turul-a2a 0.1.17

A2A Protocol v1.0 server framework
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

//! Bearer token extraction — hardened parser.
//! Design sourced from turul-mcp-framework/crates/turul-http-mcp-server/src/middleware/bearer.rs.

/// Extract a Bearer token from an Authorization header value.
///
/// Returns None if the scheme is not "Bearer" or the token is malformed.
/// Hardened: case-insensitive scheme, rejects whitespace and control characters.
pub fn extract_bearer_token(auth_header: &str) -> Option<String> {
    let trimmed = auth_header.trim();
    let (scheme, rest) = trimmed.split_once([' ', '\t'])?;

    if !scheme.eq_ignore_ascii_case("bearer") {
        return None;
    }

    let token = rest.trim();

    if token.is_empty() {
        return None;
    }

    // Reject tokens with whitespace (multi-token)
    if token.contains(|c: char| c.is_ascii_whitespace()) {
        return None;
    }

    // Reject ASCII control characters
    if token.contains(|c: char| c.is_ascii_control()) {
        return None;
    }

    Some(token.to_string())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn valid_bearer_token() {
        assert_eq!(
            extract_bearer_token("Bearer eyJhbGciOiJSUzI1NiJ9.test"),
            Some("eyJhbGciOiJSUzI1NiJ9.test".to_string())
        );
    }

    #[test]
    fn case_insensitive_scheme() {
        assert!(extract_bearer_token("bearer token123").is_some());
        assert!(extract_bearer_token("BEARER token123").is_some());
        assert!(extract_bearer_token("Bearer token123").is_some());
    }

    #[test]
    fn non_bearer_scheme_returns_none() {
        assert!(extract_bearer_token("Basic dXNlcjpwYXNz").is_none());
        assert!(extract_bearer_token("Digest nonce=abc").is_none());
    }

    #[test]
    fn empty_token_returns_none() {
        assert!(extract_bearer_token("Bearer ").is_none());
        assert!(extract_bearer_token("Bearer").is_none());
    }

    #[test]
    fn whitespace_in_token_rejected() {
        assert!(extract_bearer_token("Bearer token with spaces").is_none());
    }

    #[test]
    fn control_chars_rejected() {
        assert!(extract_bearer_token("Bearer token\x00bad").is_none());
        assert!(extract_bearer_token("Bearer token\x1Fbad").is_none());
    }

    #[test]
    fn leading_trailing_whitespace_trimmed() {
        assert_eq!(
            extract_bearer_token("  Bearer   mytoken  "),
            Some("mytoken".to_string())
        );
    }
}