fix check length bug

middleware/auth/optional_auth.go

@@ -1,9 +1,9 @@
 package auth
 
 import (
-	"fmt"
 	"net/http"
 
+	"fmt"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/gin-gonic/gin"
 )
@@ -21,26 +21,23 @@ func OptionalAuth(authKey string) gin.HandlerFunc {
 			tokenFromHeader = "Bearer " + tokenFromCookie
 		}
 
-		if len(tokenFromHeader) < 8 {
-			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
-			return
-		}
+		if len(tokenFromHeader) > 7 {
+			token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {
+				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+					return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+				}
 
-		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {
-			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-			}
+				return []byte(authKey), nil
+			})
 
-			return []byte(authKey), nil
-		})
-
-		if err != nil || !token.Valid {
-			return
-		}
+			if err != nil || !token.Valid {
+				return
+			}
 
-		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
-			if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {
-				ctx.Set(CtxRequestHeaderUserId, int64(uid))
+			if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
+				if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {
+					ctx.Set(CtxRequestHeaderUserId, int64(uid))
+				}
 			}
 		}
 	}