Feature: websocket api support browser

This commit is contained in:
gVisor bot 2019-09-30 14:13:29 +08:00
parent fe31a84b22
commit b1edb7b5e1

View file

@ -23,7 +23,11 @@ var (
uiPath = "" uiPath = ""
upgrader = websocket.Upgrader{} upgrader = websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool {
return true
},
}
) )
type Traffic struct { type Traffic struct {
@ -84,14 +88,26 @@ func Start(addr string, secret string) {
func authentication(next http.Handler) http.Handler { func authentication(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) { fn := func(w http.ResponseWriter, r *http.Request) {
header := r.Header.Get("Authorization")
text := strings.SplitN(header, " ", 2)
if serverSecret == "" { if serverSecret == "" {
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
return return
} }
// Browser websocket not support custom header
if websocket.IsWebSocketUpgrade(r) && r.URL.Query().Get("token") != "" {
token := r.URL.Query().Get("token")
if token != serverSecret {
render.Status(r, http.StatusUnauthorized)
render.JSON(w, r, ErrUnauthorized)
return
}
next.ServeHTTP(w, r)
return
}
header := r.Header.Get("Authorization")
text := strings.SplitN(header, " ", 2)
hasUnvalidHeader := text[0] != "Bearer" hasUnvalidHeader := text[0] != "Bearer"
hasUnvalidSecret := len(text) == 2 && text[1] != serverSecret hasUnvalidSecret := len(text) == 2 && text[1] != serverSecret
if hasUnvalidHeader || hasUnvalidSecret { if hasUnvalidHeader || hasUnvalidSecret {