ruvnet--RuView

mirror of https://github.com/ruvnet/RuView synced 2026-06-09 10:13:17 +00:00

Files

T

rUv be48143f77 fix(auth): match the Bearer scheme case-insensitively (RFC 6750) (#929 )

`require_bearer` parsed the Authorization header with
`strip_prefix("Bearer ")`, which is case-sensitive. Per RFC 6750 §2.1 /
RFC 7235 §2.1 the auth-scheme is case-insensitive, so a correct token sent
as `Authorization: bearer <token>` (or `BEARER`, or with extra whitespace)
was rejected with a confusing "invalid bearer token" 401 — needless friction
when setting up `RUVIEW_API_TOKEN` (the active #864/#924 theme).

Now the scheme is matched with `eq_ignore_ascii_case` and leading token
whitespace trimmed. The token comparison itself is unchanged — still exact
and constant-time (`ct_eq`) — so this does not weaken auth: a wrong token or
a non-Bearer scheme (`Basic …`) still returns 401.

New test `accepts_case_insensitive_bearer_scheme` covers `bearer`/`BEARER`/
extra-space (accept) and wrong-token/`Basic` (still reject). bearer_auth
suite: 9 passed.

2026-06-03 11:07:34 +02:00

.cargo

fix(security): audit — fix RUSTSEC vulns, clippy warnings, dead code (#769 )

2026-05-23 05:36:13 -04:00

.claude-flow

chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427 )

2026-04-25 21:28:13 -04:00

crates

fix(auth): match the Bearer scheme case-insensitively (RFC 6750) (#929 )

2026-06-03 11:07:34 +02:00

data

chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427 )