feat: switch to headers for auth

2025-05-04 19:05:51 +02:00 · 2025-05-04 19:05:51 +02:00 · cbf0131d14
commit cbf0131d14
parent 6c706d973e
6 changed files with 96 additions and 159 deletions
--- a/src/api/v1/users/uuid.rs
+++ b/src/api/v1/users/uuid.rs
@ -1,15 +1,9 @@
-use actix_web::{Error, HttpResponse, error, post, web};
-use futures::StreamExt;
+use actix_web::{Error, HttpRequest, HttpResponse, get, web};
 use log::error;
-use serde::{Deserialize, Serialize};
+use serde::Serialize;
 use uuid::Uuid;

-use crate::{Data, api::v1::auth::check_access_token};
-
-#[derive(Deserialize)]
-struct AuthenticationRequest {
-    access_token: String,
-}
+use crate::{Data, api::v1::auth::check_access_token, utils::get_auth_header};

 #[derive(Serialize)]
 struct Response {
@ -18,29 +12,23 @@ struct Response {
    display_name: String,
 }

-const MAX_SIZE: usize = 262_144;
-
-#[post("/{uuid}")]
+#[get("/{uuid}")]
 pub async fn res(
-    mut payload: web::Payload,
+    req: HttpRequest,
    path: web::Path<(Uuid,)>,
    data: web::Data<Data>,
 ) -> Result<HttpResponse, Error> {
-    let mut body = web::BytesMut::new();
-    while let Some(chunk) = payload.next().await {
-        let chunk = chunk?;
-        // limit max size of in-memory payload
-        if (body.len() + chunk.len()) > MAX_SIZE {
-            return Err(error::ErrorBadRequest("overflow"));
-        }
-        body.extend_from_slice(&chunk);
-    }
+    let headers = req.headers();

    let uuid = path.into_inner().0;

-    let authentication_request = serde_json::from_slice::<AuthenticationRequest>(&body)?;
+    let auth_header = get_auth_header(headers);

-    let authorized = check_access_token(authentication_request.access_token, &data.pool).await;
+    if let Err(error) = auth_header {
+        return Ok(error);
+    }
+
+    let authorized = check_access_token(auth_header.unwrap(), &data.pool).await;

    if let Err(error) = authorized {
        return Ok(error);