more

endpoints/authorization.go

@@ -23,15 +23,16 @@ func getAuthorization(c *gin.Context) (AuthorizationScope, string) {
 	if len(headerSpl) != 2 {
 		return AuthorizationScopeNone, ""
 	}
-	if headerSpl[0] == "Bearer" {
-		if storage.CheckLoginToken(headerSpl[1], c.ClientIP()) {
-			return AuthorizationScopeUser, headerSpl[1]
+	prefix := headerSpl[0]
+	token := strings.ToLower(headerSpl[1])
+	if prefix == "Bearer" {
+		if storage.CheckLoginToken(token, c.ClientIP()) {
+			return AuthorizationScopeUser, token
 		}
 	}
-	if headerSpl[0] == "Bot" {
-		// TODO check bot token
-		if true {
-			return AuthorizationScopeBot, headerSpl[1]
+	if prefix == "Bot" {
+		if found, _ := storage.BotTokenFromToken(token); found {
+			return AuthorizationScopeBot, token
 		}
 	}
 	return AuthorizationScopeNone, ""