From 2bdb508672e951b196eb945bf109ad9e0484f789 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dav=C3=AD=C3=B0=20Steinn=20Geirsson?= <david@dsg.is>
Date: Fri, 20 Mar 2026 11:40:07 +0000
Subject: [PATCH] fix: normalize API token format in client

Accept tokens both with and without PVEAPIToken= prefix,
since token files may contain the full Authorization header value.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 collector/client.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/collector/client.go b/collector/client.go
index 5690fd0..9c73f8d 100644
--- a/collector/client.go
+++ b/collector/client.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"strings"
 	"sync"
 	"time"
 )
@@ -40,6 +41,11 @@ func NewClient(hosts []string, token string, tlsInsecure bool, maxConcurrent int
 		TLSHandshakeTimeout: 5 * time.Second,
 	}
 
+	// Normalize token: ensure it has the PVEAPIToken= prefix
+	if !strings.HasPrefix(token, "PVEAPIToken=") {
+		token = "PVEAPIToken=" + token
+	}
+
 	return &Client{
 		hosts:   hosts,
 		token:   token,
@@ -78,7 +84,7 @@ func (c *Client) Get(path string) ([]byte, error) {
 			lastErr = fmt.Errorf("creating request for %s: %w", url, err)
 			continue
 		}
-		req.Header.Set("Authorization", "PVEAPIToken="+c.token)
+		req.Header.Set("Authorization", c.token)
 
 		resp, err := c.httpClient.Do(req)
 		if err != nil {