feat(auth): use 'Token' as authentication header

cmd/user.go

@@ -33,7 +33,7 @@ func DelUserCacheOnline(username string) {
 		}
 		u = fmt.Sprintf("https://localhost:%d/api/admin/user/del_cache", conf.Conf.Scheme.HttpsPort)
 	}
-	res, err := client.R().SetHeader("Authorization", token).SetQueryParam("username", username).Post(u)
+	res, err := client.R().SetHeader("X-Token", token).SetQueryParam("username", username).Post(u)
 	if err != nil {
 		utils.Log.Warnf("[del_user_cache_online] failed: %+v", err)
 		return

drivers/alist_v3/driver.go

@@ -186,7 +186,7 @@ func (d *AListV3) Put(ctx context.Context, dstDir model.Obj, stream model.FileSt
 	if err != nil {
 		return err
 	}
-	req.Header.Set("Authorization", d.Token)
+	req.Header.Set(d.Addition.AuthHeader, d.Token)
 	req.Header.Set("File-Path", path.Join(dstDir.GetPath(), stream.GetName()))
 	req.Header.Set("Password", d.MetaPassword)
 	if md5 := stream.GetHash().GetHash(utils.MD5); len(md5) > 0 {

drivers/alist_v3/meta.go

@@ -8,6 +8,7 @@ import (
 type Addition struct {
 	driver.RootPath
 	Address         string `json:"url" required:"true"`
+	AuthHeader      string `json:"auth_header" type:"select" options:"Authorization,X-Token" default:"X-Token"`
 	MetaPassword    string `json:"meta_password"`
 	Username        string `json:"username"`
 	Password        string `json:"password"`

drivers/alist_v3/util.go

@@ -34,7 +34,7 @@ func (d *AListV3) login() error {
 func (d *AListV3) request(api, method string, callback base.ReqCallback, retry ...bool) ([]byte, error) {
 	url := d.Address + "/api" + api
 	req := base.RestyClient.R()
-	req.SetHeader("Authorization", d.Token)
+	req.SetHeader(d.Addition.AuthHeader, d.Token)
 	if callback != nil {
 		callback(req)
 	}

server/common/auth.go

@@ -7,6 +7,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/conf"
 	"github.com/alist-org/alist/v3/internal/model"
 	"github.com/golang-jwt/jwt/v4"
+	"github.com/gin-gonic/gin"
 	"github.com/pkg/errors"
 )
 
@@ -64,6 +65,13 @@ func ParseToken(tokenString string) (*UserClaims, error) {
 	return nil, errors.New("couldn't handle this token")
 }
 
+func GetToken(c *gin.Context) string {
+    if token := c.GetHeader("X-Token"); token != "" {
+        return token
+    }
+    return c.GetHeader("Authorization")
+}
+
 func InvalidateToken(tokenString string) error {
 	if tokenString == "" {
 		return nil // don't invalidate empty guest token

server/handles/auth.go

@@ -183,7 +183,8 @@ func Verify2FA(c *gin.Context) {
 }
 
 func LogOut(c *gin.Context) {
-	err := common.InvalidateToken(c.GetHeader("Authorization"))
+	token := common.GetToken(c)
+	err := common.InvalidateToken(token)
 	if err != nil {
 		common.ErrorResp(c, err, 500)
 	} else {

server/middlewares/auth.go

@@ -15,7 +15,7 @@ import (
 // Auth is a middleware that checks if the user is logged in.
 // if token is empty, set user to guest
 func Auth(c *gin.Context) {
-	token := c.GetHeader("Authorization")
+	token := common.GetToken(c)
 	if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
 		admin, err := op.GetAdmin()
 		if err != nil {
@@ -74,7 +74,7 @@ func Auth(c *gin.Context) {
 }
 
 func Authn(c *gin.Context) {
-	token := c.GetHeader("Authorization")
+	token := common.GetToken(c)
 	if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
 		admin, err := op.GetAdmin()
 		if err != nil {