Check websocket subprotocol for auth details
This commit is contained in:
Tobie Morgan Hitchcock
parent
20d4bfadef
commit
c3df9d791d
1 changed files with 13 additions and 0 deletions
13
web/auth.go
13
web/auth.go
|
|
@ -29,6 +29,7 @@ import (
|
|||
"github.com/abcum/surreal/mem"
|
||||
"github.com/abcum/surreal/sql"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/gorilla/websocket"
|
||||
)
|
||||
|
||||
func auth() fibre.MiddlewareFunc {
|
||||
|
|
@ -94,6 +95,18 @@ func auth() fibre.MiddlewareFunc {
|
|||
|
||||
head := c.Request().Header().Get("Authorization")
|
||||
|
||||
// If there is no HTTP Authorization header,
|
||||
// check if there are websocket subprotocols
|
||||
// which might contain authn information.
|
||||
|
||||
if len(head) == 0 {
|
||||
for _, val := range websocket.Subprotocols(c.Request().Request) {
|
||||
if len(val) > 7 && val[0:7] == "bearer-" {
|
||||
head = "Bearer " + val[7:]
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Check whether the Authorization header
|
||||
// is a Basic Auth header, and if it is then
|
||||
// process this as root authentication.
|
||||
|
|
|
|||
Loading…
Reference in a new issue