Skip to content

Commit

Permalink
Merge pull request #39 from biscuit-auth/better-auth-header-parsing
Browse files Browse the repository at this point in the history
express: ensure the authorization header starts with Bearer
  • Loading branch information
divarvel authored May 16, 2023
2 parents f4ab91d + a8dc0ae commit 3c5527f
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions snippets/biscuit-express.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,15 @@ export function middleware(options) {
// assumes the token is in the `Authorization` header,
// prefixed with `Bearer `
const defaultExtractor = function (req) {
const authHeader = req.headers.authorization?.slice(7);
const authHeader = req.headers.authorization;
if (!authHeader) {
throw new Error("Missing Authorization header");
}
if (!authHeader.startsWith("Bearer ")) {
throw new Error("Authorization header does not carry a bearer token");
}

return authHeader;
return authHeader.slice(7);
};

const defaultParser = function (data, publicKey) {
Expand Down

0 comments on commit 3c5527f

Please sign in to comment.