feat: datakey decrypt fails when not exportable

src/serve_encrypt_decrypt.rs

@@ -28,23 +28,26 @@ async fn inner_decrypt(req: Request<Body>) -> XResult<(StatusCode, Value)> {
     };
     let decrypted_value = jose::deserialize_jwe_aes(&data.encrypted_value, &key.read());
     drop(key);
+    let (data, header) = decrypted_value?;
 
-    decrypted_value.map(|(data, header)| {
-        let mut map = byte_to_multi_view_map(&data, true);
-        let mut header_map = Map::new();
-        header_map.insert("enc".to_string(), Value::String(header.enc.clone()));
-        header_map.insert("alg".to_string(), Value::String(header.alg.clone()));
-        if let Some(version) = &header.version {
-            header_map.insert("version".to_string(), Value::String(version.to_string()));
-        }
-        if let Some(data_type) = &header.data_type {
-            header_map.insert("data_type".to_string(), Value::String(data_type.to_string()));
-        }
-        if !header_map.is_empty() {
-            map.insert("header".to_string(), Value::Object(header_map));
-        }
-        (StatusCode::OK, Value::Object(map))
-    })
+    if let Some(false) = header.exportable {
+        return serve_common::error("data_not_exportable");
+    }
+
+    let mut map = byte_to_multi_view_map(&data, true);
+    let mut header_map = Map::new();
+    header_map.insert("enc".to_string(), Value::String(header.enc.clone()));
+    header_map.insert("alg".to_string(), Value::String(header.alg.clone()));
+    if let Some(version) = &header.version {
+        header_map.insert("version".to_string(), Value::String(version.to_string()));
+    }
+    if let Some(data_type) = &header.data_type {
+        header_map.insert("data_type".to_string(), Value::String(data_type.to_string()));
+    }
+    if !header_map.is_empty() {
+        map.insert("header".to_string(), Value::Object(header_map));
+    }
+    Ok((StatusCode::OK, Value::Object(map)))
 }
 
 pub async fn encrypt(req: Request<Body>) -> Result<Response<Body>> {