custom-fail · banocean · Jun 27, 2025 · Jun 27, 2025
diff --git a/src/server/routes/guilds/_id.rs b/src/server/routes/guilds/_id.rs
@@ -12,7 +12,7 @@ use crate::context::Context;
 use crate::server::error::{MapErrorIntoInternalRejection, Rejection};
 use crate::server::guild::editing::GuildsEditing;
 use crate::server::guild::ws::handle_connection;
-use crate::server::session::{Authenticator, AuthorizationInformation, authorize_user, Sessions};
+use crate::server::session::{Authenticator, AuthorizationInformation, Sessions, query_authorize_user};
 
 type GuildId = Id<GuildMarker>;
 
@@ -27,7 +27,7 @@ pub fn run(
     let with_guilds_editing = with_value!(guilds_editing);
 
     warp::path!("guilds" / GuildId)
-        .and(authorize_user(authenticator, sessions))
+        .and(query_authorize_user(authenticator, sessions))
         .and(with_context.clone())
         .and_then(check_guild)
         .and(warp::ws())

diff --git a/src/server/session.rs b/src/server/session.rs
@@ -3,6 +3,7 @@ use std::sync::Arc;
 use rusty_paseto::core::{ImplicitAssertion, Key, Local, PasetoSymmetricKey, V4};
 use rusty_paseto::generic::GenericBuilderError;
 use rusty_paseto::prelude::{PasetoBuilder, PasetoParser};
+use serde::Deserialize;
 use tokio::sync::RwLock;
 use twilight_http::Client;
 use twilight_model::id::Id;
@@ -109,4 +110,40 @@ async fn filter(
     sessions.user(&user_id)
         .await
         .ok_or_else(|| reject!(Rejection::Unauthorized))
+}
+
+#[derive(Deserialize)]
+struct Query {
+    #[serde(rename = "Authorization")]
+    pub token: String,
+    #[serde(rename = "User-Id")]
+    pub user_id: Id<UserMarker>
+}
+
+pub fn query_authorize_user(
+    authenticator: Arc<Authenticator>,
+    sessions: Arc<Sessions>
+) -> impl Filter<Extract = (Arc<AuthorizationInformation>,), Error = warp::Rejection> + Clone {
+    let with_authenticator = with_value!(authenticator);
+    let with_sessions = with_value!(sessions);
+
+    warp::any()
+        .and(warp::query::<Query>())
+        .and(with_authenticator)
+        .and(with_sessions)
+        .and_then(query_filter)
+}
+
+async fn query_filter(
+    query: Query,
+    authenticator: Arc<Authenticator>,
+    sessions: Arc<Sessions>
+) -> Result<Arc<AuthorizationInformation>, warp::Rejection> {
+    if authenticator.verify_token(query.token.as_str(), query.user_id) {
+        return err!(Rejection::Unauthorized)
+    }
+
+    sessions.user(&query.user_id)
+        .await
+        .ok_or_else(|| reject!(Rejection::Unauthorized))
 }