optionalAPIAuth is used for endpoints that accept authenticated requests via Authorization header or cookie, unlike apiAuth. It returns a different err in the case where no Authorization header is present.
(app *App, r *http.Request)
| 266 | // Authorization header or cookie, unlike apiAuth. It returns a different err |
| 267 | // in the case where no Authorization header is present. |
| 268 | func optionalAPIAuth(app *App, r *http.Request) (*User, error) { |
| 269 | // Authorize user from Authorization header |
| 270 | t := r.Header.Get("Authorization") |
| 271 | if t == "" { |
| 272 | return nil, ErrNotLoggedIn |
| 273 | } |
| 274 | u := &User{ID: app.db.GetUserID(t)} |
| 275 | if u.ID == -1 { |
| 276 | return nil, ErrBadAccessToken |
| 277 | } |
| 278 | |
| 279 | return u, nil |
| 280 | } |
| 281 | |
| 282 | func webAuth(app *App, r *http.Request) (*User, error) { |
| 283 | u := getUserSession(app, r) |
no test coverage detected