From 64b86c7c3fc072d38bde3ca23b5f9e041dbc6578 Mon Sep 17 00:00:00 2001 From: Maddox Date: Tue, 28 Apr 2026 18:42:20 -0400 Subject: [PATCH] v0.3.1: enable plugin webapp + case-insensitive bearer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add webapp: true to maubot.yaml — without it, @web.post decorators are silently ignored and plugin webhook URLs return 404 - Match Authorization scheme case-insensitively (Seerr's UI lowercases 'Bearer' on save) --- maubot.yaml | 3 ++- media_bot/bot.py | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/maubot.yaml b/maubot.yaml index e666aad..d20e526 100644 --- a/maubot.yaml +++ b/maubot.yaml @@ -1,6 +1,6 @@ maubot: 0.3.1 id: com.3ddbrewery.media -version: 0.3.0 +version: 0.3.1 license: MIT modules: - media_bot @@ -9,3 +9,4 @@ config: true extra_files: - base-config.yaml database: false +webapp: true diff --git a/media_bot/bot.py b/media_bot/bot.py index 1738ac3..a5b7420 100644 --- a/media_bot/bot.py +++ b/media_bot/bot.py @@ -918,8 +918,10 @@ class MediaBot(Plugin): async def seerr_webhook(self, req: Request) -> Response: secret = self.config["seerr_webhook_secret"] or "" if secret: - auth = req.headers.get("Authorization", "") - if auth != f"Bearer {secret}": + # Case-insensitive scheme per RFC 7235 — Seerr's UI lowercases "Bearer" + auth = (req.headers.get("Authorization") or "").strip() + scheme, _, token = auth.partition(" ") + if scheme.lower() != "bearer" or token != secret: self.log.warning("Seerr webhook bad auth from %s", req.remote) return Response(status=401, text="unauthorized")