Merge remote-tracking branch 'clash/dev' into Alpha

# Conflicts: # .github/workflows/docker.yml # adapter/outboundgroup/fallback.go # adapter/outboundgroup/loadbalance.go # adapter/outboundgroup/relay.go # adapter/outboundgroup/selector.go # adapter/outboundgroup/urltest.go # config/config.go # go.mod # go.sum # main.go # test/go.mod # test/go.sum
2022-03-17 01:41:51 +08:00
parent c791044ddf fb7d340233
commit 609d69191a
70 changed files with 241 additions and 255 deletions
--- a/hub/route/server.go
+++ b/hub/route/server.go
@ -117,10 +117,10 @@ func authentication(next http.Handler) http.Handler {
 		}

 		header := r.Header.Get("Authorization")
-		text := strings.SplitN(header, " ", 2)
+		bearer, token, found := strings.Cut(header, " ")

-		hasInvalidHeader := text[0] != "Bearer"
-		hasInvalidSecret := len(text) != 2 || text[1] != serverSecret
+		hasInvalidHeader := bearer != "Bearer"
+		hasInvalidSecret := !found || token != serverSecret
 		if hasInvalidHeader || hasInvalidSecret {
 			render.Status(r, http.StatusUnauthorized)
 			render.JSON(w, r, ErrUnauthorized)