Admin Dashboard
authx-dashboard is a self-contained Axum router that serves an embedded admin dashboard — no separate deployment, no Node.js, no build step.
Features
Section titled “Features”- List, search, and create users
- Ban and unban users (with reason)
- View and revoke active sessions per user
- Stat overview (total users, banned, unverified)
- Secured by admin bearer token — token prompt in the browser UI
Mounting
Section titled “Mounting”authx-dashboard = { path = "crates/authx-dashboard" }use authx_dashboard::DashboardState;use authx_core::events::EventBus;
let events = EventBus::new();let dashboard = DashboardState::new(store.clone(), events.clone(), 86400);
let app = Router::new() .nest("/_authx", dashboard.router("my-secret-admin-token")) .nest("/auth", auth_router) .layer(SessionLayer::new(store));The dashboard is now available at /_authx/.
Security
Section titled “Security”- All
/api/*routes requireAuthorization: Bearer <admin_token> - The root HTML page is served without authentication so the login form can be displayed
- Tokens are stored in
sessionStorage— cleared when the browser tab closes
REST API
Section titled “REST API”The dashboard exposes a JSON API you can call from your own tooling:
| Method | Path | Description |
|---|---|---|
GET | /api/users | List users (?offset=0&limit=25) |
POST | /api/users | Create user ({"email": "…"}) |
GET | /api/users/:id | Get single user |
POST | /api/users/:id/ban | Ban user ({"reason": "…"}) |
DELETE | /api/users/:id/ban | Unban user |
GET | /api/users/:id/sessions | List sessions |
DELETE | /api/users/:id/sessions | Revoke all sessions |
All routes return JSON and require Authorization: Bearer <token>.
Admin token
Section titled “Admin token”Treat the admin token as a high-privilege credential:
- Generate with
openssl rand -hex 32 - Store in an environment variable or secret manager
- Rotate periodically
- Never commit to source control