authorization: check the query string for jwts

Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>

moonraker/app.py

@@ -55,7 +55,7 @@ RESERVED_ENDPOINTS = [
 
 # 50 MiB Max Standard Body Size
 MAX_BODY_SIZE = 50 * 1024 * 1024
-EXCLUDED_ARGS = ["_", "token", "connection_id"]
+EXCLUDED_ARGS = ["_", "token", "access_token", "connection_id"]
 DEFAULT_KLIPPY_LOG_PATH = "/tmp/klippy.log"
 
 class MutableRouter(tornado.web.ReversibleRuleRouter):