auth-server: api-auth: Do not remove API key from auth headers

renegade-fi · Oct 29, 2024 · 1d7e04f · 1d7e04f
1 parent e79dec9
commit 1d7e04f
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 /.gitattributes
+**/.DS_Store
 
 # Generated by Cargo
 # will have compiled files and executables

diff --git a/auth/auth-server/src/server/api_auth.rs b/auth/auth-server/src/server/api_auth.rs
@@ -27,12 +27,12 @@ impl Server {
     pub(crate) async fn authorize_request(
         &self,
         path: &str,
-        headers: &mut HeaderMap,
+        headers: &HeaderMap,
         body: &[u8],
     ) -> Result<(), ApiError> {
         // Check API auth
         let api_key = headers
-            .remove(RENEGADE_API_KEY_HEADER)
+            .get(RENEGADE_API_KEY_HEADER)
             .and_then(|h| h.to_str().ok().map(String::from)) // Convert to String
             .and_then(|s| Uuid::parse_str(&s).ok()) // Use &s to parse
             .ok_or(AuthServerError::unauthorized("Invalid or missing Renegade API key"))?;

diff --git a/auth/auth-server/src/server/handle_external_match.rs b/auth/auth-server/src/server/handle_external_match.rs
@@ -15,11 +15,11 @@ impl Server {
     pub async fn handle_external_match_request(
         &self,
         path: warp::path::FullPath,
-        mut headers: warp::hyper::HeaderMap,
+        headers: warp::hyper::HeaderMap,
         body: Bytes,
     ) -> Result<impl Reply, Rejection> {
         // Authorize the request
-        self.authorize_request(path.as_str(), &mut headers, &body).await?;
+        self.authorize_request(path.as_str(), &headers, &body).await?;
 
         // Send the request to the relayer
         let resp = self.send_admin_request(Method::POST, path.as_str(), headers, body).await?;