Automated release from CI pipeline
Changes:
fix(auth): match the Bearer scheme case-insensitively (RFC 6750) (#929)
require_bearer parsed the Authorization header with
strip_prefix("Bearer "), which is case-sensitive. Per RFC 6750 §2.1 /
RFC 7235 §2.1 the auth-scheme is case-insensitive, so a correct token sent
as Authorization: bearer <token> (or BEARER, or with extra whitespace)
was rejected with a confusing "invalid bearer token" 401 — needless friction
when setting up RUVIEW_API_TOKEN (the active #864/#924 theme).
Now the scheme is matched with eq_ignore_ascii_case and leading token
whitespace trimmed. The token comparison itself is unchanged — still exact
and constant-time (ct_eq) — so this does not weaken auth: a wrong token or
a non-Bearer scheme (Basic …) still returns 401.
New test accepts_case_insensitive_bearer_scheme covers bearer/BEARER/
extra-space (accept) and wrong-token/Basic (still reject). bearer_auth
suite: 9 passed.
Docker Image:
ghcr.io/ruvnet/RuView:be48143f774770ad1b89f2491473306f55004847