diff --git a/ociflab-backup.sh b/ociflab-backup.sh
index af29040..659d096 100644
--- a/ociflab-backup.sh
+++ b/ociflab-backup.sh
@@ -44,31 +44,29 @@ send_warning() {
     fi
 }
 
-git_auth_opts() {
-    # 返回认证选项数组，若未配置 TOKEN 则返回空
+git_with_auth() {
     if [[ -n "${GIT_ACCESS_TOKEN}" ]]; then
-        echo '-c' "http.https://git.ociflab.icu/.extraHeader=Authorization: Bearer ${GIT_ACCESS_TOKEN}"
+        git -c "http.https://git.ociflab.icu/.extraHeader=Authorization: Bearer ${GIT_ACCESS_TOKEN}" "$@"
+    else
+        git "$@"
     fi
 }
 
 fetch_whitelist() {
     local whitelist_repo_dir="${SCRIPT_DIR}/whitelist_repo"
-    local auth_opts
-    auth_opts=($(git_auth_opts))  # 获取认证参数
 
     log "正在更新白名单仓库..."
 
-    # 尝试拉取/克隆
     if [[ -d "${whitelist_repo_dir}/.git" ]]; then
-        # 已存在则更新
-        if ! git "${auth_opts[@]}" -C "${whitelist_repo_dir}" pull --ff-only --quiet 2>&1; then
+        # 更新
+        if ! git_with_auth -C "${whitelist_repo_dir}" pull --ff-only --quiet 2>&1; then
             log "更新白名单仓库失败，尝试重新克隆..."
             rm -rf "${whitelist_repo_dir}"
         fi
     fi
 
     if [[ ! -d "${whitelist_repo_dir}/.git" ]]; then
-        if ! git "${auth_opts[@]}" clone --depth 1 --quiet "${WHITELIST_REPO_URL}" "${whitelist_repo_dir}" 2>&1; then
+        if ! git_with_auth clone --depth 1 --quiet "${WHITELIST_REPO_URL}" "${whitelist_repo_dir}" 2>&1; then
             log "克隆白名单仓库失败"
         fi
     fi
@@ -100,15 +98,13 @@ clone_or_pull_repo() {
     local repo_name
     repo_name=$(echo "${repo_url}" | sed 's|https://git\.ociflab\.icu/||' | tr '/' '_')
     local repo_path="${WORK_DIR}/${repo_name}"
-    local auth_opts
-    auth_opts=($(git_auth_opts))
 
     if [[ -d "${repo_path}/.git" ]]; then
         log "  更新: ${repo_url}"
-        if ! git "${auth_opts[@]}" -C "${repo_path}" pull --ff-only --quiet 2>&1; then
+        if ! git_with_auth -C "${repo_path}" pull --ff-only --quiet 2>&1; then
             log "  更新失败: ${repo_url}，尝试重新克隆..."
             rm -rf "${repo_path}"
-            if ! git "${auth_opts[@]}" clone --depth 1 --quiet "${repo_url}" "${repo_path}" 2>&1; then
+            if ! git_with_auth clone --depth 1 --quiet "${repo_url}" "${repo_path}" 2>&1; then
                 log "  重新克隆也失败: ${repo_url}"
                 return 1
             fi
@@ -116,7 +112,7 @@ clone_or_pull_repo() {
     else
         log "  克隆: ${repo_url}"
         rm -rf "${repo_path}"
-        if ! git "${auth_opts[@]}" clone --depth 1 --quiet "${repo_url}" "${repo_path}" 2>&1; then
+        if ! git_with_auth clone --depth 1 --quiet "${repo_url}" "${repo_path}" 2>&1; then
             log "  克隆失败: ${repo_url}"
             return 1
         fi