From 39fbe66cbd6d51c5dc1e30a416a7d025401f7a7d Mon Sep 17 00:00:00 2001
From: Joren Vandeweyer <joren.vandeweyer@appwise.be>
Date: Sun, 27 Aug 2023 14:21:39 +0200
Subject: [PATCH 1/2] improve bearer validation

---
 lib/handlers/authenticate-handler.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index 1da50f95..2ce06d79 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -138,7 +138,7 @@ AuthenticateHandler.prototype.getTokenFromRequest = function(request) {
 
 AuthenticateHandler.prototype.getTokenFromRequestHeader = function(request) {
   const token = request.get('Authorization');
-  const matches = token.match(/^Bearer\s(\S+)/);
+  const matches = token.match(/^Bearer\s([0-9a-zA-Z-._~+/]+=*)$/);
 
   if (!matches) {
     throw new InvalidRequestError('Invalid request: malformed authorization header');

From 51f85c960563d63ced674c815c14654913749ccf Mon Sep 17 00:00:00 2001
From: Joren Vandeweyer <joren.vandeweyer@appwise.be>
Date: Tue, 29 Aug 2023 09:15:22 +0200
Subject: [PATCH 2/2] changed \s to space

---
 lib/handlers/authenticate-handler.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index fe4cded6..88d6f6d2 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -139,7 +139,7 @@ class AuthenticateHandler {
 
   getTokenFromRequestHeader (request) {
     const token = request.get('Authorization');
-    const matches = token.match(/^Bearer\s([0-9a-zA-Z-._~+/]+=*)$/);
+    const matches = token.match(/^Bearer ([0-9a-zA-Z-._~+/]+=*)$/);
 
     if (!matches) {
       throw new InvalidRequestError('Invalid request: malformed authorization header');