From c3df9d791dca4d68cfba838a4c989c04dda6e18f Mon Sep 17 00:00:00 2001
From: Tobie Morgan Hitchcock <tobie@abcum.com>
Date: Mon, 20 Feb 2017 00:06:45 +0000
Subject: [PATCH] Check websocket subprotocol for auth details

---
 web/auth.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/web/auth.go b/web/auth.go
index f142c268..b12111c4 100644
--- a/web/auth.go
+++ b/web/auth.go
@@ -29,6 +29,7 @@ import (
 	"github.com/abcum/surreal/mem"
 	"github.com/abcum/surreal/sql"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/gorilla/websocket"
 )
 
 func auth() fibre.MiddlewareFunc {
@@ -94,6 +95,18 @@ func auth() fibre.MiddlewareFunc {
 
 			head := c.Request().Header().Get("Authorization")
 
+			// If there is no HTTP Authorization header,
+			// check if there are websocket subprotocols
+			// which might contain authn information.
+
+			if len(head) == 0 {
+				for _, val := range websocket.Subprotocols(c.Request().Request) {
+					if len(val) > 7 && val[0:7] == "bearer-" {
+						head = "Bearer " + val[7:]
+					}
+				}
+			}
+
 			// Check whether the Authorization header
 			// is a Basic Auth header, and if it is then
 			// process this as root authentication.