feat: add admin HTTP Basic Auth for course operations

- Add Basic Auth to Create Course endpoint
- Add Basic Auth to Update Course endpoint
- Add Basic Auth to Delete Course endpoint
- Document auth requirements in API specs

Author: wangeguo

openapi.json

@@ -63,7 +63,12 @@
           "500": {
             "description": "Failed to create course"
           }
-        }
+        },
+        "security": [
+          {
+            "AdminBasicAuth": []
+          }
+        ]
       }
     },
     "/v1/courses/{slug}": {
@@ -130,7 +135,12 @@
           "500": {
             "description": "Failed to delete course"
           }
-        }
+        },
+        "security": [
+          {
+            "AdminBasicAuth": []
+          }
+        ]
       },
       "patch": {
         "tags": [
@@ -159,7 +169,12 @@
           "500": {
             "description": "Failed to update course"
           }
-        }
+        },
+        "security": [
+          {
+            "AdminBasicAuth": []
+          }
+        ]
       }
     },
     "/v1/courses/{slug}/attempts": {
@@ -1290,6 +1305,10 @@
       }
     },
     "securitySchemes": {
+      "AdminBasicAuth": {
+        "type": "http",
+        "scheme": "basic"
+      },
       "JWTBearerAuth": {
         "type": "http",
         "scheme": "bearer",

src/handler/course.rs

@@ -30,7 +30,7 @@ use tracing::{error, info};
 use crate::{
     context::Context,
     errors::Result,
-    extractor::Claims,
+    extractor::{AdminBasic, Claims},
     request::{CreateCourseRequest, CreateUserCourseRequest, UpdateUserCourseRequest},
     response::{AttemptResponse, CourseDetailResponse, CourseResponse, UserCourseResponse},
     service::CourseService,
@@ -64,9 +64,11 @@ pub async fn find(State(ctx): State<Arc<Context>>) -> Result<impl IntoResponse>
         (status = 201, description = "Course created successfully", body = CourseResponse),
         (status = 500, description = "Failed to create course")
     ),
+    security(("AdminBasicAuth" = [])),
     tag = "Course"
 )]
 pub async fn create(
+    _: AdminBasic,
     State(ctx): State<Arc<Context>>,
     Json(req): Json<CreateCourseRequest>,
 ) -> Result<impl IntoResponse> {
@@ -106,9 +108,11 @@ pub async fn get(
         (status = 404, description = "Course not found"),
         (status = 500, description = "Failed to delete course")
     ),
+    security(("AdminBasicAuth" = [])),
     tag = "Course"
 )]
 pub async fn delete(
+    _: AdminBasic,
     State(ctx): State<Arc<Context>>,
     Path(slug): Path<String>,
 ) -> Result<impl IntoResponse> {
@@ -128,9 +132,11 @@ pub async fn delete(
         (status = 404, description = "Course not found"),
         (status = 500, description = "Failed to update course")
     ),
+    security(("AdminBasicAuth" = [])),
     tag = "Course"
 )]
 pub async fn update(
+    _: AdminBasic,
     State(ctx): State<Arc<Context>>,
     Path(slug): Path<String>,
 ) -> Result<impl IntoResponse> {

src/swagger.rs

@@ -90,6 +90,11 @@ impl Modify for SecurityAddon {
                 SecurityScheme::Http(
                     HttpBuilder::new().scheme(HttpAuthScheme::Bearer).bearer_format("JWT").build(),
                 ),
+            );
+
+            components.add_security_scheme(
+                "AdminBasicAuth",
+                SecurityScheme::Http(HttpBuilder::new().scheme(HttpAuthScheme::Basic).build()),
             )
         }
     }