noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check websocket subprotocol for auth details

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2017-02-20 00:06:45 +00:00
parent 20d4bfadef
commit c3df9d791d
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
web/auth.go
View file

@ -29,6 +29,7 @@ import (
"github.com/abcum/surreal/mem" "github.com/abcum/surreal/mem"
"github.com/abcum/surreal/sql" "github.com/abcum/surreal/sql"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/gorilla/websocket"
) )
func auth() fibre.MiddlewareFunc { func auth() fibre.MiddlewareFunc {
@ -94,6 +95,18 @@ func auth() fibre.MiddlewareFunc {
head := c.Request().Header().Get("Authorization") head := c.Request().Header().Get("Authorization")
// If there is no HTTP Authorization header,
// check if there are websocket subprotocols
// which might contain authn information.
if len(head) == 0 {
for _, val := range websocket.Subprotocols(c.Request().Request) {
if len(val) > 7 && val[0:7] == "bearer-" {
head = "Bearer " + val[7:]
}
}
}
// Check whether the Authorization header // Check whether the Authorization header
// is a Basic Auth header, and if it is then // is a Basic Auth header, and if it is then
// process this as root authentication. // process this as root authentication.