
}; };
export type LoginRequest = { password: string; username: string };
export type UserInfo = { id: string; username: string };
// </Schemas> // </Schemas>
} }
@@ -13,6 +17,24 @@ export namespace Schemas {
export namespace Endpoints { export namespace Endpoints {
// <Endpoints> // <Endpoints>
export type post_Init_admin = {
method: "POST";
path: "/api/auth/init_admin";
requestFormat: "json";
parameters: {
body: Schemas.AdminInitRequest;
};
responses: { 200: unknown; 400: unknown; 401: unknown; 500: unknown };
};
export type post_Login = {
method: "POST";
path: "/api/auth/login";
requestFormat: "json";
parameters: {
body: Schemas.LoginRequest;
};
responses: { 200: unknown; 401: unknown; 500: unknown };
};
export type get_Get_health_info = { export type get_Get_health_info = {
method: "GET"; method: "GET";
path: "/api/health/info"; path: "/api/health/info";
@@ -20,20 +42,33 @@ export namespace Endpoints {
parameters: never; parameters: never;
responses: { 200: Schemas.HealthInfo; 404: unknown }; responses: { 200: Schemas.HealthInfo; 404: unknown };
}; };
export type get_Get_user_info = {
method: "GET";
path: "/api/user/me";
requestFormat: "json";
parameters: never;
responses: { 200: Schemas.UserInfo; 401: unknown; 500: unknown };
};
// </Endpoints> // </Endpoints>
} }
// <EndpointByMethod> // <EndpointByMethod>
export type EndpointByMethod = { export type EndpointByMethod = {
post: {
"/api/auth/init_admin": Endpoints.post_Init_admin;
"/api/auth/login": Endpoints.post_Login;
};
get: { get: {
"/api/health/info": Endpoints.get_Get_health_info; "/api/health/info": Endpoints.get_Get_health_info;
"/api/user/me": Endpoints.get_Get_user_info;
}; };
}; };
// </EndpointByMethod> // </EndpointByMethod>
// <EndpointByMethod.Shorthands> // <EndpointByMethod.Shorthands>
export type PostEndpoints = EndpointByMethod["post"];
export type GetEndpoints = EndpointByMethod["get"]; export type GetEndpoints = EndpointByMethod["get"];
// </EndpointByMethod.Shorthands> // </EndpointByMethod.Shorthands>
@@ -267,6 +302,37 @@ export class ApiClient {
return; return;
}; };
// <ApiClient.post>
post<Path extends keyof PostEndpoints, TEndpoint extends PostEndpoints[Path]>(
path: Path,
...params: MaybeOptionalArg<
TEndpoint extends { parameters: infer UParams }
? NotNever<UParams> extends true
? UParams & { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
: { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
: { overrides?: RequestInit; withResponse?: false; throwOnStatusError?: boolean }
>
): Promise<Extract<InferResponseByStatus<TEndpoint, SuccessStatusCode>, { data: {} }>["data"]>;
post<Path extends keyof PostEndpoints, TEndpoint extends PostEndpoints[Path]>(
path: Path,
...params: MaybeOptionalArg<
TEndpoint extends { parameters: infer UParams }
? NotNever<UParams> extends true
? UParams & { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
: { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
: { overrides?: RequestInit; withResponse?: true; throwOnStatusError?: boolean }
>
): Promise<SafeApiResponse<TEndpoint>>;
post<Path extends keyof PostEndpoints, _TEndpoint extends PostEndpoints[Path]>(
path: Path,
...params: MaybeOptionalArg<any>
): Promise<any> {
return this.request("post", path, ...params);
}
// </ApiClient.post>
// <ApiClient.get> // <ApiClient.get>
get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>( get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>(
path: Path, path: Path,

31
apps/frontend/app/generated/api-client/tanstack-client.ts
View File

@@ -41,6 +41,7 @@ const createQueryKey = <TOptions extends EndpointParameters>(
}; };
// <EndpointByMethod.Shorthands> // <EndpointByMethod.Shorthands>
export type PostEndpoints = EndpointByMethod["post"];
export type GetEndpoints = EndpointByMethod["get"]; export type GetEndpoints = EndpointByMethod["get"];
// </EndpointByMethod.Shorthands> // </EndpointByMethod.Shorthands>
@@ -69,6 +70,36 @@ type InferResponseData<TEndpoint, TStatusCode> =
export class TanstackQueryApiClient { export class TanstackQueryApiClient {
constructor(public client: ApiClient) {} constructor(public client: ApiClient) {}
// <ApiClient.post>
post<Path extends keyof PostEndpoints, TEndpoint extends PostEndpoints[Path]>(
path: Path,
...params: MaybeOptionalArg<TEndpoint["parameters"]>
) {
const queryKey = createQueryKey(path as string, params[0]);
const query = {
/** type-only property if you need easy access to the endpoint params */
"~endpoint": {} as TEndpoint,
queryKey,
queryFn: {} as "You need to pass .queryOptions to the useQuery hook",
queryOptions: queryOptions({
queryFn: async ({ queryKey, signal }) => {
const requestParams = {
...(params[0] || {}),
...(queryKey[0] || {}),
overrides: { signal },
withResponse: false as const,
};
const res = await this.client.post(path, requestParams as never);
return res as InferResponseData<TEndpoint, SuccessStatusCode>;
},
queryKey: queryKey,
}),
};
return query;
}
// </ApiClient.post>
// <ApiClient.get> // <ApiClient.get>
get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>( get<Path extends keyof GetEndpoints, TEndpoint extends GetEndpoints[Path]>(
path: Path, path: Path,

73
apps/frontend/app/hooks/ResponseHelper.tsx Normal file
View File

@@ -0,0 +1,73 @@
import { AxiosError } from 'axios';
import { useLocation, useNavigate } from 'react-router';
import { SearchParamKeys } from '../lib/constants';
import { useQueryMessage } from './useQueryMessage';
import { QueryMessageCode, QueryMessageType } from '../lib/QueryMessages';
import { useCallback } from 'react';
import { displayForbiddenErrorToast, displayNetworkErrorToast, displayUnexpectedErrorToast } from '../lib/toasts';
export enum ResponseErrorToastId {
NetworkError = 'network-error',
}
export type DefaultResponseErrorHandlerOptions = {
disableUnauthorizedHandling?: boolean;
disableHandleUnexpectedErrors?: boolean;
disableIgnoreCanceledRequests?: boolean;
};
/**
*
* @param err error value
* @returns {boolean} true if the error was handled, false otherwise
*/
export function useResponseErrorHandler(): {
defaultResponseErrorHandler: typeof defaultResponseErrorHandler;
} {
const navigate = useNavigate();
const location = useLocation();
const { toSearchParamQueryMessage } = useQueryMessage();
const defaultResponseErrorHandler = useCallback(
(err: unknown, options?: DefaultResponseErrorHandlerOptions): boolean => {
if (!(err instanceof AxiosError) && !options?.disableHandleUnexpectedErrors) {
displayUnexpectedErrorToast();
return true;
}
if (!(err instanceof AxiosError)) return false;
if (err.message === 'canceled') {
// request was aborted, ignore but return true to indicate it was handled
return !options?.disableIgnoreCanceledRequests;
}
if (err.message === 'Network Error') {
displayNetworkErrorToast();
return true;
}
// handle 401 Unauthorized globally
if (err.status === 401 && !options?.disableUnauthorizedHandling) {
// store current path for redirect after login
const currentPath = location.pathname + location.search;
const searchParam = new URLSearchParams();
searchParam.set(SearchParamKeys.Redirect, currentPath);
searchParam.set(SearchParamKeys.Message, toSearchParamQueryMessage(QueryMessageCode.SessionExpired, QueryMessageType.Info));
navigate(`/login?${searchParam.toString()}`);
return true;
}
if (err.status === 403) {
displayForbiddenErrorToast();
return true;
}
return false;
},
[location, navigate, toSearchParamQueryMessage]
);
return { defaultResponseErrorHandler };
}

48
apps/frontend/app/hooks/ensureLoggedIn.tsx Normal file
View File

@@ -0,0 +1,48 @@
import { useEffect } from 'react';
import { useNavigate } from 'react-router';
import { useAuth } from '../providers/AuthProvider';
import { useApi } from '../providers/ApiProvider';
import { useQuery } from '@tanstack/react-query';
import { useResponseErrorHandler } from './ResponseHelper';
export type EnsureLoggedInResult = {
checking: boolean;
loggedIn: boolean;
};
export function useEnsureLoggedIn(): EnsureLoggedInResult {
const { user, setUser } = useAuth();
const navigate = useNavigate();
const { tanstackApiClient } = useApi();
const { defaultResponseErrorHandler } = useResponseErrorHandler();
const { queryOptions: currentUserQuery } = tanstackApiClient.get('/api/user/me');
const { isFetched, isPending } = useQuery({
...currentUserQuery,
queryFn: async (...args) => {
try {
const data = await currentUserQuery.queryFn!(...args);
setUser({
id: data.id,
name: data.username,
});
return data;
} catch (error) {
if (defaultResponseErrorHandler(error)) return {} as never;
throw error;
}
},
});
useEffect(() => {
if (user) {
navigate('/', { replace: true });
return;
}
}, [user, setUser, navigate]);
return {
checking: isPending,
loggedIn: isFetched && !!user,
};
}

111
apps/frontend/app/hooks/useQueryMessage.tsx Normal file
View File

@@ -0,0 +1,111 @@
import { useCallback, useEffect, useRef, type ReactNode } from 'react';
import { useLocation, useSearchParams } from 'react-router';
import { toast } from 'react-toastify/unstyled';
import { SearchParamKeys } from '../lib/constants';
import { CODE_TO_MESSAGE_MAP, QueryMessageCode, QueryMessageType } from '../lib/QueryMessages';
type QueryMessageString = `${QueryMessageCode}__${QueryMessageType}`;
export type QueryMessage = {
type: QueryMessageType;
code: QueryMessageCode;
message: ReactNode;
};
export type UseQueryMessageOptions = {
displayMessages?: boolean;
};
export type UseQueryMessageReturn = {
setQueryMessage: (messageCode: QueryMessageCode, messageType: QueryMessageType) => void;
clearQueryMessage: () => void;
toSearchParamQueryMessage: (message: QueryMessageCode, type: QueryMessageType) => QueryMessageString;
};
export function useQueryMessage(
{ displayMessages }: UseQueryMessageOptions = {
displayMessages: true,
}
): UseQueryMessageReturn {
const location = useLocation();
const [searchParams, setSearchParams] = useSearchParams();
const messageStr = useRef<QueryMessageString | null>(null);
useEffect(() => {
// Reset messageStr when location changes to allow re-displaying the same message on navigation
messageStr.current = null;
}, [location.pathname]);
useEffect(() => {
const queryMessageStr = searchParams.get(SearchParamKeys.Message);
if (!(queryMessageStr && queryMessageStr !== messageStr.current)) return;
const [queryMessage, queryMessageString] = toQueryMessage(queryMessageStr) ?? [null, null];
if (!queryMessage) return;
messageStr.current = queryMessageString;
if (displayMessages) {
toast[queryMessage.type](queryMessage.message, {
position: 'top-center',
autoClose: 5000,
hideProgressBar: false,
closeOnClick: true,
pauseOnHover: true,
draggable: false,
progress: undefined,
theme: 'colored',
toastId: 'login-route-info-message',
});
}
}, [displayMessages, searchParams]);
const setQueryMessage = useCallback(
(messageCode: QueryMessageCode, messageType: QueryMessageType) => {
const queryMessageString: QueryMessageString = `${messageCode}__${messageType}`;
messageStr.current = queryMessageString;
setSearchParams((prev) => {
prev.set(SearchParamKeys.Message, queryMessageString);
return prev;
});
},
[setSearchParams]
);
const clearQueryMessage = useCallback(() => {
messageStr.current = null;
setSearchParams((prev) => {
prev.delete(SearchParamKeys.Message);
return prev;
});
}, [setSearchParams]);
const toSearchParamQueryMessage = useCallback((message: QueryMessageCode, type: QueryMessageType): QueryMessageString => {
return `${message}__${type}`;
}, []);
return {
setQueryMessage,
clearQueryMessage,
toSearchParamQueryMessage,
};
}
function isValidQueryMessageCode(code: string): code is QueryMessageCode {
return Object.values(QueryMessageCode).includes(code as QueryMessageCode);
}
function isValidQueryMessageType(type: string): type is QueryMessageType {
return Object.values(QueryMessageType).includes(type as QueryMessageType);
}
function toQueryMessage(value: string): [QueryMessage, QueryMessageString] | null {
const [code, type] = value.split('__');
if (!isValidQueryMessageCode(code) || !isValidQueryMessageType(type)) return null;
return [
{
code: code,
type: type,
message: CODE_TO_MESSAGE_MAP[code],
},
`${code}__${type}`,
];
}

20
apps/frontend/app/lib/QueryMessages.tsx Normal file
View File

@@ -0,0 +1,20 @@
import type { ReactNode } from 'react';
export enum QueryMessageType {
Info = 'info',
Success = 'success',
Warning = 'warning',
Error = 'error',
}
export enum QueryMessageCode {
SessionExpired = 'SESSION_EXPIRED',
InitializationRequired = 'INITIALIZATION_REQUIRED',
InitializationSuccessful = 'INITIALIZATION_SUCCESSFUL',
}
export const CODE_TO_MESSAGE_MAP: Record<QueryMessageCode, ReactNode> = {
[QueryMessageCode.SessionExpired]: 'Your session has expired. Please log in again.',
[QueryMessageCode.InitializationRequired]: 'The application requires initialization. Please follow the setup instructions.',
[QueryMessageCode.InitializationSuccessful]: 'Initialization successful. Please log in.',
} as const;

29
apps/frontend/app/lib/api.ts
View File

@@ -65,7 +65,34 @@ function axiosResponseToFetchResponse(response: AxiosResponse): Response {
} }
}); });
return new Response(response.data, { // Normalize Axios response.data to a Fetch-compatible BodyInit
let body: BodyInit | null = null;
const data = response.data;
if (data == null) {
body = null;
} else if (
typeof data === 'string' ||
data instanceof Blob ||
data instanceof ArrayBuffer ||
ArrayBuffer.isView(data) ||
data instanceof FormData ||
data instanceof URLSearchParams
) {
body = data as BodyInit;
} else {
try {
body = JSON.stringify(data);
if (!headers.has('content-type')) {
headers.set('content-type', 'application/json;charset=utf-8');
}
} catch {
console.warn('Failed to stringify response data as JSON, falling back to string conversion.');
body = String(data);
}
}
return new Response(body, {
status: response.status, status: response.status,
statusText: response.statusText, statusText: response.statusText,
headers: headers, headers: headers,

4
apps/frontend/app/lib/constants.ts Normal file
View File

@@ -0,0 +1,4 @@
export enum SearchParamKeys {
Redirect = 'redirect',
Message = 'message',
}

64
apps/frontend/app/lib/toasts.tsx Normal file
View File

@@ -0,0 +1,64 @@
import { toast, type ToastOptions } from 'react-toastify/unstyled';
import { Text } from '@radix-ui/themes';
import { ResponseErrorToastId } from '../hooks/ResponseHelper';
export const displayUnexpectedErrorToast = (options: ToastOptions = {}) => {
toast.error(
<div>
<Text weight="bold">Unexpected Error:</Text>
<br /> An unexpected error occurred. Please try again later.
</div>,
{
position: 'top-center',
autoClose: false,
hideProgressBar: false,
closeOnClick: true,
pauseOnHover: true,
draggable: false,
progress: undefined,
theme: 'colored',
...options,
}
);
};
export const displayNetworkErrorToast = (options: ToastOptions = {}) => {
toast.error(
<div>
<Text weight="bold">Network Error:</Text>
<br /> Unable to reach the server. Please check your internet connection and try again.
</div>,
{
toastId: ResponseErrorToastId.NetworkError,
position: 'top-center',
autoClose: false,
hideProgressBar: false,
closeOnClick: true,
pauseOnHover: true,
draggable: false,
progress: undefined,
theme: 'colored',
...options,
}
);
};
export const displayForbiddenErrorToast = (options: ToastOptions = {}) => {
toast.error(
<div>
<Text weight="bold">Forbidden:</Text>
<br /> You do not have permission to perform this action.
</div>,
{
position: 'top-center',
autoClose: 5000,
hideProgressBar: false,
closeOnClick: true,
pauseOnHover: true,
draggable: false,
progress: undefined,
theme: 'colored',
...options,
}
);
};

56
apps/frontend/app/providers/ApiHealthProvider.tsx Normal file
View File

@@ -0,0 +1,56 @@
import { useNavigate } from 'react-router';
import { useQuery } from '@tanstack/react-query';
import { createContext, use, type PropsWithChildren } from 'react';
import { useApi } from './ApiProvider';
import { useResponseErrorHandler } from '../hooks/ResponseHelper';
import type { Schemas } from '../generated/api-client/api-client';
export type HealthStatus = Schemas.HealthInfo;
export type ApiHealthProviderProps = PropsWithChildren<object>;
export type ApiHealthContextType = {
healthStatus: HealthStatus | undefined;
};
const ApiHealthContext = createContext<ApiHealthContextType | null>(null);
export const ApiHealthProvider: React.FC<ApiHealthProviderProps> = ({ children }) => {
const navigate = useNavigate();
const { tanstackApiClient } = useApi();
const { defaultResponseErrorHandler } = useResponseErrorHandler();
const { queryOptions: healthInfoQuery } = tanstackApiClient.get('/api/health/info');
const { data } = useQuery({
...healthInfoQuery,
queryFn: async (...args) => {
try {
const data = await healthInfoQuery.queryFn!(...args);
if (!data.is_initialized) {
navigate('/init');
}
return data;
} catch (error) {
if (defaultResponseErrorHandler(error)) return {} as never;
throw error;
}
},
});
return (
<ApiHealthContext
value={{
healthStatus: data,
}}
>
{children}
</ApiHealthContext>
);
};
export const useApiHealth = (): ApiHealthContextType => {
const context = use(ApiHealthContext);
if (!context) {
throw new Error('useApiHealth must be used within an ApiHealthProvider');
}
return context;
};

12
apps/frontend/app/providers/ApiProvider.tsx
View File

@@ -1,9 +1,9 @@
import { createContext, use, useContext, type PropsWithChildren } from 'react'; import { createContext, use, type PropsWithChildren } from 'react';
import { createTanstackApi, createApi } from '../lib/api'; import { createTanstackApi, createApi } from '../lib/api';
import axios from 'axios'; import axios from 'axios';
import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
type ApiProviderProps = PropsWithChildren<{}>; type ApiProviderProps = PropsWithChildren<object>;
type ApiContextType = { type ApiContextType = {
apiClient: ReturnType<typeof createApi>; apiClient: ReturnType<typeof createApi>;
tanstackApiClient: ReturnType<typeof createTanstackApi>; tanstackApiClient: ReturnType<typeof createTanstackApi>;
@@ -34,8 +34,14 @@ export const ApiProvider: React.FC<ApiProviderProps> = ({ children }) => {
const axiosInstance = axios.create({ const axiosInstance = axios.create({
withCredentials: true, withCredentials: true,
}); });
const internalAxiosInstance = axios.create({
withCredentials: true,
});
const apiClient = createApi(axiosInstance); const apiClient = createApi(axiosInstance);
const tanstackApiClient = createTanstackApi(axiosInstance); const tanstackApiClient = createTanstackApi(internalAxiosInstance);
return ( return (
<QueryClientProvider client={queryClient}> <QueryClientProvider client={queryClient}>
<ApiContext <ApiContext

47
apps/frontend/app/providers/AuthProvider.tsx Normal file
View File

@@ -0,0 +1,47 @@
import { createContext, use, useCallback, useState, type PropsWithChildren } from 'react';
export type User = {
id: string;
name: string;
};
export type AuthProviderProps = PropsWithChildren<object>;
export type AuthContextType = {
setUser: (user: User) => void;
logOut: () => void;
user: User | null;
};
const AuthContext = createContext<AuthContextType | null>(null);
export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
const [user, setUserState] = useState<User | null>(null);
const setUser = useCallback((user: User) => {
setUserState(user);
}, []);
const logout = useCallback(() => {
setUserState(null);
}, []);
return (
<AuthContext
value={{
user: user,
logOut: logout,
setUser: setUser,
}}
>
{children}
</AuthContext>
);
};
export function useAuth() {
const context = use(AuthContext);
if (!context) {
throw new Error('useAuth must be used within a AuthProvider');
}
return context;
}

18
apps/frontend/app/providers/FormProvider.tsx Normal file
View File

@@ -0,0 +1,18 @@
import { createFormHook, createFormHookContexts } from '@tanstack/react-form';
import { TextField, TextFieldErrorMessage } from '../components/Form/TextField';
import { ResetButton, SubmitButton } from '../components/Form/Button';
const { fieldContext, formContext } = createFormHookContexts();
export const formHook = createFormHook({
fieldComponents: {
TextField,
TextFieldErrorMessage,
},
formComponents: {
SubmitButton,
ResetButton,
},
fieldContext,
formContext,
});

38
apps/frontend/app/providers/LayoutProvider.tsx Normal file
View File

@@ -0,0 +1,38 @@
import { createContext, use, useState, type PropsWithChildren } from 'react';
import type { NavItem } from '../components/layout/types';
type LayoutProviderProps = PropsWithChildren<object>;
type LayoutContextType = {
activeTab: NavItem;
setActiveTab: (tab: NavItem) => void;
isMobileMenuOpen: boolean;
setIsMobileMenuOpen: (open: boolean) => void;
};
const LayoutContext = createContext<LayoutContextType | null>(null);
export const LayoutProvider: React.FC<LayoutProviderProps> = ({ children }) => {
const [activeTab, setActiveTab] = useState<NavItem>('Dashboard');
const [isMobileMenuOpen, setIsMobileMenuOpen] = useState(false);
return (
<LayoutContext
value={{
activeTab,
setActiveTab,
isMobileMenuOpen,
setIsMobileMenuOpen,
}}
>
{children}
</LayoutContext>
);
};
export function useLayout() {
const context = use(LayoutContext);
if (!context) {
throw new Error('useLayout must be used within a LayoutProvider');
}
return context;
}

28
apps/frontend/app/root.tsx
View File

@@ -1,8 +1,18 @@
import { isRouteErrorResponse, Links, Meta, Outlet, Scripts, ScrollRestoration } from 'react-router'; import { isRouteErrorResponse, Links, Meta, Outlet, Scripts, ScrollRestoration } from 'react-router';
import type { Route } from './+types/root'; import type { Route } from './+types/root';
import '@radix-ui/themes/styles.css';
import './app.css'; import './app.css';
import { Theme } from '@radix-ui/themes'; // start: react-toastify special import
// ! MUST use unstyled version for dev server build, styled version for production build is handled in vite.config.ts
import { ToastContainer } from 'react-toastify/unstyled';
import 'react-toastify/ReactToastify.css';
// end: react-toastify special import
import AppTheme from './components/theme';
import { ApiProvider } from './providers/ApiProvider'; import { ApiProvider } from './providers/ApiProvider';
import { LayoutProvider } from './providers/LayoutProvider';
import { Tooltip } from 'radix-ui';
import { AuthProvider } from './providers/AuthProvider';
import { ApiHealthProvider } from './providers/ApiHealthProvider';
export const links: Route.LinksFunction = () => []; export const links: Route.LinksFunction = () => [];
@@ -26,11 +36,23 @@ export function Layout({ children }: { children: React.ReactNode }) {
export default function App() { export default function App() {
return ( return (
<Theme> <>
<AppTheme>
<ApiProvider> <ApiProvider>
<Tooltip.Provider delayDuration={250}>
<LayoutProvider>
<ApiHealthProvider>
<AuthProvider>
<Outlet /> <Outlet />
</AuthProvider>
</ApiHealthProvider>
</LayoutProvider>
</Tooltip.Provider>
</ApiProvider> </ApiProvider>
</Theme> </AppTheme>
<ToastContainer />
</>
); );
} }

6
apps/frontend/app/routes.ts
View File

@@ -1,7 +1,9 @@
import { type RouteConfig, index, route } from '@react-router/dev/routes'; import { type RouteConfig, index, layout, route } from '@react-router/dev/routes';
export default [ export default [
index('routes/home.tsx'), route('login', 'routes/auth/login.tsx'),
route('init', 'routes/init.tsx'),
layout('routes/layout.tsx', [index('routes/home.tsx')]),
// catch-all 404 route // catch-all 404 route
route('*', 'routes/404.tsx'), route('*', 'routes/404.tsx'),
] satisfies RouteConfig; ] satisfies RouteConfig;

153
apps/frontend/app/routes/auth/login.tsx Normal file
View File

@@ -0,0 +1,153 @@
import { Box, Container, Flex, Heading } from '@radix-ui/themes';
import { useMutation } from '@tanstack/react-query';
import { useLocation, useNavigate } from 'react-router';
import { toast } from 'react-toastify/unstyled';
import * as v from 'valibot';
import { useResponseErrorHandler } from '../../hooks/ResponseHelper';
import { useApi } from '../../providers/ApiProvider';
import { formHook } from '../../providers/FormProvider';
import type { Route } from './+types/login';
import { SearchParamKeys } from '../../lib/constants';
import { AxiosError } from 'axios';
import { useQueryMessage } from '../../hooks/useQueryMessage';
const loginFormSchema = v.object({
username: v.pipe(v.string(), v.trim(), v.minLength(1, 'Username is required')),
password: v.pipe(v.string(), v.minLength(1, 'Password is required')),
});
// eslint-disable-next-line no-empty-pattern
export function meta({}: Route.MetaArgs): Route.MetaDescriptors {
return [{ title: 'Login | YANPM' }];
}
// TODO: remember me
export default function LoginRoute() {
const navigate = useNavigate();
const location = useLocation();
const { tanstackApiClient } = useApi();
const { defaultResponseErrorHandler } = useResponseErrorHandler();
useQueryMessage();
const { mutateAsync: login, isPending } = useMutation({
...tanstackApiClient.mutation('post', '/api/auth/login').mutationOptions,
onSuccess: async () => {
const searchParams = new URLSearchParams(location.search);
const redirectTo = searchParams.get(SearchParamKeys.Redirect);
if (redirectTo) {
navigate(redirectTo);
return;
}
navigate('/');
},
onError: (error) => {
if (defaultResponseErrorHandler(error, { disableUnauthorizedHandling: true })) return;
if (error instanceof AxiosError && error.status === 401) {
toast.error('Invalid username or password.', {
position: 'top-center',
autoClose: 5000,
hideProgressBar: false,
closeOnClick: true,
pauseOnHover: true,
draggable: false,
progress: undefined,
theme: 'colored',
});
return;
}
console.error('Login failed:', error);
},
});
const form = formHook.useAppForm({
defaultValues: {
username: '',
password: '',
},
validators: {
onBlur: loginFormSchema,
onSubmit: loginFormSchema,
},
onSubmit: async ({ value }) => {
toast.dismiss();
return await login({ body: { password: value.password, username: value.username } }).catch(() => {});
},
});
return (
<>
<Flex align="center" justify="center" style={{ minHeight: 'calc(100vh - 64px)' }}>
<Container size="3" p="0">
<Box
style={{
display: 'flex',
flexDirection: 'column',
maxWidth: 420,
margin: '40px auto',
backgroundColor: 'white',
padding: 24,
borderRadius: 8,
boxShadow: '0 6px 18px rgba(15,23,42,0.2)',
}}
>
<Heading size="6" style={{ marginBottom: 16, alignSelf: 'center' }}>
Sign In
</Heading>
<form
onSubmit={(e) => {
e.preventDefault();
form.handleSubmit();
}}
>
<form.AppField
name="username"
children={(field) => (
<>
<field.TextField
label={'Username'}
value={field.state.value}
autoComplete="username"
spellCheck={false}
required
onChange={(e) => field.handleChange(e.target.value)}
/>
<field.TextFieldErrorMessage {...field.state.meta} />
</>
)}
/>
<form.AppField
name="password"
children={(field) => (
<>
<field.TextField
label={'Password'}
value={field.state.value}
type="password"
required
autoComplete="current-password"
onChange={(e) => field.handleChange(e.target.value)}
showPasswordToggle
/>
<field.TextFieldErrorMessage {...field.state.meta} />
</>
)}
/>
<div style={{ marginTop: 18, display: 'flex', gap: 8, justifySelf: 'center' }}>
<form.SubmitButton
loading={isPending}
label={{
default: 'Sign In',
loading: 'Signing In…',
}}
/>
</div>
</form>
</Box>
</Container>
</Flex>
</>
);
}

76
apps/frontend/app/routes/home.tsx
View File

@@ -1,13 +1,75 @@
import { Text } from '@radix-ui/themes'; import { Box, Button, Card, Flex, Grid, Heading, Text } from '@radix-ui/themes';
import type { Route } from './+types/home'; import type { Route } from './+types/home';
import { useContext } from 'react'; import TablePlaceholder from '../components/home/TablePlaceholder';
import { useApi } from '../providers/ApiProvider'; import { useLayout } from '../providers/LayoutProvider';
import { useQuery } from '@tanstack/react-query'; import { useEnsureLoggedIn } from '../hooks/ensureLoggedIn';
// eslint-disable-next-line no-empty-pattern
export function meta({}: Route.MetaArgs) { export function meta({}: Route.MetaArgs) {
return [{ title: 'YANPM' }, { name: 'description', content: 'Welcome to Yet Another Nginx Proxy Manager!' }]; return [{ title: 'Proxy Host Demo | YANPM' }, { name: 'description', content: 'Demo of the unified navigation paradigm.' }];
} }
export default function Home() { export default function ProxyHostDemo() {
return <Text>Welcome to Yet Another Nginx Proxy Manager!</Text>; useEnsureLoggedIn();
const { activeTab } = useLayout();
return (
<Box>
<Heading size="7" mb="1">
{activeTab}
</Heading>
<Text color="gray" mb="4" as="p">
This is the {activeTab.toLowerCase()} page demo.
</Text>
<Grid columns={{ initial: '1', sm: '2', lg: '3' }} gap="4">
<Card size="2">
<Flex direction="column" gap="2">
<Text size="2" weight="bold">
Status Overview
</Text>
<Text size="2" color="gray">
Everything is running smoothly in your {activeTab.toLowerCase()} section.
</Text>
<Button variant="surface" size="1" style={{ width: 'fit-content' }} mt="1">
View Details
</Button>
</Flex>
</Card>
<Card size="2">
<Flex direction="column" gap="2">
<Text size="2" weight="bold">
Recent Activity
</Text>
<Text size="2" color="gray">
No recent changes detected in the last 24 hours.
</Text>
<Button variant="surface" size="1" style={{ width: 'fit-content' }} mt="1">
Refresh
</Button>
</Flex>
</Card>
<Card size="2">
<Flex direction="column" gap="2">
<Text size="2" weight="bold">
Quick Actions
</Text>
<Text size="2" color="gray">
Common tasks related to {activeTab.toLowerCase()} are available here.
</Text>
<Button variant="solid" size="1" style={{ width: 'fit-content' }} mt="1">
Get Started
</Button>
</Flex>
</Card>
</Grid>
{activeTab === 'Proxy Hosts' && (
<Box mt="6">
<Card variant="surface">
<TablePlaceholder />
</Card>
</Box>
)}
</Box>
);
} }

161
apps/frontend/app/routes/init.tsx Normal file
View File

@@ -0,0 +1,161 @@
import { Box, Container, Flex, Heading, Text } from '@radix-ui/themes';
import { useMutation, useQuery } from '@tanstack/react-query';
import { useNavigate } from 'react-router';
import { toast } from 'react-toastify/unstyled';
import * as v from 'valibot';
import { useResponseErrorHandler } from '../hooks/ResponseHelper';
import { useApi } from '../providers/ApiProvider';
import { formHook } from '../providers/FormProvider';
import { TooltipContentContainer } from '../components/info';
import { SearchParamKeys } from '../lib/constants';
import { useQueryMessage } from '../hooks/useQueryMessage';
import { QueryMessageCode, QueryMessageType } from '../lib/QueryMessages';
const initFormSchema = v.object({
username: v.pipe(v.string(), v.trim(), v.minLength(1, 'Username is required')),
password: v.pipe(v.string(), v.minLength(1, 'Password is required')),
setup_secret: v.pipe(v.string(), v.minLength(1, 'Setup secret is required')),
});
export default function InitRoute() {
const navigate = useNavigate();
const { tanstackApiClient } = useApi();
const { defaultResponseErrorHandler } = useResponseErrorHandler();
const { toSearchParamQueryMessage } = useQueryMessage();
const { mutateAsync: initAdmin, isPending } = useMutation({
...tanstackApiClient.mutation('post', '/api/auth/init_admin').mutationOptions,
onSuccess: async () => {
const searchParams = new URLSearchParams();
searchParams.set(SearchParamKeys.Message, toSearchParamQueryMessage(QueryMessageCode.InitializationSuccessful, QueryMessageType.Success));
navigate(`/login?${searchParams.toString()}`);
},
onError: (error) => {
if (defaultResponseErrorHandler(error)) return;
console.error('Init failed:', error);
},
});
const { queryOptions: healthInfoQuery } = tanstackApiClient.get('/api/health/info');
useQuery({
...healthInfoQuery,
queryFn: async (...args) => {
try {
const data = await healthInfoQuery.queryFn!(...args);
if (data.is_initialized) {
navigate('/login', { replace: true });
return data;
}
return data;
} catch (error) {
if (defaultResponseErrorHandler(error)) return {} as never;
throw error;
}
},
});
const form = formHook.useAppForm({
defaultValues: { username: '', password: '', setup_secret: '' },
validators: { onBlur: initFormSchema, onSubmit: initFormSchema },
onSubmit: async ({ value }) => {
toast.dismiss();
return await initAdmin({ body: { username: value.username, password: value.password, setup_secret: value.setup_secret } });
},
});
return (
<>
<Flex align="center" justify="center" style={{ minHeight: 'calc(100vh - 64px)' }}>
<Container size="3" p="0">
<Box
style={{
display: 'flex',
flexDirection: 'column',
maxWidth: 480,
margin: '40px auto',
backgroundColor: 'white',
padding: 24,
borderRadius: 8,
boxShadow: '0 6px 18px rgba(15,23,42,0.06)',
}}
>
<Heading size="6" style={{ marginBottom: 12, alignSelf: 'center' }}>
Initialize YANPM
</Heading>
<Heading size="3" style={{ marginBottom: 24, color: 'var(--gray-11)', alignSelf: 'center' }}>
Create the initial admin user
</Heading>
<form
onSubmit={(e) => {
e.preventDefault();
form.handleSubmit();
}}
>
<form.AppField
name="username"
children={(field) => (
<>
<field.TextField
label="Username"
value={field.state.value}
autoComplete="username"
spellCheck={false}
required
onChange={(e) => field.handleChange(e.target.value)}
/>
<field.TextFieldErrorMessage {...field.state.meta} />
</>
)}
/>
<form.AppField
name="password"
children={(field) => (
<>
<field.TextField
label="Password"
value={field.state.value}
type="password"
required
autoComplete="new-password"
onChange={(e) => field.handleChange(e.target.value)}
showPasswordToggle
/>
<field.TextFieldErrorMessage {...field.state.meta} />
</>
)}
/>
<form.AppField
name="setup_secret"
children={(field) => (
<>
<field.TextField
label="Setup Secret"
value={field.state.value}
required
onChange={(e) => field.handleChange(e.target.value)}
infoIconProps={{
children: (
<TooltipContentContainer>
<Text>This secret is provided when the API server is first started. Refer to your server logs to find it.</Text>
</TooltipContentContainer>
),
}}
/>
<field.TextFieldErrorMessage {...field.state.meta} />
</>
)}
/>
<div style={{ marginTop: 18, display: 'flex', gap: 8, justifySelf: 'center' }}>
<form.SubmitButton loading={isPending} label={{ default: 'Initialize' }} />
</div>
</form>
</Box>
</Container>
</Flex>
</>
);
}

88
apps/frontend/app/routes/layout.tsx Normal file
View File

@@ -0,0 +1,88 @@
import { Flex, Box, Container, Dialog, Heading, IconButton, TextField } from '@radix-ui/themes';
import SidebarContent from '../components/layout/SidebarContent';
import { useLayout } from '../providers/LayoutProvider';
import { Menu, Search, Bell } from 'lucide-react';
import { Outlet } from 'react-router';
export default function LayoutContainer() {
const { activeTab, isMobileMenuOpen, setIsMobileMenuOpen } = useLayout();
return (
<Flex style={{ minHeight: '100vh', backgroundColor: 'var(--gray-2)' }}>
{/* Desktop Sidebar */}
<Box
display={{ initial: 'none', md: 'block' }}
style={{
width: '260px',
backgroundColor: 'white',
borderRight: '1px solid var(--gray-4)',
position: 'sticky',
top: 0,
minHeight: '100vh',
overflowY: 'auto',
}}
>
<SidebarContent />
</Box>
{/* Main Content Area */}
<Box style={{ flex: 1, minWidth: 0 }}>
{' '}
{/* Top Header (Mobile & Desktop) */}
<Flex
align="center"
justify="between"
px="4"
style={{
height: '64px',
backgroundColor: 'white',
borderBottom: '1px solid var(--gray-4)',
position: 'sticky',
top: 0,
zIndex: 10,
}}
>
<Flex align="center" gap="3">
<Box display={{ md: 'none' }}>
<Dialog.Root open={isMobileMenuOpen} onOpenChange={setIsMobileMenuOpen}>
<Dialog.Trigger>
<IconButton variant="ghost" color="gray">
<Menu />
</IconButton>
</Dialog.Trigger>
<Dialog.Content
style={{
position: 'fixed',
left: 0,
top: 0,
bottom: 0,
margin: 0,
width: '280px',
borderRadius: 0,
padding: 0,
}}
>
<SidebarContent />
</Dialog.Content>
</Dialog.Root>
</Box>
<Heading size="4">{activeTab}</Heading>
</Flex>
<Flex align="center" gap="3">
<TextField.Root placeholder="Search..." size="2">
<TextField.Slot>
<Search />
</TextField.Slot>
</TextField.Root>
<IconButton variant="ghost" color="gray">
<Bell />
</IconButton>
</Flex>
</Flex>
<Container size="4" p="5" style={{ paddingTop: 20 }}>
<Outlet />
</Container>
</Box>
</Flex>
);
}

5
apps/frontend/app/vite-env.d.ts vendored
View File

@@ -1,7 +1,6 @@
interface ViteTypeOptions { interface ViteTypeOptions {
// By adding this line, you can make the type of ImportMetaEnv strict // disallow unknown keys.
// to disallow unknown keys. strictImportMetaEnv: unknown;
// strictImportMetaEnv: unknown
} }
interface ImportMetaEnv { interface ImportMetaEnv {

42
apps/frontend/eslint.config.ts Normal file
View File

@@ -0,0 +1,42 @@
import js from '@eslint/js';
import globals from 'globals';
import tseslint from 'typescript-eslint';
import pluginReact from 'eslint-plugin-react';
import pluginReactHooks from 'eslint-plugin-react-hooks';
export default tseslint.config(
{
// Ignore files and directories
ignores: ['node_modules', 'app/generated', 'build', '.react-router'],
},
js.configs.recommended,
...tseslint.configs.recommended,
{
languageOptions: {
ecmaVersion: 2020,
globals: {
...globals.browser,
...globals.node,
},
parserOptions: {
project: ['./tsconfig.json', './tsconfig.node.json'],
tsconfigRootDir: import.meta.dirname,
},
},
rules: {},
},
{
...pluginReact.configs.flat.recommended, // Enables core React rules
...pluginReactHooks.configs.flat.recommended, // Enables React Hooks rules
languageOptions: {
parserOptions: {
ecmaFeatures: {
jsx: true,
},
},
globals: {
...globals.browser,
},
},
}
);

15
apps/frontend/package.json
View File

@@ -7,32 +7,45 @@
"dev": "react-router dev", "dev": "react-router dev",
"start": "react-router-serve ./build/server/index.js", "start": "react-router-serve ./build/server/index.js",
"typecheck": "react-router typegen && tsc", "typecheck": "react-router typegen && tsc",
"lint": "eslint .",
"test": "echo \"No tests specified\" && exit 0", "test": "echo \"No tests specified\" && exit 0",
"generate:openapi": "typed-openapi ../api/swagger.json --tanstack tanstack-client.ts -o ./app/generated/api-client/api-client.ts" "generate:openapi": "typed-openapi ../api/swagger.json --tanstack tanstack-client.ts -o ./app/generated/api-client/api-client.ts"
}, },
"dependencies": { "dependencies": {
"@radix-ui/react-tooltip": "^1.2.8",
"@radix-ui/themes": "^3.2.1", "@radix-ui/themes": "^3.2.1",
"@react-router/node": "^7.9.2", "@react-router/node": "^7.9.2",
"@react-router/serve": "^7.9.2", "@react-router/serve": "^7.9.2",
"@tanstack/react-form": "^1.27.5",
"@tanstack/react-query": "^5.90.12", "@tanstack/react-query": "^5.90.12",
"axios": "^1.13.2", "axios": "^1.13.2",
"globals": "^16.5.0",
"isbot": "^5.1.31", "isbot": "^5.1.31",
"lucide-react": "^0.562.0",
"radix-ui": "^1.4.3", "radix-ui": "^1.4.3",
"react": "^19.1.1", "react": "^19.1.1",
"react-dom": "^19.1.1", "react-dom": "^19.1.1",
"react-router": "^7.9.2" "react-router": "^7.9.2",
"react-toastify": "^11.0.5",
"valibot": "^1.2.0"
}, },
"devDependencies": { "devDependencies": {
"@eslint/js": "^9.39.2",
"@react-router/dev": "^7.9.2", "@react-router/dev": "^7.9.2",
"@tailwindcss/vite": "^4.1.13", "@tailwindcss/vite": "^4.1.13",
"@types/node": "^22", "@types/node": "^22",
"@types/react": "^19.1.13", "@types/react": "^19.1.13",
"@types/react-dom": "^19.1.9", "@types/react-dom": "^19.1.9",
"dotenv": "^17.2.3", "dotenv": "^17.2.3",
"eslint": "^9.39.2",
"eslint-plugin-react": "^7.37.5",
"eslint-plugin-react-hooks": "^7.0.1",
"tailwindcss": "^4.1.13", "tailwindcss": "^4.1.13",
"typed-openapi": "^2.2.3", "typed-openapi": "^2.2.3",
"typescript": "^5.9.2", "typescript": "^5.9.2",
"typescript-eslint": "^8.50.0",
"vite": "^7.1.7", "vite": "^7.1.7",
"vite-plugin-eslint": "^1.8.1",
"vite-tsconfig-paths": "^5.1.4" "vite-tsconfig-paths": "^5.1.4"
} }
} }

1937
apps/frontend/pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

33
apps/frontend/vite.config.ts
View File

@@ -2,8 +2,37 @@ import { reactRouter } from '@react-router/dev/vite';
import tailwindcss from '@tailwindcss/vite'; import tailwindcss from '@tailwindcss/vite';
import { defineConfig } from 'vite'; import { defineConfig } from 'vite';
import tsconfigPaths from 'vite-tsconfig-paths'; import tsconfigPaths from 'vite-tsconfig-paths';
// @ts-expect-error vite-plugin-eslint has no types
import eslint from 'vite-plugin-eslint';
export default defineConfig({ export default defineConfig(({ command }) => {
plugins: [tailwindcss(), reactRouter(), tsconfigPaths()], const isBuild = command === 'build';
return {
plugins: [
tailwindcss(),
reactRouter(),
tsconfigPaths(),
eslint({
failOnError: false,
}),
],
resolve: {
alias: isBuild
? [
{
// replace unstyled import with styled for SPA build
find: 'react-toastify/unstyled',
replacement: 'react-toastify',
},
{
// point to the empty CSS file to stub out the import during build, SPA build does not require extra CSS imports
find: 'react-toastify/ReactToastify.css',
replacement: '~/empty-toastify.css',
},
]
: [],
},
appType: 'spa', appType: 'spa',
};
}); });