diff --git a/component/resolver/host.go b/component/resolver/host.go
index c214acfc..a6a7b4c8 100644
--- a/component/resolver/host.go
+++ b/component/resolver/host.go
@@ -113,7 +113,7 @@ func NewHostValueByDomain(domain string) (HostValue, error) {
 	domain = strings.Trim(domain, ".")
 	item := strings.Split(domain, ".")
 	if len(item) < 2 {
-		return HostValue{}, errors.New("invaild domain")
+		return HostValue{}, errors.New("invalid domain")
 	}
 	return HostValue{
 		IsDomain: true,
diff --git a/hub/route/server.go b/hub/route/server.go
index 7f3977ed..94e3a922 100644
--- a/hub/route/server.go
+++ b/hub/route/server.go
@@ -299,7 +299,7 @@ func startPipe(cfg *Config) {
 	}
 }
 
-func safeEuqal(a, b string) bool {
+func safeEqual(a, b string) bool {
 	aBuf := utils.ImmutableBytesFromString(a)
 	bBuf := utils.ImmutableBytesFromString(b)
 	return subtle.ConstantTimeCompare(aBuf, bBuf) == 1
@@ -311,7 +311,7 @@ func authentication(secret string) func(http.Handler) http.Handler {
 			// Browser websocket not support custom header
 			if r.Header.Get("Upgrade") == "websocket" && r.URL.Query().Get("token") != "" {
 				token := r.URL.Query().Get("token")
-				if !safeEuqal(token, secret) {
+				if !safeEqual(token, secret) {
 					render.Status(r, http.StatusUnauthorized)
 					render.JSON(w, r, ErrUnauthorized)
 					return
@@ -324,7 +324,7 @@ func authentication(secret string) func(http.Handler) http.Handler {
 			bearer, token, found := strings.Cut(header, " ")
 
 			hasInvalidHeader := bearer != "Bearer"
-			hasInvalidSecret := !found || !safeEuqal(token, secret)
+			hasInvalidSecret := !found || !safeEqual(token, secret)
 			if hasInvalidHeader || hasInvalidSecret {
 				render.Status(r, http.StatusUnauthorized)
 				render.JSON(w, r, ErrUnauthorized)