@@ -534,13 +534,16 @@ app.post('/ios-request', trackProxyResponseTime(async (req, res) => {
534534} ) ) ;
535535
536536app . post ( '/ios-validate' , trackAuthResponseTime ( async ( req , res ) => {
537- const authHeader = req . headers [ 'authorization' ] || '' ;
538- const [ authType , authKey ] = authHeader . split ( ' ' ) ;
539- logWithRequestIp ( 'log' , req , `Validating device token: ${ authKey . substring ( 0 , 8 ) } ...` ) ;
537+ const authHeader = typeof req . headers [ 'authorization' ] === 'string'
538+ ? req . headers [ 'authorization' ] . trim ( )
539+ : '' ;
540+ const [ authType , authKey ] = authHeader . split ( / \s + / , 2 ) ;
541+ const authKeyPrefix = authKey ? `${ authKey . substring ( 0 , 8 ) } ...` : '[missing]' ;
540542
541543 if ( authType !== 'Nickel-Auth' || ! authKey ) {
542544 return res . status ( 400 ) . json ( { error : 'Invalid or missing authorization header.' } ) ;
543545 }
546+ logWithRequestIp ( 'log' , req , `Validating device token: ${ authKeyPrefix } ` ) ;
544547
545548 try {
546549 const [ hasAuth ] = await Promise . all ( [
@@ -550,12 +553,12 @@ app.post('/ios-validate', trackAuthResponseTime(async (req, res) => {
550553 if ( hasAuth ) {
551554 return res . status ( 200 ) . json ( { valid : true } ) ;
552555 } else {
553- logWithRequestIp ( 'log' , req , `Device token validation failed - not found in cache: ${ authKey . substring ( 0 , 8 ) } ... ` ) ;
556+ logWithRequestIp ( 'log' , req , `Device token validation failed - not found in cache: ${ authKeyPrefix } ` ) ;
554557 return res . status ( 403 ) . json ( { valid : false , error : 'Key not found in cache.' } ) ;
555558 }
556559 } catch ( error ) {
557560 logWithRequestIp ( 'error' , req , 'Auth key validation failed:' , error . message ) ;
558- logWithRequestIp ( 'error' , req , `Failed device token: ${ authKey . substring ( 0 , 8 ) } ... ` ) ;
561+ logWithRequestIp ( 'error' , req , `Failed device token: ${ authKeyPrefix } ` ) ;
559562 return res . status ( 401 ) . json ( { valid : false , error : 'Invalid or expired authKey.' } ) ;
560563 }
561564} ) ) ;
0 commit comments