Fix api authentication

author: Leonardo Bishop <me@leonardobishop.net> 2025-07-17 15:29:56 +0100
committer: Leonardo Bishop <me@leonardobishop.net> 2025-07-17 15:29:56 +0100
commit: eef40f0755d3f832d1088e9719aa476af76ff521 (patch)
tree: 3d5ef321e6fab24983874c1026de2970e171459c /api/handler
parent: fdd4125c6754801a92a66067ca0233db185422bc (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/api/handler/site.go b/api/handler/site.go
index 27968d7..2e099c8 100644
--- a/api/handler/site.go
+++ b/api/handler/site.go
@@ -14,10 +14,11 @@ import (
 
 func UploadSiteVersion(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		token := strings.TrimPrefix("Bearer ", r.Header.Get("Authorization"))
+		token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
 
 		if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 {
 			w.WriteHeader(http.StatusForbidden)
+			fmt.Fprint(w, "forbidden")
 			return
 		}
author	Leonardo Bishop <me@leonardobishop.net>	2025-07-17 15:29:56 +0100
committer	Leonardo Bishop <me@leonardobishop.net>	2025-07-17 15:29:56 +0100
commit	eef40f0755d3f832d1088e9719aa476af76ff521 (patch)
tree	3d5ef321e6fab24983874c1026de2970e171459c /api/handler
parent	fdd4125c6754801a92a66067ca0233db185422bc (diff)