fix: Fix authorization check for webhooks

tjtanjin · tjtanjin · commit 8dd0396a4a51 · 2025-07-28T01:50:13.000+08:00
diff --git a/src/bot/web_server.py b/src/bot/web_server.py
@@ -45,7 +45,14 @@ async def handle_request(self, request):
 
         """
         auth_header = request.headers.get("Authorization")
-        if not auth_header or auth_header != os.getenv("HEALTHCHECKS_WEBHOOK_TOKEN"):
+
+        if not auth_header or not auth_header.startswith("Bearer "):
+            return web.Response(text="Unauthorized", status=401)
+
+        token = auth_header.split("Bearer ")[1].strip()
+        expected_token = os.getenv("HEALTHCHECKS_WEBHOOK_TOKEN")
+
+        if token != expected_token:
             return web.Response(text="Unauthorized", status=401)
 
         data = await request.json()
