support URL param to token, but still restrict to APIs

This commit is contained in:
Unknwon 2015-09-02 02:45:01 -04:00
parent 2ac8e11f46
commit 65e73c4ac6

View File

@ -32,32 +32,34 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
} }
// Check access token. // Check access token.
tokenSHA := ctx.Query("token") if IsAPIPath(ctx.Req.URL.Path) {
if len(tokenSHA) == 0 { tokenSHA := ctx.Query("token")
// Well, check with header again. if len(tokenSHA) == 0 {
auHead := ctx.Req.Header.Get("Authorization") // Well, check with header again.
if len(auHead) > 0 { auHead := ctx.Req.Header.Get("Authorization")
auths := strings.Fields(auHead) if len(auHead) > 0 {
if len(auths) == 2 && auths[0] == "token" { auths := strings.Fields(auHead)
tokenSHA = auths[1] if len(auths) == 2 && auths[0] == "token" {
tokenSHA = auths[1]
}
} }
} }
}
// Let's see if token is valid. // Let's see if token is valid.
if len(tokenSHA) > 0 { if len(tokenSHA) > 0 {
t, err := models.GetAccessTokenBySHA(tokenSHA) t, err := models.GetAccessTokenBySHA(tokenSHA)
if err != nil { if err != nil {
if models.IsErrAccessTokenNotExist(err) { if models.IsErrAccessTokenNotExist(err) {
log.Error(4, "GetAccessTokenBySHA: %v", err) log.Error(4, "GetAccessTokenBySHA: %v", err)
}
return 0
} }
return 0 t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
} }
t.Updated = time.Now()
if err = models.UpdateAccessToekn(t); err != nil {
log.Error(4, "UpdateAccessToekn: %v", err)
}
return t.UID
} }
uid := sess.Get("uid") uid := sess.Get("uid")