Added X-Authorization header (#10)

L480 · web-flow · commit 09f3183ff0d5 · 2025-11-02T08:30:11.000+01:00
diff --git a/cmd/tesla-http-api/main.go b/cmd/tesla-http-api/main.go
@@ -45,13 +45,19 @@ func router(next http.Handler) http.Handler {
 			}
 		case "api":
 			if apiTokenEnabled {
+				// Accept Authorization header or the legacy/custom X-Authorization
 				token := r.Header.Get("Authorization")
+				if token == "" {
+					token = r.Header.Get("X-Authorization")
+				}
 				if token != apiToken {
 					logger.Info("Request to %s from %s \033[31m(invalid token)\033[0m", r.URL.Path, r.Header.Get("X-Forwarded-For"))
 					http.Error(w, http.StatusText(403), http.StatusForbidden)
 					return
 				}
+				// Remove any provided auth headers so we can inject the Tesla Bearer token cleanly
 				r.Header.Del("Authorization")
+				r.Header.Del("X-Authorization")
 			}
 
 			r.Header.Add("Authorization", "Bearer "+tesla.AccessToken)

Original file line number	Diff line number	Diff line change
`@@ -45,13 +45,19 @@ func router(next http.Handler) http.Handler {`
`45`	`45`	`}`
`46`	`46`	`case "api":`
`47`	`47`	`if apiTokenEnabled {`
	`48`	`+ // Accept Authorization header or the legacy/custom X-Authorization`
`48`	`49`	`token := r.Header.Get("Authorization")`
	`50`	`+ if token == "" {`
	`51`	`+ token = r.Header.Get("X-Authorization")`
	`52`	`+ }`
`49`	`53`	`if token != apiToken {`
`50`	`54`	`logger.Info("Request to %s from %s \033[31m(invalid token)\033[0m", r.URL.Path, r.Header.Get("X-Forwarded-For"))`
`51`	`55`	`http.Error(w, http.StatusText(403), http.StatusForbidden)`
`52`	`56`	`return`
`53`	`57`	`}`
	`58`	`+ // Remove any provided auth headers so we can inject the Tesla Bearer token cleanly`
`54`	`59`	`r.Header.Del("Authorization")`
	`60`	`+ r.Header.Del("X-Authorization")`
`55`	`61`	`}`
`56`	`62`
`57`	`63`	`r.Header.Add("Authorization", "Bearer "+tesla.AccessToken)`