show image preview + single file downloads

2025-08-10 23:16:18 +02:00
parent bfe73eefb9
commit c8b52a5b3b
13 changed files with 174 additions and 26 deletions
--- a/backend/src/lib/inbound/http/handlers/extractors.rs
+++ b/backend/src/lib/inbound/http/handlers/extractors.rs
@@ -2,6 +2,7 @@ use axum::{
    extract::FromRequestParts,
    http::{header::AUTHORIZATION, request::Parts},
 };
+use axum_extra::extract::CookieJar;

 use crate::{
    domain::warren::models::auth_session::AuthSessionIdWithType, inbound::http::responses::ApiError,
@@ -15,21 +16,38 @@ where
 {
    type Rejection = ApiError;

-    async fn from_request_parts(parts: &mut Parts, _state: &S) -> Result<Self, Self::Rejection> {
-        let Some(header) = parts.headers.get(AUTHORIZATION) else {
-            return Err(ApiError::Unauthorized(
-                "Missing authorization header".to_string(),
-            ));
-        };
+    async fn from_request_parts(parts: &mut Parts, state: &S) -> Result<Self, Self::Rejection> {
+        // Release build
+        if !cfg!(debug_assertions) {
+            let jar = CookieJar::from_request_parts(parts, state).await.unwrap();

-        let header_str = header.to_str().map_err(|_| {
-            ApiError::InternalServerError(
-                "Failed to get authorization header as string".to_string(),
-            )
-        })?;
+            let Some(cookie) = jar.get(AUTHORIZATION.as_str()) else {
+                return Err(ApiError::Unauthorized(
+                    "Missing authorization cookie".to_string(),
+                ));
+            };

-        AuthSessionIdWithType::from_str(header_str)
-            .map(|session_id| SessionIdHeader(session_id))
-            .map_err(|_| ApiError::BadRequest("Invalid session id".to_string()))
+            AuthSessionIdWithType::from_str(cookie.value())
+                .map(|session_id| SessionIdHeader(session_id))
+                .map_err(|_| ApiError::BadRequest("Invalid session id".to_string()))
+        }
+        // Debug build
+        else {
+            let Some(header) = parts.headers.get(AUTHORIZATION) else {
+                return Err(ApiError::Unauthorized(
+                    "Missing authorization header".to_string(),
+                ));
+            };
+
+            let header_str = header.to_str().map_err(|_| {
+                ApiError::InternalServerError(
+                    "Failed to get authorization header as string".to_string(),
+                )
+            })?;
+
+            AuthSessionIdWithType::from_str(header_str)
+                .map(|session_id| SessionIdHeader(session_id))
+                .map_err(|_| ApiError::BadRequest("Invalid session id".to_string()))
+        }
    }
 }