Merge pull request #3806 from BlackDex/fix-3776

Allow Authorization header for Web Sockets
2025-09-11 19:25:56 +03:00 · 2023-08-31 20:46:07 +02:00
parent f5a19c5f8b aa9bc1f785
commit f579a4154c
2 changed files with 33 additions and 2 deletions
--- a/src/api/notifications.rs
+++ b/src/api/notifications.rs
@@ -20,7 +20,7 @@ use tokio_tungstenite::{
 };

 use crate::{
-    auth::ClientIp,
+    auth::{ClientIp, WsAccessTokenHeader},
    db::{
        models::{Cipher, Folder, Send as DbSend, User},
        DbConn,
@@ -111,11 +111,19 @@ fn websockets_hub<'r>(
    ws: rocket_ws::WebSocket,
    data: WsAccessToken,
    ip: ClientIp,
+    header_token: WsAccessTokenHeader,
 ) -> Result<rocket_ws::Stream!['r], Error> {
    let addr = ip.ip;
    info!("Accepting Rocket WS connection from {addr}");

-    let Some(token) = data.access_token else { err_code!("Invalid claim", 401) };
+    let token = if let Some(token) = data.access_token {
+        token
+    } else if let Some(token) = header_token.access_token {
+        token
+    } else {
+        err_code!("Invalid claim", 401)
+    };
+
    let Ok(claims) = crate::auth::decode_login(&token) else { err_code!("Invalid token", 401) };

    let (mut rx, guard) = {