feat: allow not to prepend "bearer " in Authorization

2023-07-15 18:28:55 +08:00 · 2023-07-15 18:28:55 +08:00 · 73ace75920
commit 73ace75920
parent 632fc4c54d
1 changed files with 8 additions and 3 deletions
--- a/internal/web/jwt/middleware.go
+++ b/internal/web/jwt/middleware.go
@ -10,13 +10,18 @@ import (
 func (s *service) Handler(forced bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		claim, status := func() (*model.Claim, e.Status) {
-			const tokenPrefix = "bearer "
 			tokenHeader := c.GetHeader("Authorization")
-			if tokenHeader == "" || !strings.HasPrefix(strings.ToLower(tokenHeader), tokenPrefix) {
+			if tokenHeader == "" {
 				return nil, e.TokenEmpty
 			}

-			token := tokenHeader[len(tokenPrefix):]
+			token := tokenHeader
+			const tokenPrefix = "bearer "
+			if strings.HasPrefix(strings.ToLower(tokenHeader), tokenPrefix) {
+				// don't force "bearer" prefix
+				token = tokenHeader[len(tokenPrefix):]
+			}
+
 			claim, status := s.ParseToken(token)
 			if status != e.Success {
 				return nil, status