Skip to content

Commit ffdf79e

Browse files
author
Kyle Clemens
committed
fix: examine all Authorization headers
1 parent d0357ea commit ffdf79e

File tree

1 file changed

+24
-6
lines changed

1 file changed

+24
-6
lines changed

webserver/src/routes/mod.rs

Lines changed: 24 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -100,11 +100,17 @@ impl<'a, 'r> FromRequest<'a, 'r> for DeletionAuth {
100100
type Error = ApiKeyError;
101101

102102
fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
103-
let auth = match request.headers().get_one("Authorization") {
103+
let header = request
104+
.headers()
105+
.iter()
106+
.filter(|h| h.name == "Authorization")
107+
.map(|h| h.value.to_lowercase())
108+
.find(|h| h.starts_with("key "));
109+
let auth = match header {
104110
Some(a) => a,
105111
None => return Outcome::Failure((HttpStatus::BadRequest, ApiKeyError::NotPresent)),
106112
};
107-
if !auth.to_lowercase().starts_with("key ") {
113+
if !auth.starts_with("key ") {
108114
return Outcome::Failure((HttpStatus::BadRequest, ApiKeyError::BadHeader));
109115
}
110116
let uuid = match Uuid::from_str(&auth[4..]) {
@@ -148,11 +154,17 @@ impl<'a, 'r> FromRequest<'a, 'r> for RequiredUser {
148154
type Error = ApiKeyError;
149155

150156
fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
151-
let auth = match request.headers().get_one("Authorization") {
157+
let header = request
158+
.headers()
159+
.iter()
160+
.filter(|h| h.name == "Authorization")
161+
.map(|h| h.value.to_lowercase())
162+
.find(|h| h.starts_with("key "));
163+
let auth = match header {
152164
Some(a) => a,
153165
None => return Outcome::Failure((HttpStatus::BadRequest, ApiKeyError::NotPresent)),
154166
};
155-
if !auth.to_lowercase().starts_with("key ") {
167+
if !auth.starts_with("key ") {
156168
return Outcome::Failure((HttpStatus::BadRequest, ApiKeyError::BadHeader));
157169
}
158170
let uuid = match Uuid::from_str(&auth[4..]) {
@@ -194,11 +206,17 @@ impl<'a, 'r> FromRequest<'a, 'r> for OptionalUser {
194206
type Error = ApiKeyError;
195207

196208
fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
197-
let auth = match request.headers().get_one("Authorization") {
209+
let header = request
210+
.headers()
211+
.iter()
212+
.filter(|h| h.name == "Authorization")
213+
.map(|h| h.value.to_lowercase())
214+
.find(|h| h.starts_with("key "));
215+
let auth = match header {
198216
Some(a) => a,
199217
None => return Outcome::Success(OptionalUser(None)),
200218
};
201-
if !auth.to_lowercase().starts_with("key ") {
219+
if !auth.starts_with("key ") {
202220
return Outcome::Failure((HttpStatus::BadRequest, ApiKeyError::BadHeader));
203221
}
204222
let uuid = match Uuid::from_str(&auth[4..]) {

0 commit comments

Comments
 (0)