ai/gitea-mcp
1
0
Fork 0
mirror of https://gitea.com/gitea/gitea-mcp.git synced 2026-02-27 17:15:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: parse Authorization header case-insensitively and support token format (#137)

Browse Source 
## Summary
- Make auth header parsing RFC 7235 compliant by comparing the scheme case-insensitively (`bearer`, `BEARER`, etc. all work now)
- Add support for Gitea-style `token <value>` format in addition to `Bearer <value>`

Fixes https://gitea.com/gitea/gitea-mcp/issues/59

---
*This PR was authored by Claude.*

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/137
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-committed-by: silverwind <me@silverwind.io>
This commit is contained in:
silverwind
2026-02-25 19:04:14 +00:00
committed by Lunny Xiao
parent 3b9236695c
commit 6540693771
2 changed files with 52 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
operation/operation.go
View File

@@ -67,20 +67,24 @@ func RegisterTool(s *server.MCPServer) {
s.DeleteTools("")
}
// parseBearerToken extracts the Bearer token from an Authorization header.
// parseAuthToken extracts the token from an Authorization header.
// Supports "Bearer <token>" (case-insensitive per RFC 7235) and
// Gitea-style "token <token>" formats.
// Returns the token and true if valid, empty string and false otherwise.
func parseBearerToken(authHeader string) (string, bool) {
const bearerPrefix = "Bearer "
if len(authHeader) < len(bearerPrefix) || !strings.HasPrefix(authHeader, bearerPrefix) {
return "", false
func parseAuthToken(authHeader string) (string, bool) {
if len(authHeader) > 7 && strings.EqualFold(authHeader[:7], "Bearer ") {
token := strings.TrimSpace(authHeader[7:])
if token != "" {
return token, true
}
}
token := strings.TrimSpace(authHeader[len(bearerPrefix):])
if token == "" {
return "", false
if len(authHeader) > 6 && strings.EqualFold(authHeader[:6], "token ") {
token := strings.TrimSpace(authHeader[6:])
if token != "" {
return token, true
}
}
return token, true
return "", false
}
func getContextWithToken(ctx context.Context, r *http.Request) context.Context {
@@ -89,7 +93,7 @@ func getContextWithToken(ctx context.Context, r *http.Request) context.Context {
return ctx
}
token, ok := parseBearerToken(authHeader)
token, ok := parseAuthToken(authHeader)
if !ok {
return ctx
}