feat: added WIP apikey request guard

[ErikBjare]

No description provided.

[codecov]

Codecov Report

Merging #185 (da279fa) into master (65e28bf) will increase coverage by 0.18%.
The diff coverage is 60.00%.

@@            Coverage Diff             @@
##           master     #185      +/-   ##
==========================================
+ Coverage   59.67%   59.86%   +0.18%     
==========================================
  Files          42       42              
  Lines        4308     4313       +5     
==========================================
+ Hits         2571     2582      +11     
+ Misses       1737     1731       -6     

Impacted Files	Coverage Δ
aw-server/src/endpoints/cors.rs	100.00% <ø> (ø)
aw-server/src/endpoints/mod.rs	100.00% <ø> (+3.33%)	⬆️
aw-server/src/config.rs	45.20% <60.00%> (+1.08%)	⬆️
aw-query/src/parser.rs	38.90% <0.00%> (+0.15%)	⬆️
aw-datastore/src/datastore.rs	74.15% <0.00%> (+0.30%)	⬆️
aw-datastore/src/worker.rs	75.95% <0.00%> (+0.69%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 65e28bf...da279fa. Read the comment docs.

[johan-bjareholt]

What is this supposed to solve?
Won't the API key be exposed since we are not using HTTPS?

[johan-bjareholt]

That's a very convoluted way of expressing it.
Better to just have a single case for one and have the of statement inside a block.

[ErikBjare]

Sure, just picked it straight from the example.

[ErikBjare]

@johan-bjareholt I've explained the reasoning for why it's needed in the docstring for auth.rs

But yes, the key will be exposed if not used with HTTPS. However, for Android apps it's still an improvement (since I assume they can't snoop on local packets however they like).

[johan-bjareholt]

However, for Android apps it's still an improvement (since I assume they can't snoop on local packets however they like).

Aha, that makes sense.