From 2b33bfae6b7637fa8bbabbde865a04668bb7566b Mon Sep 17 00:00:00 2001 From: Dreamacro <305009791@qq.com> Date: Fri, 24 Apr 2020 23:49:35 +0800 Subject: [PATCH] Fix: API auth bypass --- hub/route/server.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hub/route/server.go b/hub/route/server.go index 7c892657..a73e8059 100644 --- a/hub/route/server.go +++ b/hub/route/server.go @@ -110,9 +110,9 @@ func authentication(next http.Handler) http.Handler { header := r.Header.Get("Authorization") text := strings.SplitN(header, " ", 2) - hasUnvalidHeader := text[0] != "Bearer" - hasUnvalidSecret := len(text) == 2 && text[1] != serverSecret - if hasUnvalidHeader || hasUnvalidSecret { + hasInvalidHeader := text[0] != "Bearer" + hasInvalidSecret := len(text) != 2 || text[1] != serverSecret + if hasInvalidHeader || hasInvalidSecret { render.Status(r, http.StatusUnauthorized) render.JSON(w, r, ErrUnauthorized) return