Extract the setup, user-management, and danger-zone handlers from
crates/garraia-gateway/src/admin/handlers.rs into a new focused module
crates/garraia-gateway/src/admin/users.rs.
Zero behavior change. Routes, types, and pub symbols remain identical to callers.
admin/
handlers.rs — re-exports users symbols via `pub use super::users::*`
users.rs — NEW: SetupRequest, setup, setup_status,
CreateUserRequest, create_user, list_users,
UpdateUserRoleRequest, update_user_role, delete_user,
DangerZoneRequest, danger_zone
observability.rs — already extracted (Q9.e / GAR-473)
mcp_templates.rs — already extracted (Q9.d / GAR-472)
mcp.rs — already extracted (Q9.c / GAR-471)
providers.rs — already extracted (Q9.b / GAR-470)
shared.rs — already extracted (Q9.a / GAR-439)
mod.rs — adds `pub mod users;`
- Rust stable (1.92 MSRV), Axum 0.8,
serde_json,axum::extract::State/Path/Json/Extension - No new dependencies
- All public function signatures are identical to pre-extraction.
routes.rsreferenceshandlers::setup,handlers::setup_status,handlers::create_user,handlers::list_users,handlers::update_user_role,handlers::delete_user,handlers::danger_zone— satisfied by re-exports inhandlers.rs.- Private helpers (none in this section) stay private.
Roleimport remains inhandlers.rs(used by secrets/config/audit sections).
In: lines 174–543 of handlers.rs (setup + user management + danger zone):
SetupRequeststruct +setup+setup_statuspub async fnsCreateUserRequeststruct +create_userpub async fnlist_userspub async fnUpdateUserRoleRequeststruct +update_user_rolepub async fndelete_userpub async fnDangerZoneRequeststruct +danger_zonepub async fn
Out of scope: Auth endpoints (login, logout, me), audit log, secrets, config,
phases 4+5 ops, glob config.
-
admin/mod.rsalready haspub mod observability;as pattern to follow. -
routes.rsreferences all 7 public functions viahandlers::*— re-exports preserve these. -
handlers.rsis 2102 LOC post-Q9.e; this slice brings it to ~1738 LOC (~364 LOC removed). - No struct types referenced outside
handlers.rs(confirmed via grep).
Revert the single commit that creates users.rs and modifies handlers.rs + mod.rs.
None — pattern established by Q9.a through Q9.e.
crates/garraia-gateway/src/admin/
users.rs ← NEW (382 LOC)
handlers.rs ← MODIFIED (-370 lines + 8-line re-export block)
mod.rs ← MODIFIED (add 1 line)
- T1: Create
admin/users.rswith the extracted code and proper module header - T2: Remove lines 174–543 from
handlers.rsand addpub usere-exports - T3: Add
pub mod users;toadmin/mod.rs - T4:
cargo check -p garraia-gatewaygreen - T5:
cargo clippy --workspace --tests --exclude garraia-desktop --features garraia-gateway/test-helpers --no-deps -- -D warningsclean - T6: Commit
refactor(admin): Q9.g — extract admin/users.rs (GAR-474) - T7: Push + open PR + wait for CI green
- T8: Merge + update ROADMAP + plans/README
| Risk | Mitigation |
|---|---|
| Re-export path break | Follow exact pattern of prior Q9 slices |
Role import shadowing |
handlers.rs still imports Role for other sections — no conflict |
build_session_cookie in users.rs |
Import only what's needed from middleware |
cargo check -p garraia-gatewaypasses.cargo clippy ... -D warningspasses.- All CI checks green.
handlers.rsis ≤ 1750 LOC post-merge.admin/users.rsis the canonical home for setup/users/danger-zone handlers.
- Parent: GAR-474, Epic: GAR-430, GAR-439 (Q9 umbrella)
- Prior slices: plan 0131 (Q9.e/GAR-473), plan 0130 (Q9.d/GAR-472), plan 0129 (Q9.c/GAR-471)
- Next: GAR-475 (Q9.f: admin/secrets.rs — HIGH risk, security-audit required)
- Implementação: ~30 min
- CI: ~15 min
- Total: ~45 min