From 1d6363cb433b511ee9b2dc269302200b50f57e1b Mon Sep 17 00:00:00 2001
From: chlins <chlins.zhang@gmail.com>
Date: Tue, 28 Oct 2025 12:04:20 +0800
Subject: [PATCH] fix(backend): correct authorization header assembly

Signed-off-by: chlins <chlins.zhang@gmail.com>
---
 pkg/backend/pull_by_d7y.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkg/backend/pull_by_d7y.go b/pkg/backend/pull_by_d7y.go
index 465544ce..c6e7b72e 100644
--- a/pkg/backend/pull_by_d7y.go
+++ b/pkg/backend/pull_by_d7y.go
@@ -163,7 +163,8 @@ func getAuthToken(ctx context.Context, src *remote.Repository, registry, repo st
 		return "", fmt.Errorf("failed to empty token from cache")
 	}
 
-	return token, nil
+	// Assemble the full authorization token by prepending the scheme (e.g., "Bearer" or "Basic").
+	return fmt.Sprintf("%s %s", scheme, token), nil
 }
 
 // buildBlobURL constructs the URL for a blob.
@@ -232,7 +233,7 @@ func downloadAndExtractLayer(ctx context.Context, pb *internalpb.ProgressBar, cl
 			Type:     common.TaskType_STANDARD,
 			Priority: common.Priority_LEVEL6,
 			RequestHeader: map[string]string{
-				"Authorization": fmt.Sprintf("Bearer %s", authToken),
+				"Authorization": authToken,
 			},
 			OutputPath:    &outputPath,
 			ForceHardLink: false,