(app *App, r *http.Request)
| 249 | } |
| 250 | |
| 251 | func apiAuth(app *App, r *http.Request) (*User, error) { |
| 252 | // Authorize user from Authorization header |
| 253 | t := r.Header.Get("Authorization") |
| 254 | if t == "" { |
| 255 | return nil, ErrNoAccessToken |
| 256 | } |
| 257 | u := &User{ID: app.db.GetUserID(t)} |
| 258 | if u.ID == -1 { |
| 259 | return nil, ErrBadAccessToken |
| 260 | } |
| 261 | |
| 262 | return u, nil |
| 263 | } |
| 264 | |
| 265 | // optionalAPIAuth is used for endpoints that accept authenticated requests via |
| 266 | // Authorization header or cookie, unlike apiAuth. It returns a different err |