gsathecat
/
lemmy
mirror of https://github.com/LemmyNet/lemmy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Making sure image uploads have jwt cookie. Fixes #1291 (#1299)

pull/1304/head
Dessalines 2020-12-01 12:48:39 -05:00 committed by GitHub
parent cc8a6bea65
commit 45efa94ba4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/images.rs
View File

@ -1,6 +1,7 @@
use actix::clock::Duration; use actix::clock::Duration;
use actix_web::{body::BodyStream, http::StatusCode, *}; use actix_web::{body::BodyStream, http::StatusCode, *};
use awc::Client; use awc::Client;
use lemmy_api::claims::Claims;
use lemmy_rate_limit::RateLimit; use lemmy_rate_limit::RateLimit;
use lemmy_utils::settings::Settings; use lemmy_utils::settings::Settings;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -46,7 +47,14 @@ async fn upload(
body: web::Payload, body: web::Payload,
client: web::Data<Client>, client: web::Data<Client>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// TODO: check auth and rate limit here // TODO: check rate limit here
let jwt = req
.cookie("jwt")
.expect("No auth header for picture upload");
if Claims::decode(jwt.value()).is_err() {
return Ok(HttpResponse::Unauthorized().finish());
};
let mut res = client let mut res = client
.request_from(format!("{}/image", Settings::get().pictrs_url), req.head()) .request_from(format!("{}/image", Settings::get().pictrs_url), req.head())