diff --git a/cmd/user.go b/cmd/user.go index 72cee5fa7ae3..cc34dde71dcb 100644 --- a/cmd/user.go +++ b/cmd/user.go @@ -33,7 +33,7 @@ func DelUserCacheOnline(username string) { } u = fmt.Sprintf("https://localhost:%d/api/admin/user/del_cache", conf.Conf.Scheme.HttpsPort) } - res, err := client.R().SetHeader("Authorization", token).SetQueryParam("username", username).Post(u) + res, err := client.R().SetHeader("X-Token", token).SetQueryParam("username", username).Post(u) if err != nil { utils.Log.Warnf("[del_user_cache_online] failed: %+v", err) return diff --git a/drivers/alist_v3/driver.go b/drivers/alist_v3/driver.go index 894bac646070..a3c55fe6c76f 100644 --- a/drivers/alist_v3/driver.go +++ b/drivers/alist_v3/driver.go @@ -186,7 +186,7 @@ func (d *AListV3) Put(ctx context.Context, dstDir model.Obj, stream model.FileSt if err != nil { return err } - req.Header.Set("Authorization", d.Token) + req.Header.Set(d.Addition.AuthHeader, d.Token) req.Header.Set("File-Path", path.Join(dstDir.GetPath(), stream.GetName())) req.Header.Set("Password", d.MetaPassword) if md5 := stream.GetHash().GetHash(utils.MD5); len(md5) > 0 { diff --git a/drivers/alist_v3/meta.go b/drivers/alist_v3/meta.go index cc5f21893955..56252b89f449 100644 --- a/drivers/alist_v3/meta.go +++ b/drivers/alist_v3/meta.go @@ -8,6 +8,7 @@ import ( type Addition struct { driver.RootPath Address string `json:"url" required:"true"` + AuthHeader string `json:"auth_header" type:"select" options:"Authorization,X-Token" default:"X-Token"` MetaPassword string `json:"meta_password"` Username string `json:"username"` Password string `json:"password"` diff --git a/drivers/alist_v3/util.go b/drivers/alist_v3/util.go index 5ede285af5b9..620219a5cde0 100644 --- a/drivers/alist_v3/util.go +++ b/drivers/alist_v3/util.go @@ -34,7 +34,7 @@ func (d *AListV3) login() error { func (d *AListV3) request(api, method string, callback base.ReqCallback, retry ...bool) ([]byte, error) { url := d.Address + "/api" + api req := base.RestyClient.R() - req.SetHeader("Authorization", d.Token) + req.SetHeader(d.Addition.AuthHeader, d.Token) if callback != nil { callback(req) } diff --git a/server/common/auth.go b/server/common/auth.go index 0de718cf9e8a..96e3205cc3fa 100644 --- a/server/common/auth.go +++ b/server/common/auth.go @@ -7,6 +7,7 @@ import ( "github.com/alist-org/alist/v3/internal/conf" "github.com/alist-org/alist/v3/internal/model" "github.com/golang-jwt/jwt/v4" + "github.com/gin-gonic/gin" "github.com/pkg/errors" ) @@ -64,6 +65,13 @@ func ParseToken(tokenString string) (*UserClaims, error) { return nil, errors.New("couldn't handle this token") } +func GetToken(c *gin.Context) string { + if token := c.GetHeader("X-Token"); token != "" { + return token + } + return c.GetHeader("Authorization") +} + func InvalidateToken(tokenString string) error { if tokenString == "" { return nil // don't invalidate empty guest token diff --git a/server/handles/auth.go b/server/handles/auth.go index e1f512c4dc15..770a1824d41b 100644 --- a/server/handles/auth.go +++ b/server/handles/auth.go @@ -183,7 +183,8 @@ func Verify2FA(c *gin.Context) { } func LogOut(c *gin.Context) { - err := common.InvalidateToken(c.GetHeader("Authorization")) + token := common.GetToken(c) + err := common.InvalidateToken(token) if err != nil { common.ErrorResp(c, err, 500) } else { diff --git a/server/middlewares/auth.go b/server/middlewares/auth.go index d65d1ad648a2..2336d945a7f5 100644 --- a/server/middlewares/auth.go +++ b/server/middlewares/auth.go @@ -15,7 +15,7 @@ import ( // Auth is a middleware that checks if the user is logged in. // if token is empty, set user to guest func Auth(c *gin.Context) { - token := c.GetHeader("Authorization") + token := common.GetToken(c) if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 { admin, err := op.GetAdmin() if err != nil { @@ -74,7 +74,7 @@ func Auth(c *gin.Context) { } func Authn(c *gin.Context) { - token := c.GetHeader("Authorization") + token := common.GetToken(c) if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 { admin, err := op.GetAdmin() if err != nil {