andras/reconcile
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Always normalise vaultId and trim token

Browse source
This commit is contained in:
Andras Schmelczer 2025-04-07 22:29:23 +01:00
parent 04a24d0b38
commit 74a8060246
No known key found for this signature in database
GPG key ID: FC8F2C3D3D1A718C
11 changed files with 44 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

13
backend/sync_server/src/server/auth.rs
View file

@ -15,6 +15,7 @@ use crate::{
app_state::{AppState, database::models::VaultId},
config::user_config::{AllowListedVaults, User, VaultAccess},
errors::{SyncServerError, permission_denied_error, unauthenticated_error},
utils::normalize::normalize_string,
};
pub async fn auth_middleware(
@ -24,12 +25,14 @@ pub async fn auth_middleware(
mut req: Request,
next: Next,
) -> Result<Response, SyncServerError> {
let token = auth_header.token();
let vault_id = path_params
.get("vault_id")
.ok_or_else(|| unauthenticated_error(anyhow::anyhow!("Missing vault_id")))?;
let token = auth_header.token().trim();
let vault_id = normalize_string(
path_params
.get("vault_id")
.ok_or_else(|| unauthenticated_error(anyhow::anyhow!("Missing vault_id")))?,
);
let user = auth(&state, token, vault_id)?;
let user = auth(&state, token, &vault_id)?;
req.extensions_mut().insert(user);