From e5c220b82c818c1dc77e20fcecf78019090bba34 Mon Sep 17 00:00:00 2001 From: mpostma Date: Tue, 12 Jan 2021 18:08:16 +0100 Subject: [PATCH] fix authentication cors bug --- .../src/helpers/authentication.rs | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/meilisearch-http/src/helpers/authentication.rs b/meilisearch-http/src/helpers/authentication.rs index 974c622f0..1c67df70a 100644 --- a/meilisearch-http/src/helpers/authentication.rs +++ b/meilisearch-http/src/helpers/authentication.rs @@ -6,6 +6,8 @@ use std::task::{Context, Poll}; use actix_service::{Service, Transform}; use actix_web::{dev::ServiceRequest, dev::ServiceResponse, web}; use futures::future::{err, ok, Future, Ready}; +use actix_web::error::ResponseError as _; +use actix_web::dev::Body; use crate::error::{Error, ResponseError}; use crate::Data; @@ -17,14 +19,13 @@ pub enum Authentication { Admin, } -impl Transform for Authentication +impl Transform for Authentication where - S: Service, Error = actix_web::Error>, + S: Service, Error = actix_web::Error>, S::Future: 'static, - B: 'static, { type Request = ServiceRequest; - type Response = ServiceResponse; + type Response = ServiceResponse; type Error = actix_web::Error; type InitError = (); type Transform = LoggingMiddleware; @@ -44,14 +45,13 @@ pub struct LoggingMiddleware { } #[allow(clippy::type_complexity)] -impl Service for LoggingMiddleware +impl Service for LoggingMiddleware where - S: Service, Error = actix_web::Error> + 'static, + S: Service, Error = actix_web::Error> + 'static, S::Future: 'static, - B: 'static, { type Request = ServiceRequest; - type Response = ServiceResponse; + type Response = ServiceResponse; type Error = actix_web::Error; type Future = Pin>>>; @@ -72,7 +72,11 @@ where let auth_header = match req.headers().get("X-Meili-API-Key") { Some(auth) => match auth.to_str() { Ok(auth) => auth, - Err(_) => return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())), + Err(_) => { + let error = ResponseError::from(Error::MissingAuthorizationHeader).error_response(); + let (request, _) = req.into_parts(); + return Box::pin(ok(ServiceResponse::new(request, error))) + } }, None => { return Box::pin(err(ResponseError::from(Error::MissingAuthorizationHeader).into())); @@ -95,9 +99,9 @@ where if authenticated { Box::pin(svc.call(req)) } else { - Box::pin(err( - ResponseError::from(Error::InvalidToken(auth_header.to_string())).into() - )) + let error = ResponseError::from(Error::InvalidToken(auth_header.to_string())).error_response(); + let (request, _) = req.into_parts(); + return Box::pin(ok(ServiceResponse::new(request, error))) } } }