fix: panic when missing token

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+## 0.3.1 - (2023-1-14)
+
+### Fixed
+
+- fix: panicking when a bearer token is missing in protected request (be6bf9fb)
+
 ## 0.3.0 - (2023-1-13)
 
 ### Added 

jwt-authorizer/src/layer.rs

@@ -129,8 +129,9 @@ where
     fn authorize(&self, mut request: Request<B>) -> Self::Future {
         let authorizer = self.auth.clone();
         let h = request.headers();
-        let bearer: Authorization<Bearer> = h.typed_get().unwrap();
+        let bearer_o: Option<Authorization<Bearer>> = h.typed_get();
         Box::pin(async move {
+            if let Some(bearer) = bearer_o {
                 if let Ok(token_data) = authorizer.check_auth(bearer.token()).await {
                     // Set `token_data` as a request extension so it can be accessed by other
                     // services down the stack.
@@ -140,7 +141,15 @@ where
                 } else {
                     let unauthorized_response = Response::builder()
                         .status(StatusCode::UNAUTHORIZED)
-                    .body(Body::empty())
+                        .body(Body::empty()) // TODO: add error code (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
+                        .unwrap();
+    
+                    Err(unauthorized_response)
+                }
+            } else {
+                let unauthorized_response = Response::builder()
+                .status(StatusCode::UNAUTHORIZED)
+                .body(Body::empty()) // TODO: add error message (https://datatracker.ietf.org/doc/html/rfc6750#section-3.1)
                 .unwrap();
 
                 Err(unauthorized_response)