Skip to main content

bearer_auth

Function bearer_auth 

Source
pub async fn bearer_auth(req: Request, next: Next) -> Response
Expand description

Bearer-token authentication middleware.

If the allowlist is empty the request passes through (dev mode — already warned at startup) and a synthetic AuthContext::dev is inserted into the request extensions. Otherwise the Authorization: Bearer <token> header must match one of the allowlisted tokens; missing or mismatched headers produce 401 Unauthorized with the standard error envelope and kind: "unauthorized". On success an AuthContext keyed by the stable crate::rate_limit::TokenId derived from the bearer token is inserted into the request extensions for downstream middleware (rate limiting, audit) to consume.