feat: support empty token header name

README.md

@@ -130,7 +130,7 @@ func main() {
       // TokenLookup: "query:token",
       // TokenLookup: "cookie:token",
 
-      // TokenHeadName is a string in the header. Default value is "Bearer"
+      // TokenHeadName is a string in the header. Default value is "Bearer". If you want empty value, use WithoutDefaultTokenHeadName.
       TokenHeadName: "Bearer",
 
       // TimeFunc provides the current time. You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.

auth_jwt.go

@@ -120,6 +120,9 @@ type HertzJWTMiddleware struct {
 	// TokenHeadName is a string in the header. Default value is "Bearer"
 	TokenHeadName string
 
+	// WithoutDefaultTokenHeadName allow set empty TokenHeadName
+	WithoutDefaultTokenHeadName bool
+
 	// TimeFunc provides the current time. You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.
 	TimeFunc func() time.Time
 
@@ -339,7 +342,7 @@ func (mw *HertzJWTMiddleware) MiddlewareInit() error {
 	}
 
 	mw.TokenHeadName = strings.TrimSpace(mw.TokenHeadName)
-	if len(mw.TokenHeadName) == 0 {
+	if len(mw.TokenHeadName) == 0 && !mw.WithoutDefaultTokenHeadName {
 		mw.TokenHeadName = "Bearer"
 	}
 
@@ -692,11 +695,12 @@ func (mw *HertzJWTMiddleware) jwtFromHeader(ctx context.Context, c *app.RequestC
 	}
 
 	parts := strings.SplitN(authHeader, " ", 2)
-	if !(len(parts) == 2 && parts[0] == mw.TokenHeadName) {
+	if !((len(parts) == 1 && mw.WithoutDefaultTokenHeadName && mw.TokenHeadName == "") ||
+		(len(parts) == 2 && parts[0] == mw.TokenHeadName)) {
 		return "", ErrInvalidAuthHeader
 	}
 
-	return parts[1], nil
+	return parts[len(parts)-1], nil
 }
 
 func (mw *HertzJWTMiddleware) jwtFromQuery(ctx context.Context, c *app.RequestContext, key string) (string, error) {

auth_jwt_test.go

@@ -837,6 +837,42 @@ func TestDefineTokenHeadName(t *testing.T) {
 	assert.DeepEqual(t, http.StatusOK, w.Code)
 }
 
+func TestEmptyTokenHeadName(t *testing.T) {
+	// the middleware to test
+	authMiddleware, _ := New(&HertzJWTMiddleware{
+		Realm:                       "test zone",
+		Key:                         key,
+		Timeout:                     time.Hour,
+		TokenHeadName:               "",
+		WithoutDefaultTokenHeadName: true,
+		Authenticator:               defaultAuthenticator,
+	})
+
+	handler := hertzHandler(authMiddleware)
+
+	w := ut.PerformRequest(handler, http.MethodGet, "/auth/hello", nil, ut.Header{Key: "Authorization", Value: "Bearer " + makeTokenString("HS256", "admin")})
+	assert.DeepEqual(t, http.StatusUnauthorized, w.Code)
+
+	w = ut.PerformRequest(handler, http.MethodGet, "/auth/hello", nil, ut.Header{Key: "Authorization", Value: makeTokenString("HS256", "admin")})
+	assert.DeepEqual(t, http.StatusOK, w.Code)
+
+	authMiddleware2, _ := New(&HertzJWTMiddleware{
+		Realm:         "test zone",
+		Key:           key,
+		Timeout:       time.Hour,
+		TokenHeadName: "",
+		Authenticator: defaultAuthenticator,
+	})
+
+	handler = hertzHandler(authMiddleware2)
+
+	w = ut.PerformRequest(handler, http.MethodGet, "/auth/hello", nil, ut.Header{Key: "Authorization", Value: "Bearer " + makeTokenString("HS256", "admin")})
+	assert.DeepEqual(t, http.StatusOK, w.Code)
+
+	w = ut.PerformRequest(handler, http.MethodGet, "/auth/hello", nil, ut.Header{Key: "Authorization", Value: makeTokenString("HS256", "admin")})
+	assert.DeepEqual(t, http.StatusUnauthorized, w.Code)
+}
+
 func TestHTTPStatusMessageFunc(t *testing.T) {
 	successError := errors.New("Successful test error")
 	failedError := errors.New("Failed test error")