From a7885748c7f37db232a097aa24132ed59229360c Mon Sep 17 00:00:00 2001
From: KokaKiwi <kokakiwi@kokakiwi.net>
Date: Sat, 22 Jun 2019 19:45:21 +0200
Subject: [PATCH] MastoAPI streaming: Replace access_token with
 Sec-WebSocket-Protocol

---
 lib/pleroma/web/mastodon_api/websocket_handler.ex | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/pleroma/web/mastodon_api/websocket_handler.ex b/lib/pleroma/web/mastodon_api/websocket_handler.ex
index 3299e1721..db6ae23b0 100644
--- a/lib/pleroma/web/mastodon_api/websocket_handler.ex
+++ b/lib/pleroma/web/mastodon_api/websocket_handler.ex
@@ -29,7 +29,7 @@ defmodule Pleroma.Web.MastodonAPI.WebsocketHandler do
 
   def init(%{qs: qs} = req, state) do
     with params <- :cow_qs.parse_qs(qs),
-         access_token <- List.keyfind(params, "access_token", 0),
+         access_token <- :cowboy_req.header("sec-websocket-protocol", req, 0),
          {_, stream} <- List.keyfind(params, "stream", 0),
          {:ok, user} <- allow_request(stream, access_token),
          topic when is_binary(topic) <- expand_topic(stream, params) do
@@ -89,7 +89,7 @@ defp allow_request(stream, nil) when stream in @anonymous_streams do
   end
 
   # Authenticated streams.
-  defp allow_request(stream, {"access_token", access_token}) when stream in @streams do
+  defp allow_request(stream, access_token) when stream in @streams do
     with %Token{user_id: user_id} <- Repo.get_by(Token, token: access_token),
          user = %User{} <- User.get_cached_by_id(user_id) do
       {:ok, user}