Making sure image uploads have jwt cookie. Fixes #1291 (#1299)

This commit is contained in:
Dessalines 2020-12-01 12:48:39 -05:00 committed by GitHub
parent cc8a6bea65
commit 45efa94ba4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,6 +1,7 @@
use actix::clock::Duration;
use actix_web::{body::BodyStream, http::StatusCode, *};
use awc::Client;
use lemmy_api::claims::Claims;
use lemmy_rate_limit::RateLimit;
use lemmy_utils::settings::Settings;
use serde::{Deserialize, Serialize};
@ -46,7 +47,14 @@ async fn upload(
body: web::Payload,
client: web::Data<Client>,
) -> Result<HttpResponse, Error> {
// TODO: check auth and rate limit here
// TODO: check rate limit here
let jwt = req
.cookie("jwt")
.expect("No auth header for picture upload");
if Claims::decode(jwt.value()).is_err() {
return Ok(HttpResponse::Unauthorized().finish());
};
let mut res = client
.request_from(format!("{}/image", Settings::get().pictrs_url), req.head())