1 files changed, 51 insertions, 42 deletions

diff --git a/src/routes.rs b/src/routes.rs
index ca1cc41..f5deeb4 100644
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -59,52 +59,61 @@ async fn upload_file(
     authorized_key: String,
     files_dir: &Path,
 ) -> Result<Response<BoxBody<Bytes, std::io::Error>>> {
-    let key = get_header(&request, "X-Key");
-    if key != Some(authorized_key) {
-        log::info!("Unauthorized file upload");
-        Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized"))
-    } else {
-        let file_id = model::generate_file_id();
-        let filename = get_header(&request, "X-Filename").map(|s| util::sanitize_filename(&s));
-        let expiration_days: Option<i64> =
-            get_header(&request, "X-Expiration").and_then(|s| s.parse().ok());
-        let content_length: Option<usize> =
-            get_header(&request, "Content-Length").and_then(|s| s.parse().ok());
-
-        match (filename, expiration_days, content_length) {
-            (Some(filename), Some(expiration_days), Some(content_length)) => {
-                let _ = fs::create_dir(files_dir).await;
-                let path = files_dir.join(&file_id);
-                let mut file = File::create(&path).await.unwrap();
-
-                let mut incoming = request.into_body();
-                while let Some(frame) = incoming.frame().await {
-                    if let Ok(data) = frame {
-                        let _ = file.write_all(&data.into_data().unwrap()).await;
-                        let _ = file.flush().await;
-                    }
-                }
-
-                let file = model::File {
-                    id: file_id.clone(),
-                    name: filename,
-                    expires_at: model::local_time().add(Duration::days(expiration_days)),
-                    content_length,
-                };
-
-                match db::files::insert(&db_conn, file.clone()).await {
-                    Ok(_) => Ok(response(StatusCode::OK, file_id)),
-                    Err(msg) => {
-                        log::error!("Insert file: {msg}");
-                        if let Err(msg) = fs::remove_file(path).await {
-                            log::error!("Remove file: {msg}");
+    match get_header(&request, "X-Key") {
+        None => {
+            log::info!("Unauthorized file upload");
+            Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized"))
+        }
+        Some(key) => match bcrypt::verify(key, &authorized_key) {
+            Ok(true) => {
+                let file_id = model::generate_file_id();
+                let filename =
+                    get_header(&request, "X-Filename").map(|s| util::sanitize_filename(&s));
+                let expiration_days: Option<i64> =
+                    get_header(&request, "X-Expiration").and_then(|s| s.parse().ok());
+                let content_length: Option<usize> =
+                    get_header(&request, "Content-Length").and_then(|s| s.parse().ok());
+
+                match (filename, expiration_days, content_length) {
+                    (Some(filename), Some(expiration_days), Some(content_length)) => {
+                        let _ = fs::create_dir(files_dir).await;
+                        let path = files_dir.join(&file_id);
+                        let mut file = File::create(&path).await.unwrap();
+
+                        let mut incoming = request.into_body();
+                        while let Some(frame) = incoming.frame().await {
+                            if let Ok(data) = frame {
+                                let _ = file.write_all(&data.into_data().unwrap()).await;
+                                let _ = file.flush().await;
+                            }
+                        }
+
+                        let file = model::File {
+                            id: file_id.clone(),
+                            name: filename,
+                            expires_at: model::local_time().add(Duration::days(expiration_days)),
+                            content_length,
                         };
-                        Ok(internal_server_error())
+
+                        match db::files::insert(&db_conn, file.clone()).await {
+                            Ok(_) => Ok(response(StatusCode::OK, file_id)),
+                            Err(msg) => {
+                                log::error!("Insert file: {msg}");
+                                if let Err(msg) = fs::remove_file(path).await {
+                                    log::error!("Remove file: {msg}");
+                                };
+                                Ok(internal_server_error())
+                            }
+                        }
                     }
+                    _ => Ok(bad_request()),
                 }
             }
-            _ => Ok(bad_request()),
-        }
+            _ => {
+                log::info!("Unauthorized file upload");
+                Ok(response(StatusCode::UNAUTHORIZED, "Unauthorized"))
+            }
+        },
     }
 }