use axum::{
extract::Request,
http::StatusCode,
middleware::Next,
response::{IntoResponse, Response},
};
use std::sync::Arc;
use crate::store::KeyStore;
pub async fn require_admin_key(
req: Request,
next: Next,
) -> Result<Response, Response> {
let store = req
.extensions()
.get::<Arc<KeyStore>>()
.cloned()
.ok_or_else(|| {
(StatusCode::INTERNAL_SERVER_ERROR, "store not found").into_response()
})?;
let key = req
.headers()
.get("X-Admin-Key")
.and_then(|v| v.to_str().ok())
.unwrap_or("");
if key.is_empty() {
return Err((StatusCode::UNAUTHORIZED, "missing X-Admin-Key header").into_response());
}
match store.validate_admin(key).await {
Ok(true) => Ok(next.run(req).await),
_ => Err((StatusCode::UNAUTHORIZED, "invalid admin key").into_response()),
}
}
pub async fn require_tunnel_key(
req: Request,
next: Next,
) -> Result<Response, Response> {
let store = req
.extensions()
.get::<Arc<KeyStore>>()
.cloned()
.ok_or_else(|| {
(StatusCode::INTERNAL_SERVER_ERROR, "store not found").into_response()
})?;
let key = req
.headers()
.get("X-Api-Key")
.and_then(|v| v.to_str().ok())
.unwrap_or("");
if key.is_empty() {
return Err((StatusCode::UNAUTHORIZED, "missing X-Api-Key header").into_response());
}
match store.validate_tunnel(key).await {
Ok(true) => Ok(next.run(req).await),
_ => Err((StatusCode::UNAUTHORIZED, "invalid API key").into_response()),
}
}