Update auth header validation (#904)

Author: deliahu

pkg/operator/endpoints/middleware.go

@@ -67,11 +67,16 @@ func AuthMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		authHeader := r.Header.Get("Authorization")
 
-		if !strings.HasPrefix(authHeader, "CortexAWS") {
+		if authHeader == "" {
 			respondError(w, r, ErrorAuthHeaderMissing())
 			return
 		}
 
+		if len(authHeader) < 10 || !strings.HasPrefix(authHeader, "CortexAWS") {
+			respondError(w, r, ErrorAuthHeaderMalformed())
+			return
+		}
+
 		parts := strings.Split(authHeader[10:], "|")
 		if len(parts) != 2 {
 			respondError(w, r, ErrorAuthHeaderMalformed())