Compare commits

...

2 Commits

Author SHA1 Message Date
2e83a023f5 Import strings package 2018-07-03 23:01:39 +02:00
9625549a5f Indiepaper uses Authorization header for source_id
- Check author for source_id / auth token
2018-07-03 22:59:07 +02:00

View File

@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"strings"
"github.com/garyburd/redigo/redis" "github.com/garyburd/redigo/redis"
"github.com/pstuifzand/ekster/microsub" "github.com/pstuifzand/ekster/microsub"
@ -31,6 +32,11 @@ func (h *micropubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
sourceID := r.URL.Query().Get("source_id") sourceID := r.URL.Query().Get("source_id")
authHeader := r.Header.Get("Authorization")
if strings.HasPrefix(authHeader, "Bearer ") {
sourceID = authHeader[7:]
}
channel, err := redis.String(conn.Do("HGET", "sources", sourceID)) channel, err := redis.String(conn.Do("HGET", "sources", sourceID))
if err != nil { if err != nil {
http.Error(w, "Unknown source", 400) http.Error(w, "Unknown source", 400)