use axum::{
extract::Request,
http::StatusCode,
middleware::Next,
response::Response,
};
use crate::server::error::APP_TOKEN;
const PUBLIC_PATHS: &[&str] = &["/", "/v1/health"];
pub async fn guard(req: Request, next: Next) -> Result<Response, StatusCode> {
let expected_token = APP_TOKEN.get().map(|s| s.as_str());
let Some(expected_token) = expected_token else {
return Ok(next.run(req).await);
};
let path = req.uri().path().to_string();
if PUBLIC_PATHS.contains(&path.as_str()) {
return Ok(next.run(req).await);
}
let auth_header = req
.headers()
.get("Authorization")
.and_then(|v| v.to_str().ok())
.unwrap_or("");
let expected = format!("Bearer {}", expected_token);
if auth_header == expected {
return Ok(next.run(req).await);
}
Err(StatusCode::UNAUTHORIZED)
}