[Milky] Fix access token validation logic

NoirHare · NoirHare · commit 56ee98b2139a · 2026-05-15T16:55:25.000+08:00
diff --git a/Lagrange.Milky/Api/MilkyHttpApiService.cs b/Lagrange.Milky/Api/MilkyHttpApiService.cs
@@ -126,15 +126,12 @@ private async Task<bool> ValidateHttpContextAsync(HttpListenerContext context, C
 
     private bool ValidateAccessToken(HttpListenerContext context)
     {
-        if (_token == null) return true;
+        if (string.IsNullOrEmpty(_token)) return true;
 
         string? authorization = context.Request.Headers["Authorization"];
         if (authorization == null) return false;
-        if (!authorization.StartsWith("Bearer")) return false;
-
-        if (_token == string.Empty && authorization.Length == 6) return true;
-
-        return authorization[7..] == _token;
+        if (!authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) return false;
+        return authorization.AsSpan(7..).Equals(_token);
     }
 
     private async Task<IApiHandler?> GetApiHandlerAsync(HttpListenerContext context, CancellationToken token)
