Extract Bearer and octet-stream constants

JE-Chen · JE-Chen · commit ee0452c6ea00 · 2026-04-22T13:00:50.000+08:00
Deduplicates the four 'Bearer ' literals in HTTPActionServer and the three
'application/octet-stream' literals in mime.py — resolves SonarCloud S1192
and keeps the values single-sourced.
diff --git a/automation_file/local/mime.py b/automation_file/local/mime.py
@@ -12,6 +12,7 @@
 from pathlib import Path
 
 _SNIFF_LEN = 16
+_OCTET_STREAM = "application/octet-stream"
 _SIGNATURES: tuple[tuple[bytes, str], ...] = (
     (b"\x89PNG\r\n\x1a\n", "image/png"),
     (b"\xff\xd8\xff", "image/jpeg"),
@@ -25,7 +26,7 @@
     (b"7z\xbc\xaf\x27\x1c", "application/x-7z-compressed"),
     (b"Rar!\x1a\x07\x00", "application/vnd.rar"),
     (b"Rar!\x1a\x07\x01\x00", "application/vnd.rar"),
-    (b"RIFF", "application/octet-stream"),  # overridden below for wav/webp
+    (b"RIFF", _OCTET_STREAM),  # overridden below for wav/webp
     (b"\x00\x00\x00 ftyp", "video/mp4"),
     (b"OggS", "application/ogg"),
     (b"ID3", "audio/mpeg"),
@@ -46,13 +47,13 @@ def detect_mime(path: str | os.PathLike[str]) -> str:
     if guessed:
         return guessed
     sniffed = _sniff(p)
-    return sniffed or "application/octet-stream"
+    return sniffed or _OCTET_STREAM
 
 
 def detect_from_bytes(data: bytes) -> str:
     """MIME type of a byte blob using magic-byte sniffing."""
     mime = _match_signatures(data)
-    return mime or "application/octet-stream"
+    return mime or _OCTET_STREAM
 
 
 def _sniff(path: Path) -> str | None:
diff --git a/automation_file/server/http_server.py b/automation_file/server/http_server.py
@@ -42,6 +42,7 @@
 _MAX_CONTENT_BYTES = 1 * 1024 * 1024
 _PROGRESS_POLL_SECONDS = 1.0
 _PROGRESS_MAX_FRAMES = 10_000
+_BEARER_PREFIX = "Bearer "
 
 
 class _HTTPActionHandler(BaseHTTPRequestHandler):
@@ -103,9 +104,9 @@ def _read_payload(self) -> list:
         secret: str | None = getattr(self.server, "shared_secret", None)
         if secret:
             header = self.headers.get("Authorization", "")
-            if not header.startswith("Bearer "):
+            if not header.startswith(_BEARER_PREFIX):
                 raise TCPAuthException("missing bearer token")
-            if not hmac.compare_digest(header[len("Bearer ") :], secret):
+            if not hmac.compare_digest(header[len(_BEARER_PREFIX) :], secret):
                 raise TCPAuthException("bad shared secret")
 
         try:
@@ -142,8 +143,8 @@ def _handle_progress_ws(self) -> None:
         secret: str | None = getattr(self.server, "shared_secret", None)
         if secret:
             header = self.headers.get("Authorization", "")
-            token_ok = header.startswith("Bearer ") and hmac.compare_digest(
-                header[len("Bearer ") :], secret
+            token_ok = header.startswith(_BEARER_PREFIX) and hmac.compare_digest(
+                header[len(_BEARER_PREFIX) :], secret
             )
             if not token_ok:
                 self._send_json(HTTPStatus.UNAUTHORIZED, {"error": "bad shared secret"})
