middleware cleaning

allow HTTP_AUTHORIZATION to be split just in 4 remove support for sending authorization with cookies
2025-07-18 16:53:16 +00:00 · 2025-06-26 18:02:29 +02:00
parent 0763b5812b
commit 623e5963de
1 changed files with 1 additions and 11 deletions
--- a/robosats/middleware.py
+++ b/robosats/middleware.py
@ -42,12 +42,7 @@ class SplitAuthorizationHeaderMiddleware(MiddlewareMixin):
        auth_header = request.META.get("HTTP_AUTHORIZATION", "")
        split_auth = auth_header.split(" | ")

-        if len(split_auth) == 3:
-            # Deprecated in favor of len 4
-            request.META["HTTP_AUTHORIZATION"] = split_auth[0]
-            request.META["PUBLIC_KEY"] = split_auth[1]
-            request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
-        elif len(split_auth) == 4:
+        if len(split_auth) == 4:
            request.META["HTTP_AUTHORIZATION"] = split_auth[0]
            request.META["PUBLIC_KEY"] = split_auth[1]
            request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
@ -123,11 +118,6 @@ class RobotTokenSHA256AuthenticationMiddleWare:
            ).replace("Private ", "")
            nostr_pubkey = request.META.get("NOSTR_PUBKEY", "").replace("Nostr ", "")

-            # Some legacy (pre-federation) clients will still send keys as cookies
-            if public_key == "" or encrypted_private_key == "":
-                public_key = request.COOKIES.get("public_key")
-                encrypted_private_key = request.COOKIES.get("encrypted_private_key", "")
-
            if not public_key or not encrypted_private_key or not nostr_pubkey:
                return JsonResponse(
                    {