summaryrefslogtreecommitdiffstats
path: root/crates/sellershut/src/server/middleware/sign_request.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/sellershut/src/server/middleware/sign_request.rs')
-rw-r--r--crates/sellershut/src/server/middleware/sign_request.rs16
1 files changed, 15 insertions, 1 deletions
diff --git a/crates/sellershut/src/server/middleware/sign_request.rs b/crates/sellershut/src/server/middleware/sign_request.rs
index 4eb3bd3..5c9663b 100644
--- a/crates/sellershut/src/server/middleware/sign_request.rs
+++ b/crates/sellershut/src/server/middleware/sign_request.rs
@@ -4,7 +4,7 @@ use activitypub_federation::{config::FederationConfig, traits::Object};
use axum::{
body::Body,
extract::Request,
- http::{HeaderValue, StatusCode},
+ http::{HeaderValue, StatusCode, header::AUTHORIZATION},
response::Response,
};
use futures_util::future::BoxFuture;
@@ -64,6 +64,13 @@ where
fn call(&mut self, request: Request) -> Self::Future {
let mut inner = self.inner.clone();
let uri = request.uri().clone();
+
+ let token = request
+ .headers()
+ .get(AUTHORIZATION)
+ .and_then(|value| value.to_str().ok().map(ToOwned::to_owned))
+ .unwrap_or_default();
+
let (parts, body) = request.into_parts();
let state = self.state.to_request_data();
let domain = self.state.domain().to_owned();
@@ -74,6 +81,13 @@ where
*response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
Ok(response)
};
+
+ if token.is_empty() {
+ let mut response = axum::response::Response::default();
+ *response.status_mut() = StatusCode::UNAUTHORIZED;
+ return Ok(response);
+ }
+
let bytes = match axum::body::to_bytes(body, usize::MAX).await {
Ok(b) => b,
Err(e) => {
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-14 16:55:18 +0000