support URL param to token, but still restrict to APIs

2015-09-02 02:45:01 -04:00 · 2015-09-02 02:45:01 -04:00 · 65e73c4ac6
parent 2ac8e11f46
commit 65e73c4ac6
1 changed files with 23 additions and 21 deletions
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@ -32,6 +32,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 	}

 	// Check access token.
+	if IsAPIPath(ctx.Req.URL.Path) {
 		tokenSHA := ctx.Query("token")
 		if len(tokenSHA) == 0 {
 			// Well, check with header again.
@ -59,6 +60,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 			}
 			return t.UID
 		}
+	}

 	uid := sess.Get("uid")
 	if uid == nil {