Fix x-api-key header not required for GET requests

Fix #4627
2026-04-25 08:54:07 +08:00 · 2026-01-17 15:13:11 +09:00
parent d1f037059a
commit aad805d0d3
2 changed files with 32 additions and 15 deletions
@@ -183,23 +183,22 @@ func (server *httpServer) handleHttpRequest(conn net.Conn) string {
 	})

 	section := 0
+	var getMatch []string
+Loop:
 	for scanner.Scan() {
 		text := scanner.Text()
 		switch section {
-		case 0:
-			getMatch := getRegex.FindStringSubmatch(text)
-			if len(getMatch) > 0 {
-				response := server.getHandler(parseGetParams(getMatch[1]))
-				if len(response) > 0 {
-					return good(response)
-				}
-				return answer(httpUnavailable+jsonContentType, `{"error":"timeout"}`)
-			} else if !strings.HasPrefix(text, "POST / HTTP") {
+		case 0: // Request line
+			getMatch = getRegex.FindStringSubmatch(text)
+			if len(getMatch) == 0 && !strings.HasPrefix(text, "POST / HTTP") {
 				return bad("invalid request method")
 			}
 			section++
-		case 1:
-			if text == crlf {
+		case 1: // Request headers
+			if text == crlf { // End of headers
+				if len(getMatch) > 0 {
+					break Loop
+				}
 				if contentLength == 0 {
 					return bad("content-length header missing")
 				}
@@ -219,7 +218,7 @@ func (server *httpServer) handleHttpRequest(conn net.Conn) string {
 					apiKey = strings.TrimSpace(pair[1])
 				}
 			}
-		case 2:
+		case 2: // Request body
 			body += text
 		}
 	}
@@ -228,6 +227,14 @@ func (server *httpServer) handleHttpRequest(conn net.Conn) string {
 		return unauthorized("invalid api key")
 	}

+	if len(getMatch) > 0 {
+		response := server.getHandler(parseGetParams(getMatch[1]))
+		if len(response) > 0 {
+			return good(response)
+		}
+		return answer(httpUnavailable+jsonContentType, `{"error":"timeout"}`)
+	}
+
 	if len(body) < contentLength {
 		return bad("incomplete request")
 	}