From e875356a99baa369d57c9ab16aa24a736b13d36f Mon Sep 17 00:00:00 2001
From: Joren Vandeweyer <joren.vandeweyer@appwise.be>
Date: Sun, 27 Aug 2023 14:25:39 +0200
Subject: [PATCH] improve bearer validation

---
 lib/handlers/authenticate-handler.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/handlers/authenticate-handler.js b/lib/handlers/authenticate-handler.js
index 7724742b..4e7ea36f 100644
--- a/lib/handlers/authenticate-handler.js
+++ b/lib/handlers/authenticate-handler.js
@@ -146,7 +146,7 @@ AuthenticateHandler.prototype.getTokenFromRequest = function(request) {
 
 AuthenticateHandler.prototype.getTokenFromRequestHeader = function(request) {
   const token = request.get('Authorization');
-  const matches = token.match(/^Bearer\s(\S+)/);
+  const matches = token.match(/^Bearer\s([0-9a-zA-Z-._~+/]+=*)$/);
 
   if (!matches) {
     throw new InvalidRequestError('Invalid request: malformed authorization header');