postgres/typesense
1
0
Fork 0
mirror of https://github.com/typesense/typesense.git synced 2025-05-20 21:52:23 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Rely only on HTTP header for authentication.

Browse Source
This commit is contained in:
Kishore Nallan 2018-03-28 19:45:04 +05:30
parent 97904b0cfa
commit 80057b9071
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/api.cpp
View File

@ -32,11 +32,9 @@ nlohmann::json collection_summary_json(Collection *collection) {
bool handle_authentication(const route_path & rpath, const std::string & auth_key) {
CollectionManager & collectionManager = CollectionManager::get_instance();
if(rpath.handler == get_search) {
return collectionManager.auth_key_matches(auth_key) || collectionManager.search_only_auth_key_matches(auth_key);
}
return collectionManager.auth_key_matches(auth_key);
return collectionManager.auth_key_matches(auth_key) ||
(rpath.handler == get_search && collectionManager.search_only_auth_key_matches(auth_key))
}
void get_collections(http_req & req, http_res & res) {

2
src/http_server.cpp
View File

@ -440,7 +440,7 @@ void HttpServer::stream_response(void (*handler)(http_req* req, http_res* res, v
int HttpServer::send_401_unauthorized(h2o_req_t *req) {
h2o_generator_t generator = {NULL, NULL};
std::string res_body = std::string("{\"message\": \"Forbidden - a valid `") + AUTH_HEADER +
"` header or GET parameter must be sent.\"}";
"` header must be sent.\"}";
h2o_iovec_t body = h2o_strdup(&req->pool, res_body.c_str(), SIZE_MAX);
req->res.status = 401;
req->res.reason = get_status_reason(req->res.status);