From 19aadd8eabbe9d29bdaeced79690b9d432018605 Mon Sep 17 00:00:00 2001 From: Rob Wagner Date: Sat, 29 Jul 2023 17:05:05 -0400 Subject: [PATCH] Document new guard behaviour --- README.md | 7 +++---- src/guard.rs | 8 ++++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a4c8246..681f624 100644 --- a/README.md +++ b/README.md @@ -54,9 +54,8 @@ present, the extractor will return `None` or `false` in most cases. __Requires features `guards`.__ In addition to the extractors, there is also a route-wide layer request guard -for the `HX-Request` header. This will return a `403: Forbidden` response if the -header is not present, which is useful if you want to make an entire router, say -`/api`, only accessible via htmx requests. +for the `HX-Request` header. This will redirect any requests without the header +to "/" by default. _It should be noted that this is NOT a replacement for an auth guard. A user can trivially set the `HX-Request` header themselves. This is merely a convenience @@ -101,7 +100,7 @@ use axum_htmx::HxRequestGuardLayer; fn protected_router() -> Router { Router::new() - .layer(HxRequestGuardLayer::new()) + .layer(HxRequestGuardLayer::default()) } ``` diff --git a/src/guard.rs b/src/guard.rs index 1bcc37d..66b440b 100644 --- a/src/guard.rs +++ b/src/guard.rs @@ -17,11 +17,11 @@ use tower::{Layer, Service}; use crate::HX_REQUEST; -/// Checks if the request contains the `HX-Request` header, returning a `403: -/// Forbidden` response if the header is not present. +/// Checks if the request contains the `HX-Request` header, redirecting to the +/// given location if not. /// -/// This can be used to protect routes that should only be accessed via htmx -/// requests. +/// This can be useful for preventing users from accidently ending up on a route +/// which would otherwise return only partial HTML data. #[derive(Debug, Clone)] pub struct HxRequestGuardLayer<'a> { redirect_to: &'a str,