Fix bug where auth token is not set from cookie when excluded endpoint (#1360)
Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
parent
8a41d369f2
commit
00cd2448a4
@ -31,11 +31,26 @@ const (
|
||||
)
|
||||
|
||||
func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
loginURL := h.auth.Options().LoginURL
|
||||
// Extract the token from the request
|
||||
var token string
|
||||
if header := req.Header.Get("Authorization"); len(header) > 0 {
|
||||
// Extract the auth token from the request
|
||||
if strings.HasPrefix(header, BearerScheme) {
|
||||
token = header[len(BearerScheme):]
|
||||
}
|
||||
} else {
|
||||
// Get the token out the cookies if not provided in headers
|
||||
if c, err := req.Cookie("micro-token"); err == nil && c != nil {
|
||||
token = strings.TrimPrefix(c.Value, auth.CookieName+"=")
|
||||
req.Header.Set("Authorization", BearerScheme+token)
|
||||
}
|
||||
}
|
||||
|
||||
// Return if the user disabled auth on this endpoint
|
||||
excludes := h.auth.Options().Exclude
|
||||
excludes = append(excludes, DefaultExcludes...)
|
||||
|
||||
loginURL := h.auth.Options().LoginURL
|
||||
if len(loginURL) > 0 {
|
||||
excludes = append(excludes, loginURL)
|
||||
}
|
||||
@ -55,20 +70,6 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
var token string
|
||||
if header := req.Header.Get("Authorization"); len(header) > 0 {
|
||||
// Extract the auth token from the request
|
||||
if strings.HasPrefix(header, BearerScheme) {
|
||||
token = header[len(BearerScheme):]
|
||||
}
|
||||
} else {
|
||||
// Get the token out the cookies if not provided in headers
|
||||
if c, err := req.Cookie("micro-token"); err == nil && c != nil {
|
||||
token = strings.TrimPrefix(c.Value, auth.CookieName+"=")
|
||||
req.Header.Set("Authorization", BearerScheme+token)
|
||||
}
|
||||
}
|
||||
|
||||
// If the token is valid, allow the request
|
||||
if _, err := h.auth.Verify(token); err == nil {
|
||||
h.handler.ServeHTTP(w, req)
|
||||
|
Loading…
x
Reference in New Issue
Block a user