From 9625549a5f3bcf382e26b26f81a502cf0c47fc99 Mon Sep 17 00:00:00 2001
From: Peter Stuifzand <peter@stuifzand.eu>
Date: Tue, 3 Jul 2018 22:59:07 +0200
Subject: [PATCH] Indiepaper uses Authorization header for source_id

- Check author for source_id / auth token
---
 cmd/eksterd/micropub.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cmd/eksterd/micropub.go b/cmd/eksterd/micropub.go
index f461469..e6df656 100644
--- a/cmd/eksterd/micropub.go
+++ b/cmd/eksterd/micropub.go
@@ -31,6 +31,11 @@ func (h *micropubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodPost {
 		sourceID := r.URL.Query().Get("source_id")
 
+		authHeader := r.Header.Get("Authorization")
+		if strings.HasPrefix(authHeader, "Bearer ") {
+			sourceID = authHeader[7:]
+		}
+
 		channel, err := redis.String(conn.Do("HGET", "sources", sourceID))
 		if err != nil {
 			http.Error(w, "Unknown source", 400)