From 34d2d4fbe243fbc2f81720d9cd4ac14e7f2519e0 Mon Sep 17 00:00:00 2001
From: 0akarma <ak_harold@outlook.com>
Date: Wed, 5 Aug 2020 22:43:30 +0800
Subject: [PATCH] Fix permission check of http.go

---
 server/http.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/server/http.go b/server/http.go
index 5f0da8c..b191a62 100644
--- a/server/http.go
+++ b/server/http.go
@@ -4,14 +4,15 @@ import (
 	"crypto/hmac"
 	"crypto/sha1"
 	"encoding/hex"
+	"strconv"
+	"strings"
+	"time"
+
 	"github.com/Mrs4s/go-cqhttp/coolq"
 	"github.com/gin-gonic/gin"
 	"github.com/guonaihong/gout"
 	log "github.com/sirupsen/logrus"
 	"github.com/tidwall/gjson"
-	"strconv"
-	"strings"
-	"time"
 )
 
 type httpServer struct {
@@ -61,12 +62,12 @@ func (s *httpServer) Run(addr, authToken string, bot *coolq.CQBot) {
 					c.AbortWithStatus(401)
 					return
 				}
-			}
-			if c.Query("access_token") != authToken {
+			} else if c.Query("access_token") != authToken {
 				c.AbortWithStatus(401)
 				return
+			} else {
+				c.Next()
 			}
-			c.Next()
 		})
 	}