new auth

README.md

@@ -206,14 +206,14 @@ example.
 
 If the server has its `NOEQ_TOKEN` environment variable set to an non-empty string, the server will require authentication.
 
-		-------------------------------
-		|<byte:len of token>|token ...|
-		-------------------------------
-
-An auth request starts with a byte that is the length of the follwing token,
-followed by the token string. (NOTE: If a client and server hang during
-authentication, it's probably because the token is the client sent is too
-short.)
+		------------------------
+		|0|<len byte>|token ...|
+		------------------------
+
+An auth request starts with byte(0) and then a byte that is the length of the
+follwing token, followed by the token string. (NOTE: If a client and server
+hang during authentication, it's probably because the token is the client sent
+is too short.)
 
 *Id Request*:
 

main.go

@@ -170,13 +170,17 @@ func nextId() (int64, error) {
 }
 
 func auth(r io.Reader) error {
-	b := make([]byte, 1)
+	b := make([]byte, 2)
 	_, err := io.ReadFull(r, b)
 	if err != nil {
 		return err
 	}
 
-	b = make([]byte, b[0])
+	if b[0] != 0 {
+		return ErrInvalidRequest
+	}
+
+	b = make([]byte, b[1])
 	_, err = io.ReadFull(r, b)
 	if err != nil {
 		return err