Check for an auth marker when extracting commands

Lantern-chat · Sep 23, 2024 · 0ad2de4 · 0ad2de4
1 parent ceabdbf
commit 0ad2de4
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/src/api/command.rs b/src/api/command.rs
@@ -577,7 +577,7 @@ macro_rules! command {
             {
                 type Rejection = Response;
 
-                #[allow(unused_variables)]
+                #[allow(unused_variables, clippy::manual_async_fn)]
                 fn from_request(req: Request, state: &S) -> impl std::future::Future<Output = Result<Self, Self::Rejection>> + Send {
                     async move {
                         let (mut parts, body) = req.into_parts();
@@ -586,6 +586,14 @@ macro_rules! command {
                             return Err(http::StatusCode::METHOD_NOT_ALLOWED.into_response());
                         }
 
+                        $(
+                            _ = stringify!($auth_struct);
+
+                            if parts.extensions.get::<crate::api::AuthMarker>().is_none() {
+                                return Err(http::StatusCode::UNAUTHORIZED.into_response());
+                            }
+                        )?
+
                         let Path(($($field_name,)*)) = Path::<($(segments::[<$field_name:camel>],)*)>::from_request_parts(&mut parts, state)
                             .await.map_err(IntoResponse::into_response)?;
 

diff --git a/src/api/mod.rs b/src/api/mod.rs
@@ -12,3 +12,12 @@ pub mod commands;
 
 #[cfg(feature = "gateway")]
 pub mod gateway;
+
+/// Marker type for the presence of a valid authentication token
+/// in the request headers.
+///
+/// This is checked when extracting commands from requests,
+/// and must be inserted by the server when processing the request.
+#[cfg(feature = "ftl")]
+#[derive(Debug, Default, Clone, Copy, PartialEq, Eq, Hash)]
+pub struct AuthMarker;