Edited the API Key header to comply with OpenAPI v3 specs

README.md

@@ -193,17 +193,17 @@ If the API key is insecure, a warning will be outputted along with a generated A
 
 To add a link:
 ``` bash
-curl -X POST -H "Chhoto-Api-Key: <YOUR_API_KEY>" -d '{"shortlink":"<shortlink>", "longlink":"<longlink>"}' http://localhost:4567/api/new
+curl -X POST -H "X-API-Key: <YOUR_API_KEY>" -d '{"shortlink":"<shortlink>", "longlink":"<longlink>"}' http://localhost:4567/api/new
 ```
 
 To get a list of all the currently available links:
 ``` bash
-curl -H "Chhoto-Api-Key: <YOUR_API_KEY>" http://localhost:4567/api/all
+curl -H "X-API-Key: <YOUR_API_KEY>" http://localhost:4567/api/all
 ```
 
 To delete a link:
 ``` bash
-curl -X DELETE -H "Chhoto-Api-Key: <YOUR_API_KEY>" http://localhost:4567/api/del/<shortlink>
+curl -X DELETE -H "X-API-Key: <YOUR_API_KEY>" http://localhost:4567/api/del/<shortlink>
 ```
 Where `<shortlink>` is name of the shortened link you would like to delete. For example, if the shortened link is `http://localhost:4567/example`, `<shortlink>` would be `example`.
 

actix/src/auth.rs

@@ -42,7 +42,7 @@ pub fn gen_key() -> String {
 
 // Check if the API key header exists
 pub fn api_header(req: &HttpRequest) -> Option<&str> {
-    req.headers().get("Chhoto-Api-Key")?.to_str().ok()
+    req.headers().get("X-API-Key")?.to_str().ok()
 }
 
 // Determine whether the inputted API key is sufficiently secure

actix/src/utils.rs

@@ -29,24 +29,25 @@ pub struct Response {
 // If the api_key environment variable eists
 pub fn is_api_ok(http: HttpRequest) -> Response {
     // If the api_key environment variable exists
-    if env::var("api_key").is_ok() {
+    if let Ok(_) = env::var("api_key") {
         // If the header exists
         if let Some(header) = auth::api_header(&http) {
             // If the header is correct
             if auth::validate_key(header.to_string()) {
-                Response { success: true, error: false, reason: "".to_string(), pass: false }
+                Response { success: true, error: false, reason: "Correct API key".to_string(), pass: false }
             } else {
                 Response { success: false, error: true, reason: "Incorrect API key".to_string(), pass: false }
             }
         // The header may not exist when the user logs in through the web interface, so allow a request with no header.
         // Further authentication checks will be conducted in services.rs
         } else {
-            Response { success: false, error: false, reason: "Chhoto-Api-Key header not found".to_string(), pass: true }
+            // Due to the implementation of this result in services.rs, this JSON object will not be outputted.
+            Response { success: false, error: false, reason: "X-API-Key header was not found".to_string(), pass: true }
         }
     } else {
         // If the API key isn't set, but an API Key header is provided
-        if auth::api_header(&http).is_some() {
-            Response {success: false, error: true, reason: "API key access was attempted, but no API key is configured".to_string(), pass: false}
+        if let Some(_) = auth::api_header(&http) {
+            Response {success: false, error: true, reason: "An API key was provided, but the 'api_key' environment variable is not configured in the Chhoto URL instance".to_string(), pass: false}
         } else {
             Response {success: false, error: false, reason: "".to_string(), pass: true}
         }