From 16bd434f7809d304384c10270a238463b8799ff2 Mon Sep 17 00:00:00 2001
From: Ingo Oppermann <ingo@datarhei.com>
Date: Thu, 3 Jul 2025 14:18:02 +0200
Subject: [PATCH] Change query parameter to apidomain for the api policy

---
 http/middleware/iam/iam.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/http/middleware/iam/iam.go b/http/middleware/iam/iam.go
index 33855428..f1ed380e 100644
--- a/http/middleware/iam/iam.go
+++ b/http/middleware/iam/iam.go
@@ -184,7 +184,7 @@ func NewWithConfig(config Config) echo.MiddlewareFunc {
 					username = config.IAM.GetDefaultVerifier().Name()
 				}
 
-				domain = c.QueryParam("domain")
+				domain = c.QueryParam("apidomain")
 				rtype = "api"
 			} else {
 				identity, err = mw.findIdentityFromSession(c)
@@ -203,12 +203,13 @@ func NewWithConfig(config Config) echo.MiddlewareFunc {
 								time.Sleep(5 * time.Second)
 							}
 
-							if err == ErrBadRequest {
+							switch err {
+							case ErrBadRequest:
 								return api.Err(http.StatusBadRequest, "Bad request", "%s", err)
-							} else if err == ErrUnauthorized {
+							case ErrUnauthorized:
 								c.Response().Header().Set(echo.HeaderWWWAuthenticate, "Basic realm="+realm)
 								return api.Err(http.StatusUnauthorized, "Unauthorized", "%s", err)
-							} else {
+							default:
 								return api.Err(http.StatusForbidden, "Forbidden", "%s", err)
 							}
 						}
@@ -530,8 +531,8 @@ func (m *iammiddleware) findDomainFromFilesystem(path string) string {
 			prefix += "/"
 		}
 
-		if strings.HasPrefix(path, prefix) {
-			elements := strings.Split(strings.TrimPrefix(path, prefix), "/")
+		if after, ok := strings.CutPrefix(path, prefix); ok {
+			elements := strings.Split(after, "/")
 			if m.iam.HasDomain(elements[0]) {
 				return elements[0]
 			}