aonyx-api 0.9.0

Aonyx Agent — REST + WebSocket automation API over the agent core (Vague 4)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

//! Bearer-token authentication middleware.

use axum::extract::{Request, State};
use axum::middleware::Next;
use axum::response::Response;

use crate::error::ApiError;
use crate::state::ApiState;

/// Axum middleware enforcing the configured bearer token. Applied to the
/// protected route group only, so `/v1/health` stays open. When no token is
/// configured ([`AuthConfig::check`](crate::AuthConfig::check) returns
/// `true`), requests pass through — intended for loopback-only deployments.
pub async fn require_auth(
    State(state): State<ApiState>,
    req: Request,
    next: Next,
) -> Result<Response, ApiError> {
    let header = req
        .headers()
        .get(axum::http::header::AUTHORIZATION)
        .and_then(|v| v.to_str().ok());
    if state.auth.check(header) {
        Ok(next.run(req).await)
    } else {
        Err(ApiError::Unauthorized(
            "missing or invalid bearer token".into(),
        ))
    }
}