Refactor session loading and allow OAuth 2.0 requests

atsebaytClient = config.Client(
		oauth2.NoContext,
		&oauth2.Token{
			AccessToken: atsebaytToken,
		},
	)

api.go

@@ -3,6 +3,7 @@ package main
 import (
 	"encoding/base64"
 	"net/http"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 )
@@ -76,20 +77,36 @@ func adminRestricted(u *User, c *gin.Context) bool {
 	return false
 }
 
+func getSessionFromRequest(c *gin.Context) (*Session, error) {
+	var encodedSession string
+
+	if cookie, err := c.Request.Cookie("auth"); err == nil {
+		encodedSession = cookie.Value
+	} else if flds := strings.Fields(c.GetHeader("Authorization")); len(flds) == 2 && flds[0] == "Bearer" {
+		encodedSession = flds[1]
+	}
+
+	if len(encodedSession) > 0 {
+		if sessionid, err := base64.StdEncoding.DecodeString(encodedSession); err != nil {
+			return nil, err
+		} else {
+			return getSession(sessionid)
+		}
+	}
+	return nil, nil
+}
+
 func authMiddleware(access ...func(*User, *gin.Context) bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		var user *User = nil
+		session, err := getSessionFromRequest(c)
-		var session *Session = nil
+		if err != nil {
-		if cookie, err := c.Request.Cookie("auth"); err == nil {
-			if sessionid, err := base64.StdEncoding.DecodeString(cookie.Value); err != nil {
-				eraseCookie(c)
-				c.AbortWithStatusJSON(http.StatusNotAcceptable, gin.H{"errmsg": err.Error()})
-				return
-			} else if session, err = getSession(sessionid); err != nil {
 			eraseCookie(c)
 			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
 			return
-			} else if session.IdUser == nil {
+		}
+
+		var user *User = nil
+		if session == nil || session.IdUser == nil {
 			user = nil
 		} else if std, err := getUser(int(*session.IdUser)); err != nil {
 			eraseCookie(c)
@@ -98,7 +115,6 @@ func authMiddleware(access ...func(*User, *gin.Context) bool) gin.HandlerFunc {
 		} else {
 			user = std
 		}
-		}
 
 		// Check access limitation
 		for _, a := range access {