ExtractAuthToken extracts a token from HTTP headers. It checks the BYOK header first (set by clients opting into BYOK), then falls back to Authorization: Bearer and X-Api-Key for direct centralized mode. If none are present, an empty string is returned.
(header http.Header)
| 46 | // then falls back to Authorization: Bearer and X-Api-Key for direct |
| 47 | // centralized mode. If none are present, an empty string is returned. |
| 48 | func ExtractAuthToken(header http.Header) string { |
| 49 | if token := strings.TrimSpace(header.Get(HeaderCoderToken)); token != "" { |
| 50 | return token |
| 51 | } |
| 52 | if auth := strings.TrimSpace(header.Get("Authorization")); auth != "" { |
| 53 | fields := strings.Fields(auth) |
| 54 | if len(fields) == 2 && strings.EqualFold(fields[0], "Bearer") { |
| 55 | return fields[1] |
| 56 | } |
| 57 | } |
| 58 | if apiKey := strings.TrimSpace(header.Get("X-Api-Key")); apiKey != "" { |
| 59 | return apiKey |
| 60 | } |
| 61 | return "" |
| 62 | } |
no test coverage detected