From 4487f8c42eadc85ba355530d26b41333f4f53f3f Mon Sep 17 00:00:00 2001
From: Henrique Dias <hacdias@gmail.com>
Date: Wed, 19 Jul 2017 08:28:01 +0100
Subject: [PATCH] Trying to fix 403 on many requests #143

Former-commit-id: 372cd53a6822a5e308b1db41593d1285f4c4ea22 [formerly 32161936b6b381a5c945ac404005f00cbc947499] [formerly 9572d67b6ead3d407f5899dcb46c2c7527fea437 [formerly d48867f603d3c2a7dccbf32c95ca498403ef710d]]
Former-commit-id: 411c250031965f3e66c8acb341871800c120e637 [formerly 7801398085d8d8ed0e306e4fea63b94f6729b541]
Former-commit-id: fe0c0ad2201510b10cb0ac724a3066ee4378fd67
---
 assets/src/components/Preview.vue | 3 +--
 assets/src/utils/api.js           | 6 ++----
 auth.go                           | 8 ++++----
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/assets/src/components/Preview.vue b/assets/src/components/Preview.vue
index 0257f488..95996ea3 100644
--- a/assets/src/components/Preview.vue
+++ b/assets/src/components/Preview.vue
@@ -49,12 +49,11 @@ export default {
     download: function () {
       let url = `${this.$store.state.baseURL}/api/download`
       url += this.req.url.slice(6)
-      url += `?token=${this.$store.state.jwt}`
 
       return url
     },
     raw: function () {
-      return `${this.download()}&inline=true`
+      return `${this.download()}?&inline=true`
     },
     back: function (event) {
       let uri = url.removeLastDir(this.$route.path) + '/'
diff --git a/assets/src/utils/api.js b/assets/src/utils/api.js
index b16d30f8..60d3f518 100644
--- a/assets/src/utils/api.js
+++ b/assets/src/utils/api.js
@@ -145,7 +145,7 @@ function checksum (url, algo) {
 function command (url, command, onmessage, onclose) {
   let protocol = (ssl ? 'wss:' : 'ws:')
   url = removePrefix(url)
-  url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/command${url}?token=${store.state.jwt}`
+  url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/command${url}`
 
   let conn = new window.WebSocket(url)
   conn.onopen = () => conn.send(command)
@@ -156,7 +156,7 @@ function command (url, command, onmessage, onclose) {
 function search (url, search, onmessage, onclose) {
   let protocol = (ssl ? 'wss:' : 'ws:')
   url = removePrefix(url)
-  url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/search${url}?token=${store.state.jwt}`
+  url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/search${url}`
 
   let conn = new window.WebSocket(url)
   conn.onopen = () => conn.send(search)
@@ -181,8 +181,6 @@ function download (format, ...files) {
     url += `/?files=${arg}&`
   }
 
-  url += `token=${store.state.jwt}`
-
   if (format !== null) {
     url += `&format=${format}`
   }
diff --git a/auth.go b/auth.go
index 6124cdcd..b31fa63e 100644
--- a/auth.go
+++ b/auth.go
@@ -96,12 +96,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) {
 		return token, nil
 	}
 
-	token, _ = request.ArgumentExtractor{"token"}.ExtractToken(r)
-	if token != "" {
-		return token, nil
+	cookie, err := r.Cookie("auth")
+	if err != nil {
+		return "", request.ErrNoTokenInRequest
 	}
 
-	return "", request.ErrNoTokenInRequest
+	return cookie.Value, nil
 }
 
 // validateAuth is used to validate the authentication and returns the