Edited the API Key header to comply with OpenAPI v3 specs

2025-02-05 13:52:33 -06:00 · 2025-01-03 00:25:55 +10:00 · 2025-01-03 00:25:55 +10:00 · 4fb8d0cb5c
commit 4fb8d0cb5c
parent 9a0cdec646
3 changed files with 8 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -193,17 +193,17 @@ If the API key is insecure, a warning will be outputted along with a generated A

 To add a link:
 ``` bash
-curl -X POST -H "Chhoto-Api-Key: <YOUR_API_KEY>" -d '{"shortlink":"<shortlink>", "longlink":"<longlink>"}' http://localhost:4567/api/new
+curl -X POST -H "X-API-Key: <YOUR_API_KEY>" -d '{"shortlink":"<shortlink>", "longlink":"<longlink>"}' http://localhost:4567/api/new
 ```

 To get a list of all the currently available links:
 ``` bash
-curl -H "Chhoto-Api-Key: <YOUR_API_KEY>" http://localhost:4567/api/all
+curl -H "X-API-Key: <YOUR_API_KEY>" http://localhost:4567/api/all
 ```

 To delete a link:
 ``` bash
-curl -X DELETE -H "Chhoto-Api-Key: <YOUR_API_KEY>" http://localhost:4567/api/del/<shortlink>
+curl -X DELETE -H "X-API-Key: <YOUR_API_KEY>" http://localhost:4567/api/del/<shortlink>
 ```
 Where `<shortlink>` is name of the shortened link you would like to delete. For example, if the shortened link is `http://localhost:4567/example`, `<shortlink>` would be `example`.

--- a/actix/src/auth.rs
+++ b/actix/src/auth.rs
@ -42,7 +42,7 @@ pub fn gen_key() -> String {

 // Check if the API key header exists
 pub fn api_header(req: &HttpRequest) -> Option<&str> {
-    req.headers().get("Chhoto-Api-Key")?.to_str().ok()
+    req.headers().get("X-API-Key")?.to_str().ok()
 }

 // Determine whether the inputted API key is sufficiently secure
--- a/actix/src/utils.rs
+++ b/actix/src/utils.rs
@ -29,7 +29,7 @@ pub struct Response {
 // If the api_key environment variable eists
 pub fn is_api_ok(http: HttpRequest) -> Response {
    // If the api_key environment variable exists
-    if env::var("api_key").is_ok() {
+    if let Ok(_) = env::var("api_key") {
        // If the header exists
        if let Some(header) = auth::api_header(&http) {
            // If the header is correct
@ -41,11 +41,12 @@ pub fn is_api_ok(http: HttpRequest) -> Response {
        // The header may not exist when the user logs in through the web interface, so allow a request with no header.
        // Further authentication checks will be conducted in services.rs
        } else {
-            Response { success: false, error: false, reason: "Chhoto-Api-Key header not found".to_string(), pass: true }
+            // Due to the implementation of this result in services.rs, this JSON object will not be outputted.
+            Response { success: false, error: false, reason: "X-API-Key header was not found".to_string(), pass: true }
        }
    } else {
        // If the API key isn't set, but an API Key header is provided
-        if auth::api_header(&http).is_some() {
+        if let Some(_) = auth::api_header(&http) {
            Response {success: false, error: true, reason: "An API key was provided, but the 'api_key' environment variable is not configured in the Chhoto URL instance".to_string(), pass: false}
        } else {
            Response {success: false, error: false, reason: "".to_string(), pass: true}