fix inbound lxm check

DavidBuchanan314 · Jan 22, 2025 · ce168c0 · ce168c0
1 parent 0d39403
commit ce168c0
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/millipds/auth_bearer.py b/src/millipds/auth_bearer.py
@@ -170,7 +170,8 @@ async def auth_middleware(request: web.Request, handler):
 		if revoked:
 			raise web.HTTPUnauthorized(text="revoked token")
 
-		request_lxm = request.path.rpartition("/")[2].partition("?")[0]
+		# note: request.path does not include the query string
+		request_lxm = request.path.rpartition("/")[2]
 		if request_lxm != payload.get("lxm"):
 			raise web.HTTPUnauthorized(text="invalid jwt: bad lxm")