Fix: API auth bypass
This commit is contained in:
parent
3fc6d55003
commit
2b33bfae6b
1 changed files with 3 additions and 3 deletions
|
@ -110,9 +110,9 @@ func authentication(next http.Handler) http.Handler {
|
||||||
header := r.Header.Get("Authorization")
|
header := r.Header.Get("Authorization")
|
||||||
text := strings.SplitN(header, " ", 2)
|
text := strings.SplitN(header, " ", 2)
|
||||||
|
|
||||||
hasUnvalidHeader := text[0] != "Bearer"
|
hasInvalidHeader := text[0] != "Bearer"
|
||||||
hasUnvalidSecret := len(text) == 2 && text[1] != serverSecret
|
hasInvalidSecret := len(text) != 2 || text[1] != serverSecret
|
||||||
if hasUnvalidHeader || hasUnvalidSecret {
|
if hasInvalidHeader || hasInvalidSecret {
|
||||||
render.Status(r, http.StatusUnauthorized)
|
render.Status(r, http.StatusUnauthorized)
|
||||||
render.JSON(w, r, ErrUnauthorized)
|
render.JSON(w, r, ErrUnauthorized)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in a new issue