middleware cleaning

allow HTTP_AUTHORIZATION to be split just in 4
remove support for sending authorization with cookies

robosats/middleware.py

@@ -42,12 +42,7 @@ class SplitAuthorizationHeaderMiddleware(MiddlewareMixin):
         auth_header = request.META.get("HTTP_AUTHORIZATION", "")
         split_auth = auth_header.split(" | ")
 
-        if len(split_auth) == 3:
+        if len(split_auth) == 4:
-            # Deprecated in favor of len 4
-            request.META["HTTP_AUTHORIZATION"] = split_auth[0]
-            request.META["PUBLIC_KEY"] = split_auth[1]
-            request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
-        elif len(split_auth) == 4:
             request.META["HTTP_AUTHORIZATION"] = split_auth[0]
             request.META["PUBLIC_KEY"] = split_auth[1]
             request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
@@ -123,11 +118,6 @@ class RobotTokenSHA256AuthenticationMiddleWare:
             ).replace("Private ", "")
             nostr_pubkey = request.META.get("NOSTR_PUBKEY", "").replace("Nostr ", "")
 
-            # Some legacy (pre-federation) clients will still send keys as cookies
-            if public_key == "" or encrypted_private_key == "":
-                public_key = request.COOKIES.get("public_key")
-                encrypted_private_key = request.COOKIES.get("encrypted_private_key", "")
-
             if not public_key or not encrypted_private_key or not nostr_pubkey:
                 return JsonResponse(
                     {