compiler/tmpl: support 'Authorization: Token foo'

While 'Authorization: Bearer foo' is more common, it doesn't hurt to also support 'Token' as an auth method name, and it shows up in the wild here and there.
encoredev · Jul 10, 2021 · 09919c0 · 09919c0
1 parent 09c236b
commit 09919c0
Showing 1 changed file with 25 additions and 6 deletions.
diff --git a/compiler/tmpl/main.go.tmpl b/compiler/tmpl/main.go.tmpl
@@ -84,12 +84,31 @@ func __encore_{{.Svc.Name}}_{{.Name}}(w http.ResponseWriter, req *http.Request,
 		token    string
 		authData interface{}
 	)
-	if auth := req.Header.Get("Authorization"); strings.HasPrefix(auth, "Bearer ") {
-		token = auth[len("Bearer "):]
-		uid, authData, err = __encore_validateAuth(req.Context(), token)
-		if err != nil {
-			errs.HTTPError(w, err)
-			return
+	if auth := req.Header.Get("Authorization"); auth != "" {
+	TokenLoop:
+		for _, prefix := range [...]string{"Bearer ", "Token "} {
+			if strings.HasPrefix(auth, prefix) {
+				if t := auth[len(prefix):]; t != "" {
+					token = t
+					break TokenLoop
+				}
+			}
+		}
+		if token != "" {
+			uid, authData, err = __encore_validateAuth(req.Context(), token)
+{{- if requiresAuth .}}
+			if err != nil {
+				errs.HTTPError(w, err)
+				return
+			}
+{{- else}}
+			if errs.Code(err) == errs.Unauthenticated {
+				uid, authData = "", nil
+			} else {
+				errs.HTTPError(w, err)
+				return
+			}
+{{- end}}
 		}
 	}
 {{- if requiresAuth .}}