Authorization must provide JWT word for defining type auth

supanadit · Jul 11, 2020 · 52ebfd6 · 52ebfd6
1 parent a282239
commit 52ebfd6
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/web_framework.go b/web_framework.go
@@ -10,7 +10,11 @@ func GetJWTFromHeader(header string) (token string, err error) {
 	if header != "" {
 		splitAuthorization := strings.Split(header, " ")
 		if len(splitAuthorization) != 0 && len(splitAuthorization) == 2 {
-			token = splitAuthorization[1]
+			if splitAuthorization[0] != "JWT" {
+				err = errors.New("unknown authorization type")
+			} else {
+				token = splitAuthorization[1]
+			}
 		} else {
 			err = errors.New("invalid authorization header")
 		}