Adding support for client auth in authorization header

This commit is contained in:
Fabian Stamm 2019-03-14 17:50:59 +00:00
parent e09c6df9f6
commit ea34da50e4

View File

@ -11,6 +11,17 @@ export function GetClientAuthMiddleware(checksecret = true, internal = false, ch
try { try {
let client_id = req.query.client_id || req.body.client_id; let client_id = req.query.client_id || req.body.client_id;
let client_secret = req.query.client_secret || req.body.client_secret; let client_secret = req.query.client_secret || req.body.client_secret;
if(!client_id && !client_secret && req.query.headers.authorization) {
let header = req.query.headers.authorization;
let [type, val] = header.split(" ");
if(val) {
let str = Buffer.from(val, "base64").toString("utf-8");
let [id, secret] = str.split(":");
client_id = id;
client_secret = secret;
}
}
if (!client_id || (!client_secret && checksecret)) { if (!client_id || (!client_secret && checksecret)) {
throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST); throw new RequestError("No client credentials", HttpStatusCode.BAD_REQUEST);