Check for auth header before accepting an API request

2024-10-18 14:38:26 -05:00 · 2024-10-18 14:38:26 -05:00 · 465cfda1b4
commit 465cfda1b4
parent f2d99b427b
1 changed files with 7 additions and 0 deletions
--- a/src/router.rs
+++ b/src/router.rs
@ -62,6 +62,13 @@ async fn api_req(req: HttpRequest, body: String) -> HttpResponse {
    } else if !req.path().starts_with("/api") && !req.path().starts_with("/v1.0") {
        return webui::main(req);
    }
+    if headers.get("a6573cbe").is_none() {
+        if args.hidden {
+            return not_found(&headers);
+        } else {
+            return webui::main(req);
+        }
+    }
    let blank_header = HeaderValue::from_static("");
    let uid = req.headers().get("aoharu-user-id").unwrap_or(&blank_header).to_str().unwrap_or("").parse::<i64>().unwrap_or(0);
    let resp: Option<JsonValue> = if req.method() == "POST" {