~edwargix/git.sr.ht: API: swap Authentication header for Authorization

dae2e21d62aa0142dcec21246b38d757e3bc181b — Drew DeVault 5 years ago eb11340

API: swap Authentication header for Authorization

Per OAuth 2 spec

patch browse .tar.gz

1 files changed, 5 insertions(+), 5 deletions(-)

M api/auth/auth.go

M api/auth/auth.go => api/auth/auth.go +5 -5

@@ 69,16 69,16 @@ func Middleware(db *sql.DB) func(http.Handler) http.Handler {
 				return
 			}
 
-			auth := r.Header.Get("Authentication")
+			auth := r.Header.Get("Authorization")
 			if auth == "" {
-				authError(w, `Authentication header is required.
-Expected 'Authentication: Bearer <token>'`, http.StatusForbidden)
+				authError(w, `Authorization header is required.
+Expected 'Authorization: Bearer <token>'`, http.StatusForbidden)
 				return
 			}
 
 			z := strings.SplitN(auth, " ", 2)
 			if len(z) != 2 {
-				authError(w, "Invalid Authentication header", http.StatusBadRequest)
+				authError(w, "Invalid Authorization header", http.StatusBadRequest)
 				return
 			}
 


@@ 95,7 95,7 @@ Expected 'Authentication: Bearer <token>'`, http.StatusForbidden)
 			case "Internal":
 				panic(errors.New("TODO"))
 			default:
-				authError(w, "Invalid Authentication header", http.StatusBadRequest)
+				authError(w, "Invalid Authorization header", http.StatusBadRequest)
 				return
 			}