diff options
author | Unknwon <u@gogs.io> | 2015-09-02 02:45:01 -0400 |
---|---|---|
committer | Unknwon <u@gogs.io> | 2015-09-02 02:45:01 -0400 |
commit | 65e73c4ac63b4d8cb5cd1ec6077fa6085e46895c (patch) | |
tree | 1760c5f36ed9883360ad0f4d154eaabbb26fbef4 | |
parent | 2ac8e11f466f838ff34314c5e4e2785ebe2d036d (diff) | |
download | gitea-65e73c4ac63b4d8cb5cd1ec6077fa6085e46895c.tar.gz gitea-65e73c4ac63b4d8cb5cd1ec6077fa6085e46895c.zip |
support URL param to token, but still restrict to APIs
-rw-r--r-- | modules/auth/auth.go | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go index 9b62459479..ecae5b06b0 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -32,32 +32,34 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { } // Check access token. - tokenSHA := ctx.Query("token") - if len(tokenSHA) == 0 { - // Well, check with header again. - auHead := ctx.Req.Header.Get("Authorization") - if len(auHead) > 0 { - auths := strings.Fields(auHead) - if len(auths) == 2 && auths[0] == "token" { - tokenSHA = auths[1] + if IsAPIPath(ctx.Req.URL.Path) { + tokenSHA := ctx.Query("token") + if len(tokenSHA) == 0 { + // Well, check with header again. + auHead := ctx.Req.Header.Get("Authorization") + if len(auHead) > 0 { + auths := strings.Fields(auHead) + if len(auths) == 2 && auths[0] == "token" { + tokenSHA = auths[1] + } } } - } - // Let's see if token is valid. - if len(tokenSHA) > 0 { - t, err := models.GetAccessTokenBySHA(tokenSHA) - if err != nil { - if models.IsErrAccessTokenNotExist(err) { - log.Error(4, "GetAccessTokenBySHA: %v", err) + // Let's see if token is valid. + if len(tokenSHA) > 0 { + t, err := models.GetAccessTokenBySHA(tokenSHA) + if err != nil { + if models.IsErrAccessTokenNotExist(err) { + log.Error(4, "GetAccessTokenBySHA: %v", err) + } + return 0 } - return 0 - } - t.Updated = time.Now() - if err = models.UpdateAccessToekn(t); err != nil { - log.Error(4, "UpdateAccessToekn: %v", err) + t.Updated = time.Now() + if err = models.UpdateAccessToekn(t); err != nil { + log.Error(4, "UpdateAccessToekn: %v", err) + } + return t.UID } - return t.UID } uid := sess.Get("uid") |