Auhtorization header checking

[stefanopulze]

Hi All,
I've just forked the code and I don't understand why is tested /[\0-\x1F\x7F]/.test(decoded) when authorization token is decoded from base64.

For testing purpose I've create a get request, to emulate unifi, where authorization token is :<cloud_flare_token> encoded in base64.
I cannot pass the regex validation and 401 is received.

So why is needed this regex?
Thanks in advance you made a great work!

[willswire]

The regex /[\0-\x1F\x7F]/ ensures the decoded API key or token doesn't contain control characters like non-printable ASCII (0–31) or the delete character (\x7F). These characters could indicate corrupted or tampered data, potentially leading to security risks or parsing errors. While the index check validates the structure of the token, the regex adds an extra layer of protection by verifying the token's integrity and ensuring it contains only valid characters. This prevents malformed or dangerous tokens from being processed.

[stefanopulze]

Thanks for reply. Now it's clear.
How can I generate the access token for local debugging?

I would like to test the code with curl to localhost

[willswire]

Try echo -n "you@example.com:1qaz2wsx3edc..." | base64 where the first part is your Cloudflare Email Address, and the second part (after the :) is your Cloudflare API Token.