diff options
| author | Kagami Sascha Rosylight <saschanaz@outlook.com> | 2023-06-28 06:37:13 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-28 13:37:13 +0900 |
| commit | 1b1f82a2e26ddabd8bdf400760a817acbf290157 (patch) | |
| tree | e4da4f3250988017760edb806858b8a77d33f1c9 /packages/backend/src/server/api/StreamingApiServerService.ts | |
| parent | refactor(backend/test): add `interface UserToken` (#11050) (diff) | |
| download | sharkey-1b1f82a2e26ddabd8bdf400760a817acbf290157.tar.gz sharkey-1b1f82a2e26ddabd8bdf400760a817acbf290157.tar.bz2 sharkey-1b1f82a2e26ddabd8bdf400760a817acbf290157.zip | |
feat(backend): accept OAuth bearer token (#11052)
* feat(backend): accept OAuth bearer token
* refactor
* Update packages/backend/src/server/api/ApiCallService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* Update packages/backend/src/server/api/ApiCallService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
* fix
* kind: permission for account moved error
* also for suspended error
* Update packages/backend/src/server/api/StreamingApiServerService.ts
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
---------
Co-authored-by: Acid Chicken (硫酸鶏) <root@acid-chicken.com>
Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>
Diffstat (limited to 'packages/backend/src/server/api/StreamingApiServerService.ts')
| -rw-r--r-- | packages/backend/src/server/api/StreamingApiServerService.ts | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/packages/backend/src/server/api/StreamingApiServerService.ts b/packages/backend/src/server/api/StreamingApiServerService.ts index 8f2e51d584..4a0342d2b4 100644 --- a/packages/backend/src/server/api/StreamingApiServerService.ts +++ b/packages/backend/src/server/api/StreamingApiServerService.ts @@ -58,11 +58,21 @@ export class StreamingApiServerService { let user: LocalUser | null = null; let app: AccessToken | null = null; + // https://datatracker.ietf.org/doc/html/rfc6750.html#section-2.1 + // Note that the standard WHATWG WebSocket API does not support setting any headers, + // but non-browser apps may still be able to set it. + const token = request.headers.authorization?.startsWith('Bearer ') + ? request.headers.authorization.slice(7) + : q.get('i'); + try { - [user, app] = await this.authenticateService.authenticate(q.get('i')); + [user, app] = await this.authenticateService.authenticate(token); } catch (e) { if (e instanceof AuthenticationError) { - socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n'); + socket.write([ + 'HTTP/1.1 401 Unauthorized', + 'WWW-Authenticate: Bearer realm="Misskey", error="invalid_token", error_description="Failed to authenticate"', + ].join('\r\n') + '\r\n\r\n'); } else { socket.write('HTTP/1.1 500 Internal Server Error\r\n\r\n'); } |