Fix ability to use the api_token query parameter for authenticated API requests (#1034)

Author: Kovah

app/Http/Middleware/Authenticate.php

@@ -9,6 +9,10 @@ class Authenticate extends IlluminateAuthenticate
 {
     public function handle($request, Closure $next, ...$guards)
     {
+        if ($request->has('api_token') && !$request->headers->has('Authorization')) {
+            $request->headers->set('Authorization', 'Bearer ' . $request->api_token);
+        }
+
         $this->authenticate($request, $guards);
 
         if (!$request->is('api/*') && $request->user()->isSystemUser()) {

tests/Controller/App/FeedControllerTest.php

@@ -44,6 +44,19 @@ public function test_links_feed(): void
         $response->assertOk()->assertSee($link->url)->assertDontSee($otherLink->url);
     }
 
+    public function test_links_feed_with_auth_as_query_param(): void
+    {
+        $link = Link::factory()->create();
+
+        $otherUser = User::factory()->create();
+        $otherLink = Link::factory()->for($otherUser)->create(['visibility' => ModelAttribute::VISIBILITY_PRIVATE]);
+
+        $token = $this->user->createToken('test', [ApiToken::ABILITY_USER_ACCESS])->plainTextToken;
+        $response = $this->get('links/feed?api_token=' . $token);
+
+        $response->assertOk()->assertSee($link->url)->assertDontSee($otherLink->url);
+    }
+
     public function test_lists_feed(): void
     {
         $list = LinkList::factory()->create();