Warp and header and access token

ginko · October 5, 2020, 2:00pm

Hello,

I am looking at how to check header with warp.

I have a server that needs to check if the "authorization" header is filled with a token.

The server is like:

let test_route = warp::path("test")
    .and(warp.get())
    .and_then(handlers::test::test_conn);

let routes = test_route;

warp::serve(routes).run(([0,0,0,0], 8080)).await;

There are of course others endpoints.

I would like to check if the client sent the right authorization header before executing the /test endpoint.

Is that possible?

The scenario is:

The client does not have a token, so he connects to the appli that replies with an access token.
with that access token, the client builds a query and adds the token into the authorization header
the server checks that authorization header and lets the client access the /test endpoint or not.

Thanks for help

zupzup · October 5, 2020, 2:28pm

Hey!

Yes, that's possible - I believe the best-practice approach to achieve it would be to build a warp Filter for it.

I wrote a blog post dealing with something similar a while back here

This post also goes into detail on an authorization library, but for your use-case, the whole part surrounding the with_auth filter might be interesting, as there I get a value from the Authorization header, check it against an in-memory session store and then check if the user is allowed to see the requested resource.

Besides that, looking at the warp examples surrounding filters in the GitHub repository might be helpful.