(
config: &Config,
method: &Method,
headers: &HeaderMap,
peer_is_loopback: bool,
uri_query: Option<&str>,
)
| 61 | } |
| 62 | |
| 63 | pub fn api_request_authorized( |
| 64 | config: &Config, |
| 65 | method: &Method, |
| 66 | headers: &HeaderMap, |
| 67 | peer_is_loopback: bool, |
| 68 | uri_query: Option<&str>, |
| 69 | ) -> bool { |
| 70 | if bearer_or_header_token(headers).is_some_and(|token| token == config.access_token) { |
| 71 | return true; |
| 72 | } |
| 73 | |
| 74 | if query_token_from_query(uri_query).is_some_and(|token| token == config.access_token) { |
| 75 | return true; |
| 76 | } |
| 77 | |
| 78 | if cookie_token(headers).is_some_and(|token| token == config.access_token) { |
| 79 | return if method == Method::GET || method == Method::HEAD { |
| 80 | origin_allowed_or_absent(config, headers) |
| 81 | } else { |
| 82 | origin_allowed(config, headers) |
| 83 | }; |
| 84 | } |
| 85 | |
| 86 | if peer_is_loopback { |
| 87 | return if method == Method::GET || method == Method::HEAD { |
| 88 | true |
| 89 | } else { |
| 90 | origin_allowed(config, headers) |
| 91 | }; |
| 92 | } |
| 93 | |
| 94 | false |
| 95 | } |
| 96 | |
| 97 | pub fn preflight_response(config: &Config, headers: &HeaderMap) -> Response { |
| 98 | let mut response = StatusCode::NO_CONTENT.into_response(); |
no test coverage detected