Skip to content

Commit 757f060

Browse files
NathanFlurryNathanFlurry
committed
chore(api-public): fix auth when no token configured
1 parent 223b35c commit 757f060

File tree

2 files changed

+36
-26
lines changed

2 files changed

+36
-26
lines changed

packages/core/api-public/src/ctx.rs

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,13 @@ impl ApiCtx {
3131

3232
self.authentication_handled.store(true, Ordering::Relaxed);
3333

34-
if self.token.as_ref() == Some(&auth.admin_token) {
34+
// If no token provided, allow access.
35+
// If has toen, compare against admin token.
36+
if self
37+
.token
38+
.as_ref()
39+
.map_or(false, |x| x == auth.admin_token.read())
40+
{
3541
Ok(())
3642
} else {
3743
Err(rivet_api_builder::ApiForbidden.build())

packages/core/guard/server/src/routing/runner.rs

Lines changed: 29 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -27,32 +27,36 @@ pub async fn route_request(
2727

2828
// Check auth (if enabled)
2929
if let Some(auth) = &ctx.config().auth {
30-
let token = headers
31-
.get(X_RIVET_TOKEN)
32-
.and_then(|x| x.to_str().ok())
33-
// Fallback to checking websocket protocol if rivet token is not set
34-
.or_else(|| {
35-
if is_websocket {
36-
headers
37-
.get(SEC_WEBSOCKET_PROTOCOL)
38-
.and_then(|protocols| protocols.to_str().ok())
39-
.and_then(|protocols| {
40-
protocols
41-
.split(',')
42-
.map(|p| p.trim())
43-
.find_map(|p| p.strip_prefix(WS_PROTOCOL_TOKEN))
44-
})
45-
} else {
46-
None
47-
}
48-
})
49-
.ok_or_else(|| {
50-
crate::errors::MissingHeader {
51-
header: X_RIVET_TOKEN.to_string(),
52-
}
53-
.build()
54-
})?;
30+
// Extract token
31+
let token = if is_websocket {
32+
headers
33+
.get(SEC_WEBSOCKET_PROTOCOL)
34+
.and_then(|protocols| protocols.to_str().ok())
35+
.and_then(|protocols| {
36+
protocols
37+
.split(',')
38+
.map(|p| p.trim())
39+
.find_map(|p| p.strip_prefix(WS_PROTOCOL_TOKEN))
40+
})
41+
.ok_or_else(|| {
42+
crate::errors::MissingHeader {
43+
header: SEC_WEBSOCKET_PROTOCOL.to_string(),
44+
}
45+
.build()
46+
})?
47+
} else {
48+
headers
49+
.get(X_RIVET_TOKEN)
50+
.and_then(|x| x.to_str().ok())
51+
.ok_or_else(|| {
52+
crate::errors::MissingHeader {
53+
header: X_RIVET_TOKEN.to_string(),
54+
}
55+
.build()
56+
})?
57+
};
5558

59+
// Validate token
5660
if token != auth.admin_token {
5761
return Err(rivet_api_builder::ApiForbidden.build());
5862
}

0 commit comments

Comments
 (0)