sigp / eleel

Eleel allows quite large amounts of data to be uploaded. We should check that the JWT token is verified before deserializing this data as JSON. Presently we're just using Axum's handler to get access to both the header and the JSON body, meaning we check the token after deserialization:

eleel/src/main.rs

Lines 100 to 104 in 10e4ff2

    
           async fn handle_client_json_rpc( 
        
               State(state): State<Arc<AppState>>, 
        
               TypedHeader(jwt_token_str): TypedHeader<Authorization<Bearer>>, 
        
               maybe_requests: Result<Json<Requests>, JsonRejection>, 
        
           ) -> Json<Responses> {

	async fn handle_client_json_rpc(
	State(state): State<Arc<AppState>>,
	TypedHeader(jwt_token_str): TypedHeader<Authorization<Bearer>>,
	maybe_requests: Result<Json<Requests>, JsonRejection>,
	) -> Json<Responses> {

Check JWT before deserializing request