MCPcopy
hub / github.com/tinode/chat / getHttpAuth

Function getHttpAuth

server/http.go:330–365  ·  view source on GitHub ↗

Extracts authorization credentials from an HTTP request. Returns authentication method and secret.

(req *http.Request)

Source from the content-addressed store, hash-verified

328// Extracts authorization credentials from an HTTP request.
329// Returns authentication method and secret.
330func getHttpAuth(req *http.Request) (method, secret string) {
331 // Check X-Tinode-Auth header.
332 if parts := strings.Split(req.Header.Get("X-Tinode-Auth"), " "); len(parts) == 2 {
333 method, secret = parts[0], parts[1]
334 return
335 }
336
337 // Check canonical Authorization header.
338 if parts := strings.Split(req.Header.Get("Authorization"), " "); len(parts) == 2 {
339 method, secret = parts[0], parts[1]
340 return
341 }
342
343 // Check URL query parameters.
344 if method = req.URL.Query().Get("auth"); method != "" {
345 // Get the auth secret.
346 secret = req.URL.Query().Get("secret")
347 // Convert base64 URL-encoding to standard encoding.
348 secret = strings.NewReplacer("-", "+", "_", "/").Replace(secret)
349 return
350 }
351
352 // Check form values.
353 if method = req.FormValue("auth"); method != "" {
354 return method, req.FormValue("secret")
355 }
356
357 // Check cookies as the last resort.
358 if mcookie, err := req.Cookie("auth"); err == nil {
359 if scookie, err := req.Cookie("secret"); err == nil {
360 method, secret = mcookie.Value, scookie.Value
361 }
362 }
363
364 return
365}
366
367// Obtain IP address of the client.
368func getRemoteAddr(req *http.Request) string {

Callers 2

largeFileServeHTTPFunction · 0.85
largeFileReceiveHTTPFunction · 0.85

Calls 1

GetMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…