From 65e73c4ac63b4d8cb5cd1ec6077fa6085e46895c Mon Sep 17 00:00:00 2001 From: Unknwon Date: Wed, 2 Sep 2015 02:45:01 -0400 Subject: [PATCH] support URL param to token, but still restrict to APIs --- modules/auth/auth.go | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 9b6245947..ecae5b06b 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -32,32 +32,34 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { } // Check access token. - tokenSHA := ctx.Query("token") - if len(tokenSHA) == 0 { - // Well, check with header again. - auHead := ctx.Req.Header.Get("Authorization") - if len(auHead) > 0 { - auths := strings.Fields(auHead) - if len(auths) == 2 && auths[0] == "token" { - tokenSHA = auths[1] + if IsAPIPath(ctx.Req.URL.Path) { + tokenSHA := ctx.Query("token") + if len(tokenSHA) == 0 { + // Well, check with header again. + auHead := ctx.Req.Header.Get("Authorization") + if len(auHead) > 0 { + auths := strings.Fields(auHead) + if len(auths) == 2 && auths[0] == "token" { + tokenSHA = auths[1] + } } } - } - // Let's see if token is valid. - if len(tokenSHA) > 0 { - t, err := models.GetAccessTokenBySHA(tokenSHA) - if err != nil { - if models.IsErrAccessTokenNotExist(err) { - log.Error(4, "GetAccessTokenBySHA: %v", err) + // Let's see if token is valid. + if len(tokenSHA) > 0 { + t, err := models.GetAccessTokenBySHA(tokenSHA) + if err != nil { + if models.IsErrAccessTokenNotExist(err) { + log.Error(4, "GetAccessTokenBySHA: %v", err) + } + return 0 } - return 0 - } - t.Updated = time.Now() - if err = models.UpdateAccessToekn(t); err != nil { - log.Error(4, "UpdateAccessToekn: %v", err) + t.Updated = time.Now() + if err = models.UpdateAccessToekn(t); err != nil { + log.Error(4, "UpdateAccessToekn: %v", err) + } + return t.UID } - return t.UID } uid := sess.Get("uid")