Switch from access_token in URL to token in header

2020-10-01 12:09:39 +03:00 · 2020-10-01 12:09:39 +03:00 · ee30ee9640
parent 7dd5e2a05b
commit ee30ee9640
3 changed files with 23 additions and 9 deletions
--- a/client.go
+++ b/client.go
@ -53,13 +53,13 @@ func (e HTTPError) Error() string {
 	return fmt.Sprintf("contents=%v msg=%s code=%d wrapped=%s", e.Contents, e.Message, e.Code, wrappedErrMsg)
 }

-// BuildURL builds a URL with the Client's homserver/prefix/access_token set already.
+// BuildURL builds a URL with the Client's homeserver/prefix set already.
 func (cli *Client) BuildURL(urlPath ...string) string {
 	ps := append([]string{cli.Prefix}, urlPath...)
 	return cli.BuildBaseURL(ps...)
 }

-// BuildBaseURL builds a URL with the Client's homeserver/access_token set already. You must
+// BuildBaseURL builds a URL with the Client's homeserver set already. You must
 // supply the prefix in the path.
 func (cli *Client) BuildBaseURL(urlPath ...string) string {
 	// copy the URL. Purposefully ignore error as the input is from a valid URL already
@ -72,9 +72,6 @@ func (cli *Client) BuildBaseURL(urlPath ...string) string {
 		hsURL.Path = hsURL.Path + "/"
 	}
 	query := hsURL.Query()
-	if cli.AccessToken != "" {
-		query.Set("access_token", cli.AccessToken)
-	}
 	if cli.AppServiceUserID != "" {
 		query.Set("user_id", cli.AppServiceUserID)
 	}
@ -82,7 +79,7 @@ func (cli *Client) BuildBaseURL(urlPath ...string) string {
 	return hsURL.String()
 }

-// BuildURLWithQuery builds a URL with query parameters in addition to the Client's homeserver/prefix/access_token set already.
+// BuildURLWithQuery builds a URL with query parameters in addition to the Client's homeserver/prefix set already.
 func (cli *Client) BuildURLWithQuery(urlPath []string, urlQuery map[string]string) string {
 	u, _ := url.Parse(cli.BuildURL(urlPath...))
 	q := u.Query()
@ -203,7 +200,13 @@ func (cli *Client) MakeRequest(method string, httpURL string, reqBody interface{
 	if err != nil {
 		return err
 	}
+
 	req.Header.Set("Content-Type", "application/json")
+
+	if cli.AccessToken != "" {
+		req.Header.Set("Authorization", "Bearer "+cli.AccessToken)
+	}
+
 	res, err := cli.Client.Do(req)
 	if res != nil {
 		defer res.Body.Close()
@ -687,15 +690,21 @@ func (cli *Client) UploadToContentRepo(content io.Reader, contentType string, co
 	if err != nil {
 		return nil, err
 	}
+
 	req.Header.Set("Content-Type", contentType)
+	req.Header.Set("Authorization", "Bearer "+cli.AccessToken)
+
 	req.ContentLength = contentLength
+
 	res, err := cli.Client.Do(req)
 	if res != nil {
 		defer res.Body.Close()
 	}
+
 	if err != nil {
 		return nil, err
 	}
+
 	if res.StatusCode != 200 {
 		contents, err := ioutil.ReadAll(res.Body)
 		if err != nil {
@ -710,10 +719,12 @@ func (cli *Client) UploadToContentRepo(content io.Reader, contentType string, co
 			Code:     res.StatusCode,
 		}
 	}
+
 	var m RespMediaUpload
 	if err := json.NewDecoder(res.Body).Decode(&m); err != nil {
 		return nil, err
 	}
+
 	return &m, nil
 }

--- a/client_examples_test.go
+++ b/client_examples_test.go
@ -55,7 +55,7 @@ func ExampleClient_BuildURLWithQuery() {
 		"filter_id": "5",
 	})
 	fmt.Println(out)
-	// Output: https://matrix.org/_matrix/client/r0/sync?access_token=abcdef123456&filter_id=5
+	// Output: https://matrix.org/_matrix/client/r0/sync?filter_id=5
 }

 func ExampleClient_BuildURL() {
@ -63,7 +63,7 @@ func ExampleClient_BuildURL() {
 	cli, _ := NewClient("https://matrix.org", userID, "abcdef123456")
 	out := cli.BuildURL("user", userID, "filter")
 	fmt.Println(out)
-	// Output: https://matrix.org/_matrix/client/r0/user/@example:matrix.org/filter?access_token=abcdef123456
+	// Output: https://matrix.org/_matrix/client/r0/user/@example:matrix.org/filter
 }

 func ExampleClient_BuildBaseURL() {
@ -71,7 +71,7 @@ func ExampleClient_BuildBaseURL() {
 	cli, _ := NewClient("https://matrix.org", userID, "abcdef123456")
 	out := cli.BuildBaseURL("_matrix", "client", "r0", "directory", "room", "#matrix:matrix.org")
 	fmt.Println(out)
-	// Output: https://matrix.org/_matrix/client/r0/directory/room/%23matrix:matrix.org?access_token=abcdef123456
+	// Output: https://matrix.org/_matrix/client/r0/directory/room/%23matrix:matrix.org
 }

 // Retrieve the content of a m.room.name state event.
--- a/client_test.go
+++ b/client_test.go
@ -150,5 +150,8 @@ type MockRoundTripper struct {
 }

 func (t MockRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	if req.Header.Get("Authorization") == "" {
+		panic("no auth")
+	}
 	return t.RT(req)
 }