From 1a6466fdfb0583ad33be14b85f915f8d9eecf3d4 Mon Sep 17 00:00:00 2001
From: antifallobst <antifallobst@systemausfall.org>
Date: Sat, 11 Nov 2023 21:01:38 +0100
Subject: [PATCH] feat: added access token verification

---
 src/api/calls.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/api/calls.rs b/src/api/calls.rs
index 26cc6ca..34a1c31 100644
--- a/src/api/calls.rs
+++ b/src/api/calls.rs
@@ -1,5 +1,6 @@
 use crate::api::{data::*, handlers, State};
 use actix_web::{get, post, web, HttpResponse, Responder};
+use actix_web_httpauth::extractors::bearer::BearerAuth;
 use log::error;
 
 // #[post("/backup/create")]
@@ -21,8 +22,13 @@ use log::error;
 #[post("/backup/preset")]
 async fn backup_preset_post(
     data: web::Data<State>,
+    auth: BearerAuth,
     body: web::Json<BackupPreset>,
 ) -> impl Responder {
+    if auth.token() != data.token {
+        return HttpResponse::Unauthorized().finish();
+    }
+
     match handlers::backup_preset_post(&data.pool, body.into_inner()).await {
         Ok(resp) => match resp {
             BackupPresetPostResponse::Success => HttpResponse::Ok().finish(),
@@ -36,7 +42,11 @@ async fn backup_preset_post(
 }
 
 #[get("/backup/preset")]
-async fn backup_preset_get(data: web::Data<State>) -> impl Responder {
+async fn backup_preset_get(data: web::Data<State>, auth: BearerAuth) -> impl Responder {
+    if auth.token() != data.token {
+        return HttpResponse::Unauthorized().finish();
+    }
+
     match handlers::backup_preset_get(&data.pool).await {
         Ok(resp) => HttpResponse::Ok().json(&resp),
         Err(e) => {