From 745902e8b16ebf2b6d5a99536d7be111ba18b65b Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Mon, 25 Sep 2023 20:14:01 +0800
Subject: [PATCH] chore: update access token order

---
 api/v1/jwt.go | 14 +++++++-------
 api/v2/acl.go |  3 ++-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/api/v1/jwt.go b/api/v1/jwt.go
index bc641fa5..a684e528 100644
--- a/api/v1/jwt.go
+++ b/api/v1/jwt.go
@@ -36,15 +36,15 @@ func extractTokenFromHeader(c echo.Context) (string, error) {
 }
 
 func findAccessToken(c echo.Context) string {
-	accessToken := ""
-	cookie, _ := c.Cookie(auth.AccessTokenCookieName)
-	if cookie != nil {
-		accessToken = cookie.Value
-	}
+	// Check the HTTP request header first.
+	accessToken, _ := extractTokenFromHeader(c)
 	if accessToken == "" {
-		accessToken, _ = extractTokenFromHeader(c)
+		// Check the cookie.
+		cookie, _ := c.Cookie(auth.AccessTokenCookieName)
+		if cookie != nil {
+			accessToken = cookie.Value
+		}
 	}
-
 	return accessToken
 }
 
diff --git a/api/v2/acl.go b/api/v2/acl.go
index 804604ba..1c44b3ec 100644
--- a/api/v2/acl.go
+++ b/api/v2/acl.go
@@ -127,6 +127,7 @@ func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessToken str
 }
 
 func getTokenFromMetadata(md metadata.MD) (string, error) {
+	// Check the HTTP request header first.
 	authorizationHeaders := md.Get("Authorization")
 	if len(md.Get("Authorization")) > 0 {
 		authHeaderParts := strings.Fields(authorizationHeaders[0])
@@ -135,7 +136,7 @@ func getTokenFromMetadata(md metadata.MD) (string, error) {
 		}
 		return authHeaderParts[1], nil
 	}
-	// check the HTTP cookie
+	// Check the cookie header.
 	var accessToken string
 	for _, t := range append(md.Get("grpcgateway-cookie"), md.Get("cookie")...) {
 		header := http.Header{}