Reintroduced checking of bearer token to keep api intact

middleware/middleware.go

@@ -71,7 +71,8 @@ func GetContext(handler http.Handler) http.HandlerFunc {
 	}
 }
 
-// RequireAPIKey ensures that a valid API key or login cookie is set
+// RequireAPIKey ensures that a valid login cookie or API key is set (either 
+// the api_key GET parameter, or a Bearer token)
 func RequireAPIKey(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -83,6 +84,15 @@ func RequireAPIKey(handler http.Handler) http.Handler {
 		}
 		r.ParseForm()
 		ak := r.Form.Get("api_key")
+		// If we can't get the API key, we'll also check for the
+		// Authorization Bearer token
+		if ak == "" {
+			tokens, ok := r.Header["Authorization"]
+			if ok && len(tokens) >= 1 {
+				ak = tokens[0]
+				ak = strings.TrimPrefix(ak, "Bearer ")
+			}
+		}
 		// If we can't get the API key, we'll also check if user is logged in
 		// via the web interface
 		if ak == "" {
@@ -91,7 +101,7 @@ func RequireAPIKey(handler http.Handler) http.Handler {
 			}
 		}
 		if ak == "" {
-			JSONError(w, http.StatusUnauthorized, "Logged out") //API Key not set
+			JSONError(w, http.StatusUnauthorized, "Not logged in") //API Key not set
 			return
 		}
 		u, err := models.GetUserByAPIKey(ak)

package.json

@@ -16,7 +16,7 @@
     "@babel/preset-env": "^7.4.5",
     "babel-loader": "^8.0.6",
     "clean-css": "^4.2.1",
-    "gulp": "^4.0.2",
+    "gulp": "^4.0.0",
     "gulp-babel": "^8.0.0",
     "gulp-clean-css": "^4.0.0",
     "gulp-cli": "^2.2.0",