From ef604ccb6e86b77517a78547bb50cdf9b82e03f0 Mon Sep 17 00:00:00 2001 From: niliara-edu Date: Sat, 25 Jan 2025 13:30:27 +0100 Subject: add required authentication --- src/api/album.rs | 9 ++++++++- src/api/artist.rs | 9 ++++++++- src/api/song.rs | 14 ++++++++++++-- src/extractors/auth_token.rs | 8 ++++++-- 4 files changed, 34 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/api/album.rs b/src/api/album.rs index 3f91cd0..b395010 100644 --- a/src/api/album.rs +++ b/src/api/album.rs @@ -1,5 +1,6 @@ use crate::api::{get_response_from_query, Response}; use crate::database::{Album, AlbumPost, AlbumPut, Delete}; +use crate::extractors::auth_token::AuthenticationToken; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; @@ -55,6 +56,7 @@ pub async fn get_album( pub async fn post_album( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( app_state @@ -69,9 +71,13 @@ pub async fn post_album( pub async fn put_album( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( - app_state.database.edit_album(request_data.into_inner()).await, + app_state + .database + .edit_album(request_data.into_inner()) + .await, "PUT".to_string(), ) } @@ -80,6 +86,7 @@ pub async fn put_album( pub async fn delete_album( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { /* Check if ID is valid (return -1 if invalid) */ let id: i32 = request_data diff --git a/src/api/artist.rs b/src/api/artist.rs index 155f982..6cc0f35 100644 --- a/src/api/artist.rs +++ b/src/api/artist.rs @@ -1,5 +1,6 @@ use crate::api::{get_response_from_query, Response}; use crate::database::{Artist, ArtistPost, ArtistPut, Delete}; +use crate::extractors::auth_token::AuthenticationToken; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; @@ -50,6 +51,7 @@ pub async fn get_artist( pub async fn post_artist( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( app_state @@ -64,9 +66,13 @@ pub async fn post_artist( pub async fn put_artist( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( - app_state.database.edit_artist(request_data.into_inner()).await, + app_state + .database + .edit_artist(request_data.into_inner()) + .await, "PUT".to_string(), ) } @@ -75,6 +81,7 @@ pub async fn put_artist( pub async fn delete_artist( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { /* Check if ID is valid (return -1 if invalid) */ let id: i32 = request_data diff --git a/src/api/song.rs b/src/api/song.rs index 698f27a..3748210 100644 --- a/src/api/song.rs +++ b/src/api/song.rs @@ -1,5 +1,6 @@ use crate::api::{get_response_from_query, Response}; use crate::database::{Delete, Song, SongPost, SongPut}; +use crate::extractors::auth_token::AuthenticationToken; use crate::AppState; use actix_web::{delete, get, post, put, web, HttpResponse}; use serde::Deserialize; @@ -60,9 +61,13 @@ pub async fn get_song( pub async fn post_song( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( - app_state.database.create_song(request_data.into_inner()).await, + app_state + .database + .create_song(request_data.into_inner()) + .await, "POST".to_string(), ) } @@ -71,9 +76,13 @@ pub async fn post_song( pub async fn put_song( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { get_response_from_query( - app_state.database.edit_song(request_data.into_inner()).await, + app_state + .database + .edit_song(request_data.into_inner()) + .await, "PUT".to_owned(), ) } @@ -82,6 +91,7 @@ pub async fn put_song( pub async fn delete_song( app_state: web::Data, request_data: web::Json, + _auth_token: AuthenticationToken, ) -> HttpResponse { /* Check if ID is valid (return -1 if invalid) */ let id: i32 = request_data diff --git a/src/extractors/auth_token.rs b/src/extractors/auth_token.rs index c505fdf..6ad2a45 100644 --- a/src/extractors/auth_token.rs +++ b/src/extractors/auth_token.rs @@ -16,8 +16,12 @@ impl FromRequest for AuthenticationToken { fn from_request(req: &HttpRequest, _: &mut Payload) -> Self::Future { // get auth token from the authorization header - let auth_header: Option<&HeaderValue> = req.headers().get(http::header::AUTHORIZATION); - let auth_token: String = auth_header.unwrap().to_str().unwrap_or("").to_string(); // check errors later + let auth_header: &HeaderValue = match req.headers().get(http::header::AUTHORIZATION) { + Some(res) => res, + None => { return ready(Err(ErrorUnauthorized("No authorization token given")))}, + }; + + let auth_token: String = auth_header.to_str().unwrap_or("").to_string(); // check errors later // stop empty and weird (ascii, chinese...) auth_token strings: if auth_token.is_empty() { return ready(Err(ErrorUnauthorized("Invalid auth token!")))} let secret: String = req.app_data::>().unwrap().secret.to_string(); -- cgit v1.2.3