wuxu/codeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(web-auth): url-decode token query param for websocket auth

Browse Source
This commit is contained in:
xintaofei
2026-04-18 20:18:58 +08:00
parent ff9fbad50a
commit cf9573c0ce
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src-tauri/src/web/auth.rs
View File

@@ -10,12 +10,23 @@ pub async fn require_token(
next: Next,
token: String,
) -> Response {
// Allow WebSocket upgrade requests to authenticate via query param
// Allow WebSocket upgrade requests to authenticate via query param.
// The token value is URL-encoded by the client, so decode before comparing.
if let Some(query) = request.uri().query() {
if query.contains(&format!("token={}", token)) {
for pair in query.split('&') {
let Some((key, value)) = pair.split_once('=') else {
continue;
};
if key != "token" {
continue;
}
if let Ok(decoded) = urlencoding::decode(value) {
if decoded == token {
return next.run(request).await;
}
}
}
}
// Check Authorization header
if let Some(auth_header) = request.headers().get("authorization") {