fix: allow auth token to access general token API

lazycatlabs · Sep 28, 2024 · 96613f2 · 96613f2
1 parent 738bc4d
commit 96613f2
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/src/core/middlewares/auth.rs b/src/core/middlewares/auth.rs
@@ -64,7 +64,7 @@ impl FromRequest for AuthMiddleware {
 
             let token = token_extractor(auth_str);
             let token_data =
-                decode_token(&token.to_string()).map_err(|_| APIError::Unauthorized)?;
+                decode_token_auth(&token.to_string()).map_err(|_| APIError::Unauthorized)?;
 
             let user_id = di.auth_repository.verify_token(&token_data).map_err(|_| {
                 APIError::UnauthorizedMessage {
@@ -86,7 +86,7 @@ impl FromRequest for AuthMiddleware {
     }
 }
 
-pub fn decode_token(jwt: &str) -> AppResult<TokenData<AuthToken>> {
+pub fn decode_token_auth(jwt: &str) -> AppResult<TokenData<AuthToken>> {
     let bytes_public_key = general_purpose::STANDARD
         .decode(dotenv!("ACCESS_TOKEN_PUBLIC_KEY"))
         .unwrap();

diff --git a/src/core/middlewares/general.rs b/src/core/middlewares/general.rs
@@ -9,7 +9,7 @@ use dotenv_codegen::dotenv;
 use jsonwebtoken::{Algorithm, DecodingKey, TokenData, Validation};
 
 use crate::{
-    core::{constants::AUTHORIZATION, error::APIError, types::AppResult},
+    core::{constants::AUTHORIZATION, error::APIError, middlewares::auth::decode_token_auth, types::AppResult},
     features::auth::data::models::general_token::GeneralToken,
     utils::token_helper::{is_auth_header_valid, token_extractor},
 };
@@ -46,8 +46,21 @@ impl FromRequest for GeneralMiddleware {
                 })?;
 
             let token = token_extractor(auth_str);
-            let token_data = decode_token(&token).map_err(|_| APIError::Unauthorized)?;
-            Ok(GeneralMiddleware { data: token_data })
+            // check general token first
+            let _ = decode_token(&token).map_err(|_|
+                decode_token_auth(&token).map_err(|_| APIError::Unauthorized));
+
+            let mock_data = TokenData {
+                header: Default::default(),
+                claims: GeneralToken {
+                    // Add fields of GeneralToken here
+                    aud: "".to_string(),
+                    exp: 0,
+                    iat: 0,
+                },
+
+            };
+            Ok(GeneralMiddleware { data: mock_data })
         })
     }
 }