From c509ae2a5f39414d1cb55b8a1e6aeb6f73827a3e Mon Sep 17 00:00:00 2001
From: Mathias Bergqvist <mthbqv@gmail.com>
Date: Thu, 7 May 2026 21:02:14 +0200
Subject: [PATCH] refactor(ingestion): use strings.CutPrefix for explicit
 Bearer scheme check

---
 ingestion/internal/mcp/auth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ingestion/internal/mcp/auth.go b/ingestion/internal/mcp/auth.go
index 99b62f5..7509653 100644
--- a/ingestion/internal/mcp/auth.go
+++ b/ingestion/internal/mcp/auth.go
@@ -13,8 +13,8 @@ func BearerAuth(token string, next http.Handler) http.Handler {
 			http.Error(w, "unauthorized", http.StatusUnauthorized)
 			return
 		}
-		got := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
-		if got != token {
+		got, ok := strings.CutPrefix(r.Header.Get("Authorization"), "Bearer ")
+		if !ok || got != token {
 			http.Error(w, "unauthorized", http.StatusUnauthorized)
 			return
 		}