chore: Revert allowing Authorization header (reacherhq#164)

* chore: Revert allowing Authorization header

* Fix tests

* Fix lint

Author: amaury1093

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "reacher_backend"
-version = "0.3.5"
+version = "0.3.6"
 edition = "2018"
 license = "AGPL-3.0 OR Commercial"
 publish = false

Cargo.toml

@@ -27,7 +27,6 @@ pub const DEFAULT_SAASIFY_SECRET: &str = "reacher_dev_secret";
 /// but there might be others in the future
 #[derive(Debug, PartialEq)]
 pub enum HeaderSecret {
-	Authorization,
 	Saasify,
 }
 
@@ -41,8 +40,6 @@ fn get_saasify_secret() -> String {
 /// for auth that match:
 /// - `x-saasify-proxy-secret`: this means auth is handled by saasify, we don't
 /// care about auth anymore.
-/// - `Authorization`: this is a temporary fix to allow all requests with this
-/// header.
 pub fn check_header(
 ) -> impl warp::Filter<Extract = (HeaderSecret,), Error = warp::Rejection> + Clone {
 	let saasify_secret = get_saasify_secret();
@@ -51,6 +48,4 @@ pub fn check_header(
 
 	warp::header::exact_ignore_case(SAASIFY_SECRET_HEADER, saasify_secret)
 		.map(|| HeaderSecret::Saasify)
-		.or(warp::header::<String>("authorization").map(|_| HeaderSecret::Authorization))
-		.unify()
 }

src/routes/check_email/header.rs

@@ -39,7 +39,10 @@ async fn test_missing_header() {
 
 	println!("{:?}", resp);
 	assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
-	assert_eq!(resp.body(), r#"Missing request header "authorization""#);
+	assert_eq!(
+		resp.body(),
+		r#"Missing request header "x-saasify-proxy-secret""#
+	);
 }
 
 #[tokio::test]
@@ -54,7 +57,10 @@ async fn test_wrong_saasify_secret() {
 
 	println!("{:?}", resp);
 	assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
-	assert_eq!(resp.body(), r#"Missing request header "authorization""#);
+	assert_eq!(
+		resp.body(),
+		r#"Invalid request header "x-saasify-proxy-secret""#
+	);
 }
 
 #[tokio::test]
@@ -84,31 +90,3 @@ async fn test_input_foo_bar_baz() {
 	assert_eq!(resp.status(), StatusCode::OK);
 	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
 }
-
-#[tokio::test]
-async fn test_authorization_header() {
-	let resp = request()
-		.path("/v0/check_email")
-		.method("POST")
-		.header("authorization", "foo")
-		.json(&serde_json::from_str::<EndpointRequest>(r#"{"to_email": "[email protected]"}"#).unwrap())
-		.reply(&create_routes())
-		.await;
-
-	assert_eq!(resp.status(), StatusCode::OK);
-	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
-}
-
-#[tokio::test]
-async fn test_authorization_capital_header() {
-	let resp = request()
-		.path("/v0/check_email")
-		.method("POST")
-		.header("Authorization", "foo")
-		.json(&serde_json::from_str::<EndpointRequest>(r#"{"to_email": "[email protected]"}"#).unwrap())
-		.reply(&create_routes())
-		.await;
-
-	assert_eq!(resp.status(), StatusCode::OK);
-	assert_eq!(resp.body(), FOO_BAR_BAZ_RESPONSE);
-}