Merge pull request #232 from resin-io/231-header-auth

WIP: Allow using an HTTP header for auth
2025-03-10 22:44:29 +00:00 · 2016-08-16 18:00:55 -03:00 · 2016-08-16 18:00:55 -03:00 · 016a82586e
commit 016a82586e
parent 439bac6331 1eb63366ee
2 changed files with 8 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,4 @@
+* Allow using an HTTP header for auth [Pablo]
 * Add iptables rules to block requests to the supervisor API from all interfaces except vpn, docker and local [Pablo]

 # v1.13.2
--- a/src/api.coffee
+++ b/src/api.coffee
@ -17,9 +17,15 @@ module.exports = (application) ->
 	parsedRouter.use(bodyParser())

 	api.use (req, res, next) ->
+		queryKey = req.query.apikey
+		header = req.get('Authorization') ? ''
+		match = header.match(/^ApiKey (\w+)$/)
+		headerKey = match?[1]
 		utils.getOrGenerateSecret('api')
 		.then (secret) ->
-			if bufferEq(new Buffer(req.query.apikey), new Buffer(secret))
+			if queryKey? && bufferEq(new Buffer(queryKey), new Buffer(secret))
+				next()
+			else if headerKey? && bufferEq(new Buffer(headerKey), new Buffer(secret))
 				next()
 			else
 				res.sendStatus(401)