From 8ae35c974c6f759aa06f722111e3c7decbec4b77 Mon Sep 17 00:00:00 2001
From: luxick <git@luxick.de>
Date: Tue, 6 Jan 2026 14:46:17 +0100
Subject: [PATCH] Use new naming for token

---
 README.md | 8 ++++----
 main.go   | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index e65f0d1..c56c511 100644
--- a/README.md
+++ b/README.md
@@ -128,9 +128,9 @@ Notes:
 
 ### Auth
 
-Requests must include the token using the `X-Filetools-Token` header.
+Requests must include the token using the `X-Luxtools-Token` header.
 
-- Header: `X-Filetools-Token: <token>`
+- Header: `X-Luxtools-Token: <token>`
 - For `GET /open`, a `token=...` query parameter is also accepted as a fallback.
 
 ### `GET /health`
@@ -160,7 +160,7 @@ Example:
 ```bash
 curl -sS -X POST \
   -H 'Content-Type: application/json' \
-  -H 'X-Filetools-Token: your-shared-secret' \
+  -H 'X-Luxtools-Token: your-shared-secret' \
   --data '{"path":"/tmp"}' \
   http://127.0.0.1:8765/open
 ```
@@ -173,7 +173,7 @@ Example:
 
 ```bash
 curl -i \
-  -H 'X-Filetools-Token: your-shared-secret' \
+  -H 'X-Luxtools-Token: your-shared-secret' \
   'http://127.0.0.1:8765/open?path=/tmp'
 ```
 
diff --git a/main.go b/main.go
index 1e4be4d..6997020 100644
--- a/main.go
+++ b/main.go
@@ -104,7 +104,7 @@ func main() {
 			// Allow token to be supplied via query string for GET fallback.
 			qt := strings.TrimSpace(r.URL.Query().Get("token"))
 			if qt == "" || !subtleStringEqual(qt, strings.TrimSpace(*token)) {
-				errLog.Printf("/open unauthorized method=%s path=%q headerToken=%t queryToken=%t dur=%s", r.Method, rawPath, strings.TrimSpace(r.Header.Get("X-Filetools-Token")) != "", qt != "", time.Since(start))
+				errLog.Printf("/open unauthorized method=%s path=%q headerToken=%t queryToken=%t dur=%s", r.Method, rawPath, strings.TrimSpace(r.Header.Get("X-Luxtools-Token")) != "", qt != "", time.Since(start))
 				writeJSON(w, http.StatusUnauthorized, openResponse{OK: false, Message: "unauthorized"})
 				return
 			}
@@ -182,7 +182,7 @@ func withCORS(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 	}
 	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS")
-	w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-Filetools-Token")
+	w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-Luxtools-Token")
 }
 
 func checkToken(r *http.Request, required string) bool {
@@ -190,7 +190,7 @@ func checkToken(r *http.Request, required string) bool {
 	if required == "" {
 		return true
 	}
-	got := r.Header.Get("X-Filetools-Token")
+	got := r.Header.Get("X-Luxtools-Token")
 	got = strings.TrimSpace(got)
 	return got != "" && subtleStringEqual(got, required)
 }