Indiepaper uses Authorization header for source_id

- Check author for source_id / auth token
This commit is contained in:
Peter Stuifzand 2018-07-03 22:59:07 +02:00
parent b34604607d
commit 9625549a5f

View File

@ -31,6 +31,11 @@ func (h *micropubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
sourceID := r.URL.Query().Get("source_id") sourceID := r.URL.Query().Get("source_id")
authHeader := r.Header.Get("Authorization")
if strings.HasPrefix(authHeader, "Bearer ") {
sourceID = authHeader[7:]
}
channel, err := redis.String(conn.Do("HGET", "sources", sourceID)) channel, err := redis.String(conn.Do("HGET", "sources", sourceID))
if err != nil { if err != nil {
http.Error(w, "Unknown source", 400) http.Error(w, "Unknown source", 400)