From e0bb4a5ed24038415370b0da0997e1d29f5d012e Mon Sep 17 00:00:00 2001
From: Andrei <andrei.i@posteo.de>
Date: Wed, 21 Jan 2026 00:00:00 +0000
Subject: [PATCH] Look up header names in lowercase

Since the http library downcase header names:
https://docs.rs/http/latest/http/header/index.html#headername
---
 rust/auth-impls/src/jwt.rs       |  6 +++---
 rust/auth-impls/src/signature.rs | 12 ++++++------
 rust/server/src/vss_service.rs   |  4 +++-
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/rust/auth-impls/src/jwt.rs b/rust/auth-impls/src/jwt.rs
index f06e4c7..01889de 100644
--- a/rust/auth-impls/src/jwt.rs
+++ b/rust/auth-impls/src/jwt.rs
@@ -46,7 +46,7 @@ impl Authorizer for JWTAuthorizer {
 		&self, headers_map: &HashMap<String, String>,
 	) -> Result<AuthResponse, VssError> {
 		let auth_header = headers_map
-			.get("Authorization")
+			.get("authorization")
 			.ok_or(VssError::AuthError("Authorization header not found.".to_string()))?;
 
 		let token = auth_header
@@ -143,7 +143,7 @@ mod tests {
 			encode(&Header::new(Algorithm::RS256), &claims, &valid_encoding_key).unwrap();
 		let mut headers_map: HashMap<String, String> = HashMap::new();
 		let header_value = format!("Bearer {}", valid_jwt_token);
-		headers_map.insert("Authorization".to_string(), header_value.clone());
+		headers_map.insert("authorization".to_string(), header_value.clone());
 		println!("headers_map: {:?}", headers_map);
 
 		// JWT signed by valid key results in authenticated user.
@@ -184,7 +184,7 @@ mod tests {
 
 		let invalid_jwt_token =
 			encode(&Header::new(Algorithm::RS256), &claims, &invalid_encoding_key).unwrap();
-		headers_map.insert("Authorization".to_string(), format!("Bearer {}", invalid_jwt_token));
+		headers_map.insert("authorization".to_string(), format!("Bearer {}", invalid_jwt_token));
 
 		// JWT signed by invalid key results in AuthError.
 		assert!(matches!(
diff --git a/rust/auth-impls/src/signature.rs b/rust/auth-impls/src/signature.rs
index 28b2751..4c3513a 100644
--- a/rust/auth-impls/src/signature.rs
+++ b/rust/auth-impls/src/signature.rs
@@ -43,7 +43,7 @@ impl Authorizer for SignatureValidatingAuthorizer {
 		&self, headers_map: &HashMap<String, String>,
 	) -> Result<AuthResponse, VssError> {
 		let auth_header = headers_map
-			.get("Authorization")
+			.get("authorization")
 			.ok_or_else(|| VssError::AuthError("Authorization header not found.".to_string()))?;
 
 		if auth_header.len() <= (33 + 64) * 2 {
@@ -122,17 +122,17 @@ mod tests {
 
 		// Test a valid signature
 		let (token, pubkey) = build_token(now);
-		headers_map.insert("Authorization".to_string(), token);
+		headers_map.insert("authorization".to_string(), token);
 		assert_eq!(auth.verify(&headers_map).await.unwrap().user_token, format!("{pubkey:x}"));
 
 		// Test a signature too far in the future
 		let (token, _) = build_token(now + 60 * 60 * 24 + 10);
-		headers_map.insert("Authorization".to_string(), token);
+		headers_map.insert("authorization".to_string(), token);
 		assert!(matches!(auth.verify(&headers_map).await.unwrap_err(), VssError::AuthError(_)));
 
 		// Test a signature too far in the past
 		let (token, _) = build_token(now - 60 * 60 * 24 - 10);
-		headers_map.insert("Authorization".to_string(), token);
+		headers_map.insert("authorization".to_string(), token);
 		assert!(matches!(auth.verify(&headers_map).await.unwrap_err(), VssError::AuthError(_)));
 
 		// Test a token with an invalid signature
@@ -142,7 +142,7 @@ mod tests {
 			.enumerate()
 			.map(|(idx, c)| if idx == 33 * 2 + 10 || idx == 33 * 2 + 11 { '0' } else { c })
 			.collect();
-		headers_map.insert("Authorization".to_string(), token);
+		headers_map.insert("authorization".to_string(), token);
 		assert!(matches!(auth.verify(&headers_map).await.unwrap_err(), VssError::AuthError(_)));
 
 		// Test a token with the wrong public key
@@ -152,7 +152,7 @@ mod tests {
 			.enumerate()
 			.map(|(idx, c)| if idx == 10 || idx == 11 { '0' } else { c })
 			.collect();
-		headers_map.insert("Authorization".to_string(), token);
+		headers_map.insert("authorization".to_string(), token);
 		assert!(matches!(auth.verify(&headers_map).await.unwrap_err(), VssError::AuthError(_)));
 	}
 }
diff --git a/rust/server/src/vss_service.rs b/rust/server/src/vss_service.rs
index f641c0e..fc2c2fc 100644
--- a/rust/server/src/vss_service.rs
+++ b/rust/server/src/vss_service.rs
@@ -103,8 +103,10 @@ async fn handle_request<
 	let headers_map = parts
 		.headers
 		.iter()
-		.map(|(k, v)| (k.as_str().to_string(), v.to_str().unwrap_or_default().to_string()))
+		// HeaderName converted to a string is in lowercase.
+		.map(|(k, v)| (k.to_string(), v.to_str().unwrap_or_default().to_string()))
 		.collect::<HashMap<String, String>>();
+	debug_assert!(headers_map.keys().all(|key| key.chars().all(|c| !c.is_uppercase())));
 
 	let user_token = match authorizer.verify(&headers_map).await {
 		Ok(auth_response) => auth_response.user_token,