feat: switch to headers for auth
This commit is contained in:
parent
6c706d973e
commit
cbf0131d14
6 changed files with 96 additions and 159 deletions
|
|
@ -1,18 +1,16 @@
|
|||
use actix_web::{error, post, web, Error, HttpResponse, Scope};
|
||||
use futures::StreamExt;
|
||||
use crate::{Data, api::v1::auth::check_access_token, utils::get_auth_header};
|
||||
use actix_web::{get, web, Error, HttpRequest, HttpResponse, Scope};
|
||||
use log::error;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sqlx::prelude::FromRow;
|
||||
use crate::{Data, api::v1::auth::check_access_token};
|
||||
|
||||
mod me;
|
||||
mod uuid;
|
||||
|
||||
#[derive(Deserialize)]
|
||||
struct Request {
|
||||
access_token: String,
|
||||
start: i32,
|
||||
amount: i32,
|
||||
struct RequestQuery {
|
||||
start: Option<i32>,
|
||||
amount: Option<i32>,
|
||||
}
|
||||
|
||||
#[derive(Serialize, FromRow)]
|
||||
|
|
@ -23,8 +21,6 @@ struct Response {
|
|||
email: String,
|
||||
}
|
||||
|
||||
const MAX_SIZE: usize = 262_144;
|
||||
|
||||
pub fn web() -> Scope {
|
||||
web::scope("/users")
|
||||
.service(res)
|
||||
|
|
@ -32,36 +28,33 @@ pub fn web() -> Scope {
|
|||
.service(uuid::res)
|
||||
}
|
||||
|
||||
#[post("")]
|
||||
#[get("")]
|
||||
pub async fn res(
|
||||
mut payload: web::Payload,
|
||||
req: HttpRequest,
|
||||
request_query: web::Query<RequestQuery>,
|
||||
data: web::Data<Data>,
|
||||
) -> Result<HttpResponse, Error> {
|
||||
let mut body = web::BytesMut::new();
|
||||
while let Some(chunk) = payload.next().await {
|
||||
let chunk = chunk?;
|
||||
// limit max size of in-memory payload
|
||||
if (body.len() + chunk.len()) > MAX_SIZE {
|
||||
return Err(error::ErrorBadRequest("overflow"));
|
||||
}
|
||||
body.extend_from_slice(&chunk);
|
||||
let headers = req.headers();
|
||||
|
||||
let auth_header = get_auth_header(headers);
|
||||
|
||||
let start = request_query.start.unwrap_or(0);
|
||||
|
||||
let amount = request_query.amount.unwrap_or(10);
|
||||
|
||||
if amount > 100 {
|
||||
return Ok(HttpResponse::BadRequest().finish());
|
||||
}
|
||||
|
||||
let request = serde_json::from_slice::<Request>(&body)?;
|
||||
|
||||
if request.amount > 100 {
|
||||
return Ok(HttpResponse::BadRequest().finish())
|
||||
}
|
||||
|
||||
let authorized = check_access_token(request.access_token, &data.pool).await;
|
||||
let authorized = check_access_token(auth_header.unwrap(), &data.pool).await;
|
||||
|
||||
if let Err(error) = authorized {
|
||||
return Ok(error);
|
||||
}
|
||||
|
||||
let row = sqlx::query_as("SELECT CAST(uuid AS VARCHAR), username, display_name, email FROM users ORDER BY username LIMIT $1 OFFSET $2")
|
||||
.bind(request.amount)
|
||||
.bind(request.start)
|
||||
.bind(amount)
|
||||
.bind(start)
|
||||
.fetch_all(&data.pool)
|
||||
.await;
|
||||
|
||||
|
|
@ -74,4 +67,3 @@ pub async fn res(
|
|||
|
||||
Ok(HttpResponse::Ok().json(accounts))
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue