api token 체크 누락 수정

2024-02-21 11:12:25 +09:00
parent 424c8be420
commit 845784d204
2 changed files with 42 additions and 37 deletions
--- a/core/api.go
+++ b/core/api.go
@ -459,11 +459,28 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
 	var userinfo map[string]any
 	var apiTokenObj primitive.ObjectID
 	if !*devflag {
 		apiToken := r.Header.Get("MG-X-API-TOKEN")
 		if len(apiToken) > 0 {
 			if apiToken != mg.maingateConfig.ApiToken {
 				w.WriteHeader(http.StatusUnauthorized)
 				return
 			}
 			obj, err := primitive.ObjectIDFromHex(apiToken)
 			if err != nil {
 				logger.Error(err)
 				w.WriteHeader(http.StatusBadRequest)
 				return
 			}
 			apiTokenObj = obj
 		} else {
 			authheader := r.Header.Get("Authorization")
 			if len(authheader) == 0 {
 				logger.Println("Authorization header is not valid :", authheader)
-			w.WriteHeader(http.StatusBadRequest)
+				w.WriteHeader(http.StatusUnauthorized)
 				return
 			}
@ -489,6 +506,7 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 		}
 	}
 	ptr := atomic.LoadPointer(&mg.admins)
 	adminsptr := (*globalAdmins)(ptr)
@ -502,20 +520,6 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	var apiTokenObj primitive.ObjectID
 	if !*devflag {
 		apiToken := r.Header.Get("MG-X-API-TOKEN")
 		if len(apiToken) > 0 {
 			obj, err := primitive.ObjectIDFromHex(apiToken)
 			if err != nil {
 				logger.Error(err)
 				w.WriteHeader(http.StatusBadRequest)
 				return
 			}
 			apiTokenObj = obj
 		}
 	}
 	logger.Println("api call :", r.URL.Path, r.Method, r.URL.Query(), userinfo)
 	caller := apiCaller{
 		userinfo:     userinfo,
--- a/core/maingate.go
+++ b/core/maingate.go
@ -123,6 +123,7 @@ func makeAuthCollection(mongoClient gocommon.MongoClient, sessionTTL time.Durati
 type maingateConfig struct {
 	Mongo                          string `json:"maingate_mongodb_url"`
 	SessionTTL                     int64  `json:"maingate_session_ttl"`
 	ApiToken                       string `json:"maingate_api_token"`
 	Autologin_ttl                  int64  `json:"autologin_ttl"`
 	AccDelTTL                      int64  `json:"acc_del_ttl"`
 	MaximumNumLinkAccount          int64  `json:"maximum_num_link_account"`