go/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-02-07 11:36:25 +02:00
Code Releases Activity

Use Authorization header for secret

Browse Source
This commit is contained in:
DarthSim 2017-07-03 15:36:37 +06:00
parent dafbcaac7a
commit 1ba9360599
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server.go
View File

@ -126,7 +126,10 @@ func repondWithForbidden(rw http.ResponseWriter) {
}
func checkSecret(s string) bool {
return len(conf.Secret) == 0 || subtle.ConstantTimeCompare([]byte(s), []byte(conf.Secret)) == 1
if len(conf.Secret) == 0 {
return true
}
return strings.HasPrefix(s, "Bearer ") && subtle.ConstantTimeCompare([]byte(strings.TrimPrefix(s, "Bearer ")), []byte(conf.Secret)) == 1
}
func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
@ -134,7 +137,7 @@ func (h httpHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
t := time.Now()
if !checkSecret(r.Header.Get("X-Imgproxy-Secret")) {
if !checkSecret(r.Header.Get("Authorization")) {
repondWithForbidden(rw)
return
}