From 80057b90718e148dadfc55bc4f885e32f88f43ee Mon Sep 17 00:00:00 2001 From: Kishore Nallan Date: Wed, 28 Mar 2018 19:45:04 +0530 Subject: [PATCH] Rely only on HTTP header for authentication. --- src/api.cpp | 6 ++---- src/http_server.cpp | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/src/api.cpp b/src/api.cpp index e60cf524..2e7e4618 100644 --- a/src/api.cpp +++ b/src/api.cpp @@ -32,11 +32,9 @@ nlohmann::json collection_summary_json(Collection *collection) { bool handle_authentication(const route_path & rpath, const std::string & auth_key) { CollectionManager & collectionManager = CollectionManager::get_instance(); - if(rpath.handler == get_search) { - return collectionManager.auth_key_matches(auth_key) || collectionManager.search_only_auth_key_matches(auth_key); - } - return collectionManager.auth_key_matches(auth_key); + return collectionManager.auth_key_matches(auth_key) || + (rpath.handler == get_search && collectionManager.search_only_auth_key_matches(auth_key)) } void get_collections(http_req & req, http_res & res) { diff --git a/src/http_server.cpp b/src/http_server.cpp index c3376f02..cad4b47b 100644 --- a/src/http_server.cpp +++ b/src/http_server.cpp @@ -440,7 +440,7 @@ void HttpServer::stream_response(void (*handler)(http_req* req, http_res* res, v int HttpServer::send_401_unauthorized(h2o_req_t *req) { h2o_generator_t generator = {NULL, NULL}; std::string res_body = std::string("{\"message\": \"Forbidden - a valid `") + AUTH_HEADER + - "` header or GET parameter must be sent.\"}"; + "` header must be sent.\"}"; h2o_iovec_t body = h2o_strdup(&req->pool, res_body.c_str(), SIZE_MAX); req->res.status = 401; req->res.reason = get_status_reason(req->res.status);