getSessionKeyFromAuth reads and returns a session key from the Authorization header
(r *http.Request)
| 127 | |
| 128 | // getSessionKeyFromAuth reads and returns a session key from the Authorization header |
| 129 | func getSessionKeyFromAuth(r *http.Request) (string, error) { |
| 130 | h := r.Header.Get("Authorization") |
| 131 | if h == "" { |
| 132 | return "", nil |
| 133 | } |
| 134 | |
| 135 | payload, err := parseAuthHeader(h) |
| 136 | if err != nil { |
| 137 | return "", errors.Wrap(err, "parsing the authorization header") |
| 138 | } |
| 139 | if payload.scheme != "Bearer" { |
| 140 | return "", errors.New("unsupported scheme") |
| 141 | } |
| 142 | |
| 143 | return payload.credential, nil |
| 144 | } |
| 145 | |
| 146 | // GetCredential extracts a session key from the request from the request header. Concretely, |
| 147 | // it first looks at the 'Cookie' and then the 'Authorization' header. If no credential is found, |