From eef40f0755d3f832d1088e9719aa476af76ff521 Mon Sep 17 00:00:00 2001
From: Leonardo Bishop <me@leonardobishop.net>
Date: Thu, 17 Jul 2025 15:29:56 +0100
Subject: Fix api authentication

---
 api/handler/site.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/handler/site.go b/api/handler/site.go
index 27968d7..2e099c8 100644
--- a/api/handler/site.go
+++ b/api/handler/site.go
@@ -14,10 +14,11 @@ import (
 
 func UploadSiteVersion(mainConfig *config.MainConfig, index *index.SiteIndex) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
-		token := strings.TrimPrefix("Bearer ", r.Header.Get("Authorization"))
+		token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
 
 		if len(mainConfig.Command.Secret) == 0 || subtle.ConstantTimeCompare([]byte(token), []byte(mainConfig.Command.Secret)) != 1 {
 			w.WriteHeader(http.StatusForbidden)
+			fmt.Fprint(w, "forbidden")
 			return
 		}
 
-- 
cgit v1.2.3-70-g09d2