diff --git a/assets/src/components/Preview.vue b/assets/src/components/Preview.vue index 0257f488..95996ea3 100644 --- a/assets/src/components/Preview.vue +++ b/assets/src/components/Preview.vue @@ -49,12 +49,11 @@ export default { download: function () { let url = `${this.$store.state.baseURL}/api/download` url += this.req.url.slice(6) - url += `?token=${this.$store.state.jwt}` return url }, raw: function () { - return `${this.download()}&inline=true` + return `${this.download()}?&inline=true` }, back: function (event) { let uri = url.removeLastDir(this.$route.path) + '/' diff --git a/assets/src/utils/api.js b/assets/src/utils/api.js index b16d30f8..60d3f518 100644 --- a/assets/src/utils/api.js +++ b/assets/src/utils/api.js @@ -145,7 +145,7 @@ function checksum (url, algo) { function command (url, command, onmessage, onclose) { let protocol = (ssl ? 'wss:' : 'ws:') url = removePrefix(url) - url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/command${url}?token=${store.state.jwt}` + url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/command${url}` let conn = new window.WebSocket(url) conn.onopen = () => conn.send(command) @@ -156,7 +156,7 @@ function command (url, command, onmessage, onclose) { function search (url, search, onmessage, onclose) { let protocol = (ssl ? 'wss:' : 'ws:') url = removePrefix(url) - url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/search${url}?token=${store.state.jwt}` + url = `${protocol}//${window.location.hostname}${store.state.baseURL}/api/search${url}` let conn = new window.WebSocket(url) conn.onopen = () => conn.send(search) @@ -181,8 +181,6 @@ function download (format, ...files) { url += `/?files=${arg}&` } - url += `token=${store.state.jwt}` - if (format !== null) { url += `&format=${format}` } diff --git a/auth.go b/auth.go index 6124cdcd..b31fa63e 100644 --- a/auth.go +++ b/auth.go @@ -96,12 +96,12 @@ func (e extractor) ExtractToken(r *http.Request) (string, error) { return token, nil } - token, _ = request.ArgumentExtractor{"token"}.ExtractToken(r) - if token != "" { - return token, nil + cookie, err := r.Cookie("auth") + if err != nil { + return "", request.ErrNoTokenInRequest } - return "", request.ErrNoTokenInRequest + return cookie.Value, nil } // validateAuth is used to validate the authentication and returns the