infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-14 04:14:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

webmail: rename query string param "token" to "singleUseToken" to be less scary in access logs

Browse Source 
these singleusetokens can be redeemed once. so when you see it in the logs, it
can't be used again. they are short-lived anyway.

this change should help prevent me periodically investigating token handling...
This commit is contained in:
Mechiel Lukkien
2024-08-23 15:08:27 +02:00
parent a977082b89
commit 594182aae5
10 changed files with 35 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webmail/view.go
View File

@ -489,7 +489,8 @@ type ioErr struct {
}
// serveEvents serves an SSE connection. Authentication is done through a query
// string parameter "token", a one-time-use token returned by the Token API call.
// string parameter "singleUseToken", a one-time-use token returned by the Token
// API call.
func serveEvents(ctx context.Context, log mlog.Log, accountPath string, w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" {
http.Error(w, "405 - method not allowed - use get", http.StatusMethodNotAllowed)
@ -504,7 +505,7 @@ func serveEvents(ctx context.Context, log mlog.Log, accountPath string, w http.R
}
q := r.URL.Query()
token := q.Get("token")
token := q.Get("singleUseToken")
if token == "" {
http.Error(w, "400 - bad request - missing credentials", http.StatusBadRequest)
return