chore: update access token order

api/v1/jwt.go

@@ -36,15 +36,15 @@ func extractTokenFromHeader(c echo.Context) (string, error) {
 }
 
 func findAccessToken(c echo.Context) string {
-	accessToken := ""
+	// Check the HTTP request header first.
+	accessToken, _ := extractTokenFromHeader(c)
+	if accessToken == "" {
+		// Check the cookie.
 		cookie, _ := c.Cookie(auth.AccessTokenCookieName)
 		if cookie != nil {
 			accessToken = cookie.Value
 		}
-	if accessToken == "" {
-		accessToken, _ = extractTokenFromHeader(c)
 	}
-
 	return accessToken
 }
 

api/v2/acl.go

@@ -127,6 +127,7 @@ func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessToken str
 }
 
 func getTokenFromMetadata(md metadata.MD) (string, error) {
+	// Check the HTTP request header first.
 	authorizationHeaders := md.Get("Authorization")
 	if len(md.Get("Authorization")) > 0 {
 		authHeaderParts := strings.Fields(authorizationHeaders[0])
@@ -135,7 +136,7 @@ func getTokenFromMetadata(md metadata.MD) (string, error) {
 		}
 		return authHeaderParts[1], nil
 	}
-	// check the HTTP cookie
+	// Check the cookie header.
 	var accessToken string
 	for _, t := range append(md.Get("grpcgateway-cookie"), md.Get("cookie")...) {
 		header := http.Header{}