更新系処理をWebSocketから廃止、当該処理はREST移行 #22
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
📝 WalkthroughWalkthroughREST APIエンドポイント( Changes
Sequence Diagram(s)sequenceDiagram
actor Client
participant Server
participant Authenticated as Auth Extractor
participant AppState as AppState<br/>(config, storage, hub)
participant Handler as Request Handler<br/>(post_location/log)
participant Response
Client->>Server: POST /api/location or /api/log<br/>(with Authorization header)
Server->>Authenticated: Extract Bearer token
alt Token present and enabled
Authenticated->>Authenticated: Validate token
Authenticated->>Handler: Pass Authenticated marker
else Token missing/disabled
Authenticated-->>Client: 401 Unauthorized<br/>Json(ApiResponse)
Note over Client: Reject request
end
Handler->>AppState: Access state (storage, hub, etc.)
Handler->>Handler: Deserialize JSON body<br/>& validate payload
alt Validation successful
Handler->>AppState: Process request<br/>(store location/log, broadcast)
Handler->>Response: 200 OK<br/>Json(ApiResponse)
else Validation fails
Handler->>Response: 400 Bad Request<br/>Json(ApiResponse)
end
Response-->>Client: Return response with<br/>optional error/warning fields
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@src/server.rs`:
- Around line 204-221: The current token extraction uses h.strip_prefix("Bearer
") which is case-sensitive and rejects valid "bearer" variants; update the
closure that produces token (the code using auth_header and token) to perform a
case-insensitive check for the "Bearer " scheme instead of strip_prefix("Bearer
"), e.g. test the prefix with an ASCII case-insensitive comparison
(eq_ignore_ascii_case on the first 7 chars) and then slice the remainder as the
token; keep the same error handling branch so behavior is unchanged when the
header is missing or malformed.
🧹 Nitpick comments (2)
openapi.yaml (1)
291-307: log.message の空白のみ禁止をスキーマにも反映したいサーバ側は空白のみを拒否するため、OpenAPI に pattern を追加するとクライアント側でも検出できます。
🛠️ 修正案
message: type: string minLength: 1 + pattern: '.*\S.*' description: Log message (must not be empty or whitespace-only)Cargo.toml (1)
27-28: テスト専用依存は dev-dependencies へ移動すべき
towerとhyperは#[cfg(test)]モジュール内の テストコードでのみ使用されています(ServiceExt、to_bytesなど)。ランタイム依存を最小限に保つため、これらを[dev-dependencies]に移すことをお勧めします。修正案
csv = "1.4" -tower = "0.4" -hyper = "0.14" +[dev-dependencies] +tower = "0.4" +hyper = "0.14"
Comment on lines
+204
to
+221
| let auth_header = parts | ||
| .headers | ||
| .get(AUTHORIZATION) | ||
| .and_then(|v| v.to_str().ok()); | ||
|
|
||
| let token = auth_header | ||
| .and_then(|h| h.strip_prefix("Bearer ")) | ||
| .ok_or_else(|| { | ||
| ( | ||
| StatusCode::UNAUTHORIZED, | ||
| Json(ApiResponse { | ||
| ok: false, | ||
| id: None, | ||
| warning: None, | ||
| error: Some("missing or invalid Authorization header".to_string()), | ||
| }), | ||
| ) | ||
| })?; |
Contributor
There was a problem hiding this comment.
Bearerスキームの大文字小文字を許容したい
スキームは大文字小文字を区別しないため、bearer を弾くと一部クライアントで401になります。case-insensitive 判定を推奨します。
🛠️ 修正案
- let token = auth_header
- .and_then(|h| h.strip_prefix("Bearer "))
+ let token = auth_header
+ .and_then(|h| {
+ let mut parts = h.splitn(2, ' ');
+ let scheme = parts.next()?;
+ let token = parts.next()?;
+ if scheme.eq_ignore_ascii_case("bearer") {
+ Some(token)
+ } else {
+ None
+ }
+ })
.ok_or_else(|| {
(
StatusCode::UNAUTHORIZED,
Json(ApiResponse {📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| let auth_header = parts | |
| .headers | |
| .get(AUTHORIZATION) | |
| .and_then(|v| v.to_str().ok()); | |
| let token = auth_header | |
| .and_then(|h| h.strip_prefix("Bearer ")) | |
| .ok_or_else(|| { | |
| ( | |
| StatusCode::UNAUTHORIZED, | |
| Json(ApiResponse { | |
| ok: false, | |
| id: None, | |
| warning: None, | |
| error: Some("missing or invalid Authorization header".to_string()), | |
| }), | |
| ) | |
| })?; | |
| let auth_header = parts | |
| .headers | |
| .get(AUTHORIZATION) | |
| .and_then(|v| v.to_str().ok()); | |
| let token = auth_header | |
| .and_then(|h| { | |
| let mut parts = h.splitn(2, ' '); | |
| let scheme = parts.next()?; | |
| let token = parts.next()?; | |
| if scheme.eq_ignore_ascii_case("bearer") { | |
| Some(token) | |
| } else { | |
| None | |
| } | |
| }) | |
| .ok_or_else(|| { | |
| ( | |
| StatusCode::UNAUTHORIZED, | |
| Json(ApiResponse { | |
| ok: false, | |
| id: None, | |
| warning: None, | |
| error: Some("missing or invalid Authorization header".to_string()), | |
| }), | |
| ) | |
| })?; |
🤖 Prompt for AI Agents
In `@src/server.rs` around lines 204 - 221, The current token extraction uses
h.strip_prefix("Bearer ") which is case-sensitive and rejects valid "bearer"
variants; update the closure that produces token (the code using auth_header and
token) to perform a case-insensitive check for the "Bearer " scheme instead of
strip_prefix("Bearer "), e.g. test the prefix with an ASCII case-insensitive
comparison (eq_ignore_ascii_case on the first 7 chars) and then slice the
remainder as the token; keep the same error handling branch so behavior is
unchanged when the header is missing or malformed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
リリースノート
New Features
Documentation
✏️ Tip: You can customize this high-level summary in your review settings.