technofab/jwt-authorizer
1
0
Fork 0
mirror of https://github.com/TECHNOFAB11/jwt-authorizer.git synced 2025-12-11 23:50:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: panic when missing token

Browse source
This commit is contained in:
cduvray 2023-01-14 09:08:44 +01:00
parent 7009f645e6
commit 89006df2af
2 changed files with 25 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
CHANGELOG.md
View file

@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Unreleased ## Unreleased
## 0.3.1 - (2023-1-14)
### Fixed
- fix: panicking when a bearer token is missing in protected request (be6bf9fb)
## 0.3.0 - (2023-1-13) ## 0.3.0 - (2023-1-13)
### Added ### Added

29
jwt-authorizer/src/layer.rs
View file

@ -129,19 +129,28 @@ where
fn authorize(&self, mut request: Request<B>) -> Self::Future { fn authorize(&self, mut request: Request<B>) -> Self::Future {
let authorizer = self.auth.clone(); let authorizer = self.auth.clone();
let h = request.headers(); let h = request.headers();
let bearer: Authorization<Bearer> = h.typed_get().unwrap(); let bearer_o: Option<Authorization<Bearer>> = h.typed_get();
Box::pin(async move { Box::pin(async move {
if let Ok(token_data) = authorizer.check_auth(bearer.token()).await { if let Some(bearer) = bearer_o {
// Set `token_data` as a request extension so it can be accessed by other if let Ok(token_data) = authorizer.check_auth(bearer.token()).await {
// services down the stack. // Set `token_data` as a request extension so it can be accessed by other
request.extensions_mut().insert(token_data); // services down the stack.
request.extensions_mut().insert(token_data);
Ok(request)
Ok(request)
} else {
let unauthorized_response = Response::builder()
.status(StatusCode::UNAUTHORIZED)
.body(Body::empty()) // TODO: add error code (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
.unwrap();
Err(unauthorized_response)
}
} else { } else {
let unauthorized_response = Response::builder() let unauthorized_response = Response::builder()
.status(StatusCode::UNAUTHORIZED) .status(StatusCode::UNAUTHORIZED)
.body(Body::empty()) .body(Body::empty()) // TODO: add error message (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
.unwrap(); .unwrap();
Err(unauthorized_response) Err(unauthorized_response)
} }