Eleel allows quite large amounts of data to be uploaded. We should check that the JWT token is verified before deserializing this data as JSON. Presently we're just using Axum's handler to get access to both the header and the JSON body, meaning we check the token after deserialization:
|
async fn handle_client_json_rpc( |
|
State(state): State<Arc<AppState>>, |
|
TypedHeader(jwt_token_str): TypedHeader<Authorization<Bearer>>, |
|
maybe_requests: Result<Json<Requests>, JsonRejection>, |
|
) -> Json<Responses> { |
Eleel allows quite large amounts of data to be uploaded. We should check that the JWT token is verified before deserializing this data as JSON. Presently we're just using Axum's handler to get access to both the header and the JSON body, meaning we check the token after deserialization:
eleel/src/main.rs
Lines 100 to 104 in 10e4ff2