MirrorHub/forgejo
0
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-06 10:19:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

support URL param to token, but still restrict to APIs

Browse source
This commit is contained in:
Unknwon 2015-09-02 02:45:01 -04:00
parent 2ac8e11f46
commit 65e73c4ac6
1 changed files with 23 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
modules/auth/auth.go
View file

@ -32,32 +32,34 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
} }
// Check access token. // Check access token.
tokenSHA := ctx.Query("token") if IsAPIPath(ctx.Req.URL.Path) {
if len(tokenSHA) == 0 { tokenSHA := ctx.Query("token")
// Well, check with header again. if len(tokenSHA) == 0 {
auHead := ctx.Req.Header.Get("Authorization") // Well, check with header again.
if len(auHead) > 0 { auHead := ctx.Req.Header.Get("Authorization")
auths := strings.Fields(auHead) if len(auHead) > 0 {
if len(auths) == 2 && auths[0] == "token" { auths := strings.Fields(auHead)
tokenSHA = auths[1] if len(auths) == 2 && auths[0] == "token" {
tokenSHA = auths[1]
}
} }
} }
}
// Let's see if token is valid. // Let's see if token is valid.
if len(tokenSHA) > 0 { if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA) t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil { if err != nil {
if models.IsErrAccessTokenNotExist(err) { if models.IsErrAccessTokenNotExist(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err) log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
} }
return 0 t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
} }
t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
} }
uid := sess.Get("uid") uid := sess.Get("uid")