refactor: improve Bearer token parsing and validation with tests (#96)

- Refactor Bearer token parsing into a dedicated function for improved validation and readability - Add comprehensive tests for edge cases in Bearer token extraction Signed-off-by: appleboy <appleboy.tw@gmail.com> Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/96 Co-authored-by: appleboy <appleboy.tw@gmail.com> Co-committed-by: appleboy <appleboy.tw@gmail.com>
2025-10-14 01:51:50 +00:00 · 2025-09-27 07:31:32 +00:00
parent 95ab3a4b73
commit e9840cf6c0
2 changed files with 100 additions and 3 deletions
--- a/operation/operation.go
+++ b/operation/operation.go
@@ -52,18 +52,34 @@ func RegisterTool(s *server.MCPServer) {
 	s.DeleteTools("")
 }

+// parseBearerToken extracts the Bearer token from an Authorization header.
+// Returns the token and true if valid, empty string and false otherwise.
+func parseBearerToken(authHeader string) (string, bool) {
+	const bearerPrefix = "Bearer "
+	if len(authHeader) < len(bearerPrefix) || !strings.HasPrefix(authHeader, bearerPrefix) {
+		return "", false
+	}
+	
+	token := strings.TrimSpace(authHeader[len(bearerPrefix):])
+	if token == "" {
+		return "", false
+	}
+	
+	return token, true
+}
+
 func getContextWithToken(ctx context.Context, r *http.Request) context.Context {
 	authHeader := r.Header.Get("Authorization")
 	if authHeader == "" {
 		return ctx
 	}

-	parts := strings.Split(authHeader, " ")
-	if len(parts) != 2 || parts[0] != "Bearer" {
+	token, ok := parseBearerToken(authHeader)
+	if !ok {
 		return ctx
 	}

-	return context.WithValue(ctx, mcpContext.TokenContextKey, parts[1])
+	return context.WithValue(ctx, mcpContext.TokenContextKey, token)
 }

 func Run() error {