Skip to content

Commit 55510ed

Browse files
masloffvsmasloffvs
committed
add token challange
1 parent 70b0c73 commit 55510ed

File tree

1 file changed

+28
-1
lines changed

1 file changed

+28
-1
lines changed

src/main.rs

+28-1
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,10 @@ async fn create_application(req: HttpRequest, req_data: web::Json<CreateApplicat
236236
let application_id = Uuid::new_v4();
237237

238238
if token.is_none() {
239-
return HttpResponse::Unauthorized().body("");
239+
return HttpResponse::Unauthorized().json(json!({
240+
"error": "Unauthorized",
241+
"message": "Invalid token."
242+
}))
240243
}
241244

242245
if !req_data.permissions.iter().all(|x| PERMISSION.contains_key(x)) {
@@ -358,6 +361,14 @@ async fn write_data(req: HttpRequest, req_data: web::Json<HashMap<String, Value>
358361
#[get("/data/{id}")]
359362
async fn read_data(req: HttpRequest, document_id: web::Path<String>) -> impl Responder {
360363
let token = auth::get_jwt_application_token(req);
364+
365+
if token.is_none() {
366+
return HttpResponse::Unauthorized().json(json!({
367+
"error": "Unauthorized",
368+
"message": "Invalid token. Please use JWT token for application, not your admin token"
369+
}));
370+
}
371+
361372
let database = DATABASE_CLIENT
362373
.lock()
363374
.unwrap();
@@ -434,6 +445,14 @@ async fn read_data(req: HttpRequest, document_id: web::Path<String>) -> impl Res
434445
#[delete("/data/{id}")]
435446
async fn delete_data(req: HttpRequest, document_id: web::Path<String>) -> impl Responder {
436447
let token = auth::get_jwt_application_token(req);
448+
449+
if token.is_none() {
450+
return HttpResponse::Unauthorized().json(json!({
451+
"error": "Unauthorized",
452+
"message": "Invalid token. Please use JWT token for application, not your admin token"
453+
}));
454+
}
455+
437456
let document_id = document_id.to_string();
438457

439458
if Uuid::try_parse(&document_id).is_err() {
@@ -513,6 +532,14 @@ async fn delete_data(req: HttpRequest, document_id: web::Path<String>) -> impl R
513532
#[put("/data/{id}")]
514533
async fn update_data(req: HttpRequest, document_id: web::Path<String>, req_data: web::Json<Document>) -> impl Responder {
515534
let token = auth::get_jwt_application_token(req);
535+
536+
if token.is_none() {
537+
return HttpResponse::Unauthorized().json(json!({
538+
"error": "Unauthorized",
539+
"message": "Invalid token. Please use JWT token for application, not your admin token"
540+
}));
541+
}
542+
516543
let document_id = document_id.to_string();
517544

518545
if Uuid::try_parse(&document_id).is_err() {

0 commit comments

Comments
 (0)