DBT/clawgo
1
0
Fork 0
mirror of https://github.com/YspCoder/clawgo.git synced 2026-05-22 04:47:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Restore token auth for cross-origin access

Browse Source
This commit is contained in:
lpf
2026-03-16 17:34:09 +08:00
parent 2bef01f820
commit 5a6a455f43
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/api/server.go
View File

@@ -484,6 +484,9 @@ func (s *Server) checkAuth(r *http.Request) bool {
if s.isBearerAuthorized(r) { if s.isBearerAuthorized(r) {
return true return true
} }
if r != nil && strings.TrimSpace(r.URL.Query().Get("token")) == strings.TrimSpace(s.token) {
return true
}
if c, err := r.Cookie("clawgo_webui_token"); err == nil && strings.TrimSpace(c.Value) == s.token { if c, err := r.Cookie("clawgo_webui_token"); err == nil && strings.TrimSpace(c.Value) == s.token {
return true return true
} }

4
pkg/api/server_security_test.go
View File

@@ -31,8 +31,8 @@ func TestCheckAuthAllowsBearerAndCookieOnly(t *testing.T) {
} }
queryReq := httptest.NewRequest(http.MethodGet, "/?token=secret-token", nil) queryReq := httptest.NewRequest(http.MethodGet, "/?token=secret-token", nil)
if srv.checkAuth(queryReq) { if !srv.checkAuth(queryReq) {
t.Fatalf("expected query token auth to fail") t.Fatalf("expected query token auth to succeed")
} }
refererReq := httptest.NewRequest(http.MethodGet, "/", nil) refererReq := httptest.NewRequest(http.MethodGet, "/", nil)