From 2f6c729dc3913aaf44037924a7c2e9e6832c320c Mon Sep 17 00:00:00 2001
From: Jackz <me@jackz.me>
Date: Sun, 20 Apr 2025 12:56:14 -0500
Subject: [PATCH] Add 403 page

---
 src/main.rs                   | 12 +++++++++++-
 src/routes/ui.rs              |  3 ++-
 src/routes/ui/admin.rs        | 10 ++++++++++
 templates/errors/403.html.hbs | 26 ++++++++++++++++++++++++++
 4 files changed, 49 insertions(+), 2 deletions(-)
 create mode 100644 src/routes/ui/admin.rs
 create mode 100644 templates/errors/403.html.hbs

diff --git a/src/main.rs b/src/main.rs
index 7390c28..9ae8367 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -152,11 +152,14 @@ async fn rocket() -> _ {
             ui::help::about,
             ui::help::test_get
         ])
+        .mount("/admin", routes![
+            ui::admin::index
+        ])
         .register("/api", catchers![
             not_found_api,
         ])
         .register("/", catchers![
-            not_found, not_authorized
+            not_found, not_authorized, forbidden
         ])
 }
 
@@ -166,6 +169,13 @@ pub fn not_authorized(req: &Request) -> Redirect {
     Redirect::to(format!("/auth/login?return_to={}", req.uri().path().percent_encode()))
 }
 
+#[catch(403)]
+pub fn forbidden(req: &Request) -> Template {
+   Template::render("errors/403", context! {
+
+   })
+}
+
 #[catch(404)]
 fn not_found(req: &Request) -> Template {
     Template::render("errors/404", context! {
diff --git a/src/routes/ui.rs b/src/routes/ui.rs
index cf27f27..81468ad 100644
--- a/src/routes/ui.rs
+++ b/src/routes/ui.rs
@@ -1,3 +1,4 @@
 pub mod user;
 pub mod help;
-pub(crate) mod auth;
\ No newline at end of file
+pub(crate) mod auth;
+pub mod admin;
\ No newline at end of file
diff --git a/src/routes/ui/admin.rs b/src/routes/ui/admin.rs
new file mode 100644
index 0000000..a96c984
--- /dev/null
+++ b/src/routes/ui/admin.rs
@@ -0,0 +1,10 @@
+use rocket::{get, Route};
+use rocket::http::Status;
+use rocket::response::status;
+use rocket_dyn_templates::{context, Template};
+use crate::guards::AuthUser;
+
+#[get("/")]
+pub async fn index(user: AuthUser, route: &Route) -> Status {
+    Status::Forbidden
+}
\ No newline at end of file
diff --git a/templates/errors/403.html.hbs b/templates/errors/403.html.hbs
new file mode 100644
index 0000000..47baf37
--- /dev/null
+++ b/templates/errors/403.html.hbs
@@ -0,0 +1,26 @@
+{{#> layouts/default body-class="has-background-white-ter login-bg" }}
+    <br><br>
+    <div class="container py-6" style="width:20%"> <!-- TODO: fix width on mobile -->
+        <h1 class="title is-1 has-text-centered">storage-app</h1>
+        <div class="box is-radiusless">
+            <h4 class="title is-4 has-text-centered">403 Forbidden</h4>
+            <p>You do not have permission to view the resource at <code></code></p>
+
+            <br>
+            <!-- Hide go back unless javascript enabled -->
+            <p><span id="backlink" style="display:none"><a href="">Go Back</a> | </span><a href="/">Return home</a></p>
+        </div>
+    </div>
+{{/layouts/default}}
+
+<script>
+// Enable 'go back' link:
+const element = document.querySelector('#backlink');
+element.style.display = "inline"
+const elementLink = document.querySelector('#backlink a');
+elementLink.setAttribute('href', document.referrer);
+elementLink.onclick = function() {
+    history.back();
+    return false;
+}
+</script>
\ No newline at end of file