3 const env
= require('gitter-web-env');
4 const logger
= env
.logger
;
6 // eslint-disable-next-line complexity
7 function getAccessToken(req
) {
8 if (req
.headers
&& req
.headers
['authorization']) {
9 var authHeader
= req
.headers
['authorization'];
11 /* Temporary fix - remove 15 May 2014 */
12 /* A bug in the OSX client adds this header each time a refresh is done */
13 if (authHeader
.indexOf('Bearer ') === 0 && authHeader
.indexOf(',') >= 0) {
14 logger
.warn('auth: compensating for incorrect auth header');
15 authHeader
= authHeader
.split(/,/)[0];
18 var parts
= authHeader
.split(' ');
20 if (parts
.length
=== 2) {
21 var scheme
= parts
[0];
23 if (/Bearer/i.test(scheme
)) {
29 if (req
.headers
&& req
.headers
['x-access-token']) {
30 return req
.headers
['x-access-token'];
33 if (req
.body
&& req
.body
['access_token']) {
34 return req
.body
['access_token'];
37 if (req
.query
&& req
.query
['access_token']) {
38 return req
.query
['access_token'];
41 // FIXME Hack for the node-webkit app, we *have* to send the token in the user-agent header.
42 // If in the future node-webkit adds support for custom headers we can remove this.
43 if (req
.headers
&& req
.headers
['user-agent']) {
44 var ua_token
= req
.headers
['user-agent'].match(/Token\/(\w+)/);
45 if (ua_token
) return ua_token
[1];
49 module
.exports
= getAccessToken
;
