Check Authorization header before accepting gree request

src/router.rs

@@ -62,7 +62,7 @@ async fn api_req(req: HttpRequest, body: String) -> HttpResponse {
     } else if !req.path().starts_with("/api") && !req.path().starts_with("/v1.0") {
         return webui::main(req);
     }
-    if headers.get("a6573cbe").is_none() {
+    if headers.get("a6573cbe").is_none() && req.path().starts_with("/api") {
         if args.hidden {
             return not_found(&headers);
         } else {
@@ -179,6 +179,13 @@ pub async fn request(req: HttpRequest, body: String) -> HttpResponse {
     if args.hidden && req.path().starts_with("/api/webui/") {
         return not_found(&req.headers());
     }
+    if req.path().starts_with("/v1.0") && req.headers().get("Authorization").is_none() {
+        if args.hidden {
+            return gree::not_found();
+        } else {
+            return webui::main(req);
+        }
+    }
     if req.method() == "POST" {
         match req.path() {
             "/v1.0/auth/initialize" => gree::initialize(req, body),

src/router/gree.rs

@@ -126,6 +126,20 @@ fn send(req: HttpRequest, resp: JsonValue) -> HttpResponse {
         .body(json::stringify(resp))
 }
 
+pub fn not_found() -> HttpResponse {
+    let resp = object!{
+        code: 10001,
+        message: "Not Found",
+        result: "NG"
+    };
+    HttpResponse::NotFound()
+        .insert_header(ContentType::json())
+        .insert_header(("Expires", "-1"))
+        .insert_header(("Pragma", "no-cache"))
+        .insert_header(("Cache-Control", "must-revalidate, no-cache, no-store, private"))
+        .body(json::stringify(resp))
+}
+
 pub fn initialize(req: HttpRequest, body: String) -> HttpResponse {
     let body = json::parse(&body).unwrap();
     let token = create_acc(&body["token"].to_string());