ai/gitea-mcp
1
0
Fork 0
mirror of https://gitea.com/gitea/gitea-mcp.git synced 2026-02-27 09:05:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: parse Authorization header case-insensitively and support token format (#137)

Browse Source 
## Summary
- Make auth header parsing RFC 7235 compliant by comparing the scheme case-insensitively (`bearer`, `BEARER`, etc. all work now)
- Add support for Gitea-style `token <value>` format in addition to `Bearer <value>`

Fixes https://gitea.com/gitea/gitea-mcp/issues/59

---
*This PR was authored by Claude.*

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/137
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-committed-by: silverwind <me@silverwind.io>
This commit is contained in:
silverwind
2026-02-25 19:04:14 +00:00
committed by Lunny Xiao
parent 3b9236695c
commit 6540693771
2 changed files with 52 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
operation/operation.go
View File

@@ -67,21 +67,25 @@ func RegisterTool(s *server.MCPServer) {
s.DeleteTools("") s.DeleteTools("")
} }
// parseBearerToken extracts the Bearer token from an Authorization header. // parseAuthToken extracts the token from an Authorization header.
// Supports "Bearer <token>" (case-insensitive per RFC 7235) and
// Gitea-style "token <token>" formats.
// Returns the token and true if valid, empty string and false otherwise. // Returns the token and true if valid, empty string and false otherwise.
func parseBearerToken(authHeader string) (string, bool) { func parseAuthToken(authHeader string) (string, bool) {
const bearerPrefix = "Bearer " if len(authHeader) > 7 && strings.EqualFold(authHeader[:7], "Bearer ") {
if len(authHeader) < len(bearerPrefix) || !strings.HasPrefix(authHeader, bearerPrefix) { token := strings.TrimSpace(authHeader[7:])
return "", false if token != "" {
}
token := strings.TrimSpace(authHeader[len(bearerPrefix):])
if token == "" {
return "", false
}
return token, true return token, true
} }
}
if len(authHeader) > 6 && strings.EqualFold(authHeader[:6], "token ") {
token := strings.TrimSpace(authHeader[6:])
if token != "" {
return token, true
}
}
return "", false
}
func getContextWithToken(ctx context.Context, r *http.Request) context.Context { func getContextWithToken(ctx context.Context, r *http.Request) context.Context {
authHeader := r.Header.Get("Authorization") authHeader := r.Header.Get("Authorization")
@@ -89,7 +93,7 @@ func getContextWithToken(ctx context.Context, r *http.Request) context.Context {
return ctx return ctx
} }
token, ok := parseBearerToken(authHeader) token, ok := parseAuthToken(authHeader)
if !ok { if !ok {
return ctx return ctx
} }

48
operation/operation_test.go
View File

@@ -4,7 +4,7 @@ import (
"testing" "testing"
) )
func TestParseBearerToken(t *testing.T) { func TestParseAuthToken(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
header string header string
@@ -12,23 +12,29 @@ func TestParseBearerToken(t *testing.T) {
wantOK bool wantOK bool
}{ }{
{ {
name: "valid token", name: "valid Bearer token",
header: "Bearer validtoken", header: "Bearer validtoken",
wantToken: "validtoken", wantToken: "validtoken",
wantOK: true, wantOK: true,
}, },
{
name: "lowercase bearer",
header: "bearer lowercase",
wantToken: "lowercase",
wantOK: true,
},
{
name: "uppercase BEARER",
header: "BEARER uppercase",
wantToken: "uppercase",
wantOK: true,
},
{ {
name: "token with spaces trimmed", name: "token with spaces trimmed",
header: "Bearer spacedToken ", header: "Bearer spacedToken ",
wantToken: "spacedToken", wantToken: "spacedToken",
wantOK: true, wantOK: true,
}, },
{
name: "lowercase bearer should fail",
header: "bearer lowercase",
wantToken: "",
wantOK: false,
},
{ {
name: "bearer with no token", name: "bearer with no token",
header: "Bearer ", header: "Bearer ",
@@ -47,6 +53,24 @@ func TestParseBearerToken(t *testing.T) {
wantToken: "", wantToken: "",
wantOK: false, wantOK: false,
}, },
{
name: "Gitea token format",
header: "token giteaapitoken",
wantToken: "giteaapitoken",
wantOK: true,
},
{
name: "Gitea Token format capitalized",
header: "Token giteaapitoken",
wantToken: "giteaapitoken",
wantOK: true,
},
{
name: "token with no value",
header: "token ",
wantToken: "",
wantOK: false,
},
{ {
name: "different auth type", name: "different auth type",
header: "Basic dXNlcjpwYXNz", header: "Basic dXNlcjpwYXNz",
@@ -60,7 +84,7 @@ func TestParseBearerToken(t *testing.T) {
wantOK: false, wantOK: false,
}, },
{ {
name: "token with internal spaces", name: "bearer token with internal spaces",
header: "Bearer token with spaces", header: "Bearer token with spaces",
wantToken: "token with spaces", wantToken: "token with spaces",
wantOK: true, wantOK: true,
@@ -69,12 +93,12 @@ func TestParseBearerToken(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
gotToken, gotOK := parseBearerToken(tt.header) gotToken, gotOK := parseAuthToken(tt.header)
if gotToken != tt.wantToken { if gotToken != tt.wantToken {
t.Errorf("parseBearerToken() token = %q, want %q", gotToken, tt.wantToken) t.Errorf("parseAuthToken() token = %q, want %q", gotToken, tt.wantToken)
} }
if gotOK != tt.wantOK { if gotOK != tt.wantOK {
t.Errorf("parseBearerToken() ok = %v, want %v", gotOK, tt.wantOK) t.Errorf("parseAuthToken() ok = %v, want %v", gotOK, tt.wantOK)
} }
}) })
} }