From 2bfefbe885e8596d88f63f0321ec019fda1d9690 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yingyi=20/=20=E9=A2=96=E9=80=B8?=
 <49649786+Zuoqiu-Yingyi@users.noreply.github.com>
Date: Tue, 29 Aug 2023 16:16:33 +0800
Subject: [PATCH] :art: Authentication supports query parameters `token`
 (#9069)

---
 kernel/model/session.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/kernel/model/session.go b/kernel/model/session.go
index 4a5ebc65b42..e1b5d53e2c9 100644
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@@ -195,7 +195,7 @@ func CheckAuth(c *gin.Context) {
 		return
 	}
 
-	// 通过 API token
+	// 通过 API token (header: Authorization)
 	if authHeader := c.GetHeader("Authorization"); "" != authHeader {
 		if strings.HasPrefix(authHeader, "Token ") {
 			token := strings.TrimPrefix(authHeader, "Token ")
@@ -210,6 +210,18 @@ func CheckAuth(c *gin.Context) {
 		}
 	}
 
+	// 通过 API token (query-params: token)
+	if token := c.Query("token"); "" != token {
+		if Conf.Api.Token == token {
+			c.Next()
+			return
+		}
+
+		c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
+		c.Abort()
+		return
+	}
+
 	if "/check-auth" == c.Request.URL.Path { // 跳过访问授权页
 		c.Next()
 		return