Document new guard behaviour

This commit is contained in:
Rob Wagner 2023-07-29 17:05:05 -04:00
parent a07426695a
commit 19aadd8eab
No known key found for this signature in database
GPG key ID: 53CCB4497B15CF61
2 changed files with 7 additions and 8 deletions

View file

@ -54,9 +54,8 @@ present, the extractor will return `None` or `false` in most cases.
__Requires features `guards`.__
In addition to the extractors, there is also a route-wide layer request guard
for the `HX-Request` header. This will return a `403: Forbidden` response if the
header is not present, which is useful if you want to make an entire router, say
`/api`, only accessible via htmx requests.
for the `HX-Request` header. This will redirect any requests without the header
to "/" by default.
_It should be noted that this is NOT a replacement for an auth guard. A user can
trivially set the `HX-Request` header themselves. This is merely a convenience
@ -101,7 +100,7 @@ use axum_htmx::HxRequestGuardLayer;
fn protected_router() -> Router {
Router::new()
.layer(HxRequestGuardLayer::new())
.layer(HxRequestGuardLayer::default())
}
```

View file

@ -17,11 +17,11 @@ use tower::{Layer, Service};
use crate::HX_REQUEST;
/// Checks if the request contains the `HX-Request` header, returning a `403:
/// Forbidden` response if the header is not present.
/// Checks if the request contains the `HX-Request` header, redirecting to the
/// given location if not.
///
/// This can be used to protect routes that should only be accessed via htmx
/// requests.
/// This can be useful for preventing users from accidently ending up on a route
/// which would otherwise return only partial HTML data.
#[derive(Debug, Clone)]
pub struct HxRequestGuardLayer<'a> {
redirect_to: &'a str,