From d26624288707fca6f702d104a6b201b956a430c2 Mon Sep 17 00:00:00 2001
From: wdvxdr <wdvxdr@foxmail.com>
Date: Wed, 7 Jul 2021 21:19:02 +0800
Subject: [PATCH] clear check authorization.

---
 coolq/bot.go   |  6 ------
 server/http.go | 25 +++++++++++++------------
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/coolq/bot.go b/coolq/bot.go
index 098a3e2..124a49a 100644
--- a/coolq/bot.go
+++ b/coolq/bot.go
@@ -551,9 +551,3 @@ func formatMemberName(mem *client.GroupMemberInfo) string {
 	}
 	return fmt.Sprintf("%s(%d)", mem.DisplayName(), mem.Uin)
 }
-
-// ToJSON 生成JSON字符串
-func (m MSG) ToJSON() string {
-	b, _ := json.Marshal(m)
-	return string(b)
-}
diff --git a/server/http.go b/server/http.go
index dc1f8ae..7057db4 100644
--- a/server/http.go
+++ b/server/http.go
@@ -97,12 +97,9 @@ func (s *httpServer) ServeHTTP(writer http.ResponseWriter, request *http.Request
 		writer.WriteHeader(http.StatusNotFound)
 		return
 	}
-
-	if s.accessToken != "" {
-		if status := checkAuth(request, s.accessToken); status != http.StatusOK {
-			writer.WriteHeader(status)
-			return
-		}
+	if status := checkAuth(request, s.accessToken); status != http.StatusOK {
+		writer.WriteHeader(status)
+		return
 	}
 
 	action := strings.TrimPrefix(request.URL.Path, "/")
@@ -116,6 +113,10 @@ func (s *httpServer) ServeHTTP(writer http.ResponseWriter, request *http.Request
 }
 
 func checkAuth(req *http.Request, token string) int {
+	if token == "" { // quick path
+		return http.StatusOK
+	}
+
 	auth := req.Header.Get("Authorization")
 	if auth == "" {
 		auth = req.URL.Query().Get("access_token")
@@ -126,13 +127,13 @@ func checkAuth(req *http.Request, token string) int {
 		}
 	}
 
-	switch {
-	case auth == "":
-		return http.StatusUnauthorized
-	case auth != token:
-		return http.StatusForbidden
-	default:
+	switch auth {
+	case token:
 		return http.StatusOK
+	case "":
+		return http.StatusUnauthorized
+	default:
+		return http.StatusForbidden
 	}
 }