golang/owncast
1
0
Fork 0
mirror of https://github.com/owncast/owncast.git synced 2025-11-03 04:27:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add OPTIONS preflight support for 3rd party auth.

Browse Source 
- Explicitly add wildcard CORS header within the middleware.
- Accept all OPTIONS preflight requests within the middlware.
- Add success tests for the OPTIONS request.
- Add failure tests for GET requests.
This commit is contained in:
Gabe Kangas
2021-07-28 12:37:41 -07:00
parent 031a848b7a
commit 509c658080
2 changed files with 91 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
router/middleware/auth.go
View File

@ -56,6 +56,12 @@ func accessDenied(w http.ResponseWriter) {
// RequireExternalAPIAccessToken will validate a 3rd party access token.
func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHandlerFunc) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// We should accept 3rd party preflight OPTIONS requests.
if r.Method == "OPTIONS" {
w.WriteHeader(http.StatusOK)
return
}
authHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
token := strings.Join(authHeader, "")
@ -71,6 +77,9 @@ func RequireExternalAPIAccessToken(scope string, handler ExternalAccessTokenHand
return
}
// All valid 3rd party requests should have a wildcard CORS header.
w.Header().Set("Access-Control-Allow-Origin", "*")
handler(*integration, w, r)
if err := user.SetExternalAPIUserAccessTokenAsUsed(token); err != nil {