Skip to content

Commit

Permalink
allow authorization token in request URL for media requests
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucat1
lucat1 committed Dec 29, 2023
1 parent df7225e commit f87ebcf
Showing 1 changed file with 31 additions and 12 deletions.
43 changes: 31 additions & 12 deletions server/src/api/extract.rs
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
use super::jsonapi::Error;
use axum::{
async_trait,
body::{Bytes, HttpBody},
extract::{
rejection::TypedHeaderRejection, FromRequest, FromRequestParts, Json as AxumJson,
Path as AxumPath, TypedHeader as AxumTypedHeader,
Path as AxumPath, Query, TypedHeader as AxumTypedHeader,
},
headers::{
authorization::{Authorization, Bearer},
Expand All @@ -21,6 +20,7 @@ use jsonwebtoken::{
use serde::{de::DeserializeOwned, Deserialize, Serialize};
use thiserror::Error;

use super::jsonapi::Error as JsonAPIError;
use base::setting::{get_settings, SettingsError};

static HEADER_VALUE: &str = "application/vnd.api+json";
Expand All @@ -47,7 +47,7 @@ impl IntoResponse for JsonError {
JsonError::Io | JsonError::BodyRead(_) => StatusCode::INTERNAL_SERVER_ERROR,
JsonError::Mime | JsonError::Syntax(_) | JsonError::Data(_) => StatusCode::BAD_REQUEST,
};
let err = Error {
let err = JsonAPIError {
status,
title: "Could not parse JSON request body".to_string(),
detail: Some(self.into()),
Expand Down Expand Up @@ -140,7 +140,7 @@ pub enum TypedHeaderError {

impl IntoResponse for TypedHeaderError {
fn into_response(self) -> Response {
Error {
JsonAPIError {
status: StatusCode::BAD_REQUEST,
title: self.to_string(),
detail: match self {
Expand Down Expand Up @@ -173,12 +173,12 @@ where
T: DeserializeOwned + Send,
S: Send + Sync,
{
type Rejection = Error;
type Rejection = JsonAPIError;

async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
let AxumPath(t) = AxumPath::<T>::from_request_parts(parts, state)
.await
.map_err(|e| Error {
.map_err(|e| Self::Rejection {
status: StatusCode::NOT_FOUND,
title: "Invalid URL path".to_string(),
detail: Some(e.into()),
Expand Down Expand Up @@ -206,7 +206,7 @@ pub enum ClaimsError {
Settings(#[from] SettingsError),

#[error("Missing Authorization header")]
TypedHeader(#[from] TypedHeaderError),
Missing,

#[error("Invalid authentication token")]
Unauthorized(#[from] JwtError),
Expand All @@ -218,19 +218,26 @@ impl IntoResponse for ClaimsError {
ClaimsError::Settings(_) => StatusCode::INTERNAL_SERVER_ERROR,
_ => StatusCode::UNAUTHORIZED,
};
Error {
JsonAPIError {
status,
title: self.to_string(),
detail: match self {
ClaimsError::Settings(e) => Some(Box::new(e)),
ClaimsError::TypedHeader(e) => Some(Box::new(e)),
ClaimsError::Missing => {
Some("No Authorization header or query parameter found".into())
}
ClaimsError::Unauthorized(e) => Some(Box::new(e)),
},
}
.into_response()
}
}

#[derive(Debug, Serialize, Deserialize)]
struct ClaimsQuery {
pub authorization: String,
}

#[async_trait]
impl<S> FromRequestParts<S> for Claims
where
Expand All @@ -239,9 +246,21 @@ where
type Rejection = ClaimsError;

async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
let TypedHeader(header) =
TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state).await?;
check_token(header.token()).map(|td| td.claims)
match TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state)
.await
.ok()
{
Some(TypedHeader(header)) => check_token(header.token()).map(|td| td.claims),
None => match Query::<ClaimsQuery>::from_request_parts(parts, state)
.await
.ok()
{
Some(Query(ClaimsQuery { authorization })) => {
check_token(&authorization).map(|td| td.claims)
}
None => Err(Self::Rejection::Missing),
},
}
}
}

Expand Down

0 comments on commit f87ebcf

Please sign in to comment.