support URL param to token, but still restrict to APIs

This commit is contained in:
Unknwon 2015-09-02 02:45:01 -04:00
parent 2ac8e11f46
commit 65e73c4ac6

View file

@ -32,6 +32,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
}
// Check access token.
if IsAPIPath(ctx.Req.URL.Path) {
tokenSHA := ctx.Query("token")
if len(tokenSHA) == 0 {
// Well, check with header again.
@ -59,6 +60,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
}
return t.UID
}
}
uid := sess.Get("uid")
if uid == nil {