support URL param to token, but still restrict to APIs

pull/197/head
Unknwon 9 years ago
parent 2ac8e11f46
commit 65e73c4ac6
  1. 44
      modules/auth/auth.go

@ -32,32 +32,34 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
} }
// Check access token. // Check access token.
tokenSHA := ctx.Query("token") if IsAPIPath(ctx.Req.URL.Path) {
if len(tokenSHA) == 0 { tokenSHA := ctx.Query("token")
// Well, check with header again. if len(tokenSHA) == 0 {
auHead := ctx.Req.Header.Get("Authorization") // Well, check with header again.
if len(auHead) > 0 { auHead := ctx.Req.Header.Get("Authorization")
auths := strings.Fields(auHead) if len(auHead) > 0 {
if len(auths) == 2 && auths[0] == "token" { auths := strings.Fields(auHead)
tokenSHA = auths[1] if len(auths) == 2 && auths[0] == "token" {
tokenSHA = auths[1]
}
} }
} }
}
// Let's see if token is valid. // Let's see if token is valid.
if len(tokenSHA) > 0 { if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA) t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil { if err != nil {
if models.IsErrAccessTokenNotExist(err) { if models.IsErrAccessTokenNotExist(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err) log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
} }
return 0 t.Updated = time.Now()
} if err = models.UpdateAccessToekn(t); err != nil {
t.Updated = time.Now() log.Error(4, "UpdateAccessToekn: %v", err)
if err = models.UpdateAccessToekn(t); err != nil { }
log.Error(4, "UpdateAccessToekn: %v", err) return t.UID
} }
return t.UID
} }
uid := sess.Get("uid") uid := sess.Get("uid")

Loading…
Cancel
Save