Feature: websocket api support browser

2024-11-16 11:42:43 +08:00 · 2019-09-30 14:13:29 +08:00 · 2019-09-30 14:13:29 +08:00 · 50d2e082d5
commit 50d2e082d5
parent c38469330d
1 changed files with 20 additions and 4 deletions
--- a/hub/route/server.go
+++ b/hub/route/server.go
@ -23,7 +23,11 @@ var (

 	uiPath = ""

-	upgrader = websocket.Upgrader{}
+	upgrader = websocket.Upgrader{
+		CheckOrigin: func(r *http.Request) bool {
+			return true
+		},
+	}
 )

 type Traffic struct {
@ -84,14 +88,26 @@ func Start(addr string, secret string) {

 func authentication(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
-		header := r.Header.Get("Authorization")
-		text := strings.SplitN(header, " ", 2)
-
 		if serverSecret == "" {
 			next.ServeHTTP(w, r)
 			return
 		}

+		// Browser websocket not support custom header
+		if websocket.IsWebSocketUpgrade(r) && r.URL.Query().Get("token") != "" {
+			token := r.URL.Query().Get("token")
+			if token != serverSecret {
+				render.Status(r, http.StatusUnauthorized)
+				render.JSON(w, r, ErrUnauthorized)
+				return
+			}
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		header := r.Header.Get("Authorization")
+		text := strings.SplitN(header, " ", 2)
+
 		hasUnvalidHeader := text[0] != "Bearer"
 		hasUnvalidSecret := len(text) == 2 && text[1] != serverSecret
 		if hasUnvalidHeader || hasUnvalidSecret {