Homebrew RSS reader server
api/fever: fix case-sensitive api_key comparison
* use case-insensitive comparison for MD5 api_key
* add debug logging for auth troubleshooting
ReadKit sends the api_key in uppercase while we store it lowercase.
MD5 hex strings should compare case-insensitively per convention.
+14
-1
+14
-1
src/api/fever.rs
+14
-1
src/api/fever.rs
···
3
3
use axum::response::Json;
4
4
use serde_json::{json, Value};
5
5
use std::collections::HashMap;
6
+
use tracing::debug;
6
7
7
8
use crate::db;
8
9
use crate::server::AppState;
···
12
13
Query(params): Query<HashMap<String, String>>,
13
14
body: Bytes,
14
15
) -> Json<Value> {
16
+
debug!(?params, "fever request query params");
17
+
debug!(body = %String::from_utf8_lossy(&body), "fever request body");
18
+
15
19
// parse form body (may be empty for GET requests)
16
20
let body_params: HashMap<String, String> =
17
21
serde_urlencoded::from_bytes(&body).unwrap_or_default();
18
22
23
+
debug!(?body_params, "fever parsed body params");
24
+
19
25
let api_key = body_params.get("api_key").cloned().unwrap_or_default();
20
-
let authed = api_key == state.api_key;
26
+
let authed = api_key.eq_ignore_ascii_case(&state.api_key);
27
+
28
+
debug!(
29
+
api_key_provided = %api_key,
30
+
api_key_expected = %state.api_key,
31
+
authed,
32
+
"fever auth check"
33
+
);
21
34
22
35
let now = chrono::Utc::now().timestamp();
23
36
let mut response = json!({