[app] Fix token auth (#442)

ricoberger · web-flow · commit 3fac1ad724ac · 2022-10-22T23:38:27.000+02:00
We used the "strings.TrimLeft" method in the token auth handler, which
is not what we want. Instead we should use "strings.TrimPrefix".
diff --git a/pkg/satellite/middleware/tokenauth/tokenauth.go b/pkg/satellite/middleware/tokenauth/tokenauth.go
@@ -14,7 +14,7 @@ func Handler(token string) func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			if token != "" {
 				authHeader := r.Header.Get("Authorization")
-				if !strings.HasPrefix(authHeader, "Bearer ") || strings.TrimLeft(authHeader, "Bearer ") != token {
+				if !strings.HasPrefix(authHeader, "Bearer ") || strings.TrimPrefix(authHeader, "Bearer ") != token {
 					errresponse.Render(w, r, fmt.Errorf("authorization token is missing or invalid"), http.StatusUnauthorized, "You are not authorized to access the resource")
 					return
 				}

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ func Handler(token string) func(next http.Handler) http.Handler {`
`14`	`14`	`fn := func(w http.ResponseWriter, r *http.Request) {`
`15`	`15`	`if token != "" {`
`16`	`16`	`authHeader := r.Header.Get("Authorization")`
`17`		`- if !strings.HasPrefix(authHeader, "Bearer ") \|\| strings.TrimLeft(authHeader, "Bearer ") != token {`
	`17`	`+ if !strings.HasPrefix(authHeader, "Bearer ") \|\| strings.TrimPrefix(authHeader, "Bearer ") != token {`
`18`	`18`	`errresponse.Render(w, r, fmt.Errorf("authorization token is missing or invalid"), http.StatusUnauthorized, "You are not authorized to access the resource")`
`19`	`19`	`return`
`20`	`20`	`}`