From 062e441d8a6e328e5ede0996e23065ad0a40a59f Mon Sep 17 00:00:00 2001
From: Awiteb <a@4rs.nl>
Date: Thu, 4 Jul 2024 16:11:23 +0300
Subject: [PATCH] feat: Create signature data if there is no request body

The signature data is `Method+uri path` if there is no request body

Signed-off-by: Awiteb <a@4rs.nl>
---
 .../oxidetalis/src/middlewares/signature.rs   | 24 +++++++++----------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/crates/oxidetalis/src/middlewares/signature.rs b/crates/oxidetalis/src/middlewares/signature.rs
index 5dff94b..463a1fc 100644
--- a/crates/oxidetalis/src/middlewares/signature.rs
+++ b/crates/oxidetalis/src/middlewares/signature.rs
@@ -42,20 +42,18 @@ pub async fn signature_check(
     let mut write_err =
         |message: &str, status_code| super::write_error(res, ctrl, message.to_owned(), status_code);
 
-    if req.body().is_end_stream() {
-        write_err(
-            "Request body is empty, the signature need a signed body",
-            UNAUTHORIZED,
-        );
-        return;
-    }
-    let json_body = match req.parse_json::<serde_json::Value>().await {
-        Ok(j) => j.to_string(),
-        Err(err) => {
-            write_err(&err.to_string(), UNAUTHORIZED);
-            return;
+    let data = if req.body().is_end_stream() {
+        format!("{}{}", req.method(), req.uri().path())
+    } else {
+        match req.parse_json::<serde_json::Value>().await {
+            Ok(j) => j.to_string(),
+            Err(err) => {
+                write_err(&err.to_string(), UNAUTHORIZED);
+                return;
+            }
         }
     };
+
     let signature = match utils::extract_signature(req) {
         Ok(s) => s,
         Err(err) => {
@@ -77,7 +75,7 @@ pub async fn signature_check(
             &sender_public_key,
             &depot.config().server.private_key,
             &signature,
-            json_body.as_bytes(),
+            data.as_bytes(),
         )
     {
         write_err("Invalid signature", UNAUTHORIZED);