From 8f8fbef32b761d1d4f083c23186a14b2d8b090d9 Mon Sep 17 00:00:00 2001
From: videogame hacker <half-kh-hacker@hackery.site>
Date: Thu, 23 Feb 2023 16:55:06 +0000
Subject: [PATCH] Fix authorization (real)

---
 wish-server/.gitignore | 1 +
 wish-server/main.go    | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/wish-server/.gitignore b/wish-server/.gitignore
index 4523c5d..9a6e7ce 100644
--- a/wish-server/.gitignore
+++ b/wish-server/.gitignore
@@ -1 +1,2 @@
 /streams.db
+/wish-server
diff --git a/wish-server/main.go b/wish-server/main.go
index be9612a..0a8728b 100644
--- a/wish-server/main.go
+++ b/wish-server/main.go
@@ -133,10 +133,13 @@ func HandleWHIP(res http.ResponseWriter, req *http.Request) {
 		logHTTPError(res, "Authorization was not set", http.StatusBadRequest)
 		return
 	}
-
 	streamName, streamPassword, _ := strings.Cut(authorization, ":")
-	if err := db.QueryRow("SELECT * FROM streams WHERE stream = ? AND password = ?", streamName, streamPassword).Scan(); err != nil {
-		logHTTPError(res, "Invalid stream authorization", http.StatusUnauthorized)
+	streamName, _ = strings.CutPrefix(strings.ToLower(streamName), "bearer ")
+
+	var qN string
+	var qP string
+	if err := db.QueryRow("SELECT * FROM streams WHERE stream = ? AND password = ?", streamName, streamPassword).Scan(&qN, &qP); err != nil {
+		logHTTPError(res, "Invalid stream authorization for: "+streamName+" - "+err.Error(), http.StatusUnauthorized)
 		return
 	}