diff --git a/web/fup/fuphttp/auth.go b/web/fup/fuphttp/auth.go index 14a1494408..9a79b8f495 100644 --- a/web/fup/fuphttp/auth.go +++ b/web/fup/fuphttp/auth.go @@ -8,6 +8,18 @@ import ( "github.com/gorilla/mux" ) +func tokenFromRequest(r *http.Request) (token string, ok bool) { + // Check for a Fup-Token header. + v := r.Header.Get("Fup-Token") + if v != "" { + return v, true + } + + // Check for basic auth. + _, v, ok = r.BasicAuth() + return v, ok +} + func TokenAuthMiddleware(token, realm string) mux.MiddlewareFunc { return func(next http.Handler) http.Handler { if token == "" { @@ -28,8 +40,7 @@ func TokenAuthMiddleware(token, realm string) mux.MiddlewareFunc { http.Error(rw, s, http.StatusUnauthorized) } - // Check for basic auth, first. - _, pw, ok := r.BasicAuth() + pw, ok := tokenFromRequest(r) switch { case !ok: requestAuth("unparsable or no credentials") diff --git a/web/fup/fuphttp/auth_test.go b/web/fup/fuphttp/auth_test.go index a702f43c6f..811362b5d7 100644 --- a/web/fup/fuphttp/auth_test.go +++ b/web/fup/fuphttp/auth_test.go @@ -25,11 +25,12 @@ func TestTokenAuthMiddleware(t *testing.T) { t.Cleanup(s.Close) tcs := []struct { - name string - path string - username, password string - wantStatus int - wantText string + name string + path string + password string + headerToken string + wantStatus int + wantText string }{{ name: "root, no creds", path: "/", @@ -46,6 +47,11 @@ func TestTokenAuthMiddleware(t *testing.T) { path: "/", password: "token", wantStatus: http.StatusOK, + }, { + name: "root, with good creds as header", + path: "/", + headerToken: "token", + wantStatus: http.StatusOK, }, { name: "raw", path: "/raw/foo.txt", @@ -89,6 +95,9 @@ func TestTokenAuthMiddleware(t *testing.T) { if tc.password != "" { req.SetBasicAuth("", tc.password) } + if tc.headerToken != "" { + req.Header.Set("Fup-Token", tc.headerToken) + } resp, err := s.Client().Do(req) if err != nil {