adding with headers, and also checking cookies header

2026-03-12 20:14:23 +01:00
parent 4c4fc8b91c
commit cbf65dfde7
2 changed files with 29 additions and 9 deletions
@@ -29,17 +29,23 @@ impl JwtMiddleware {
        &self,
        req: &Request<Incoming>,
    ) -> Result<Claims, Box<dyn std::error::Error + Send + Sync>> {
-        let auth_header = req
-            .headers()
-            .get("Authorization")
-            .and_then(|v| v.to_str().ok())
-            .filter(|h| h.starts_with("Bearer "))
-            .map(|h| &h[7..])
-            .ok_or("No token found")?;
+        let cookie_header = req.headers().get("Cookie").and_then(|v| v.to_str().ok());
+
+        let token = cookie_header
+            .and_then(|c| c.split(';').find(|s| s.trim().starts_with("access_token=")))
+            .map(|s| s.trim().trim_start_matches("access_token="))
+            .or_else(|| {
+                req.headers()
+                    .get("Authorization")
+                    .and_then(|v| v.to_str().ok())
+                    .filter(|h| h.starts_with("Bearer "))
+                    .map(|h| &h[7..])
+            })
+            .ok_or("No token found in Cookies or Authorization header")?;

        let mut validation = Validation::new(Algorithm::RS256);
        validation.set_required_spec_claims(&["exp", "sub"]);
-        let token_data = decode::<Claims>(auth_header, &self.decoding_key, &validation)?;
+        let token_data = decode::<Claims>(token, &self.decoding_key, &validation)?;

        Ok(token_data.claims)
    }