1 files changed, 45 insertions, 20 deletions

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 163f5b83..61142b71 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -70,45 +70,70 @@ impl Authorizer for CedarAuthorizer {
             None => return false,
         };
 
+        tracing::info!(
+            method = %http_request.method,
+            host = %http_request.host,
+            path = %http_request.path,
+            scheme = %http_request.scheme,
+            protocol = %http_request.protocol,
+            "Processing HTTP request"
+        );
+
         if http_request.host == "sparkle.staging.runway.gitlab.net" {
             if http_request.method == "GET" && http_request.path == "/" {
+                tracing::info!(
+                    host = %http_request.host,
+                    "Allowing health check request"
+                );
                 return true;
             }
         }
 
-        let headers = match request
-            .attributes
-            .as_ref()
-            .and_then(|attr| attr.request.as_ref())
-            .and_then(|req| req.http.as_ref())
-            .map(|http| &http.headers)
-        {
-            Some(headers) => headers,
-            None => return false,
-        };
+        let headers = &http_request.headers;
 
-        // Extract authorization token
         let bearer_token = headers
             .get("authorization")
             .and_then(|auth| auth.strip_prefix("Bearer "))
             .unwrap_or("");
 
-        // Extract request path for static asset checking
-        let path = headers
-            .get(":path")
-            .or_else(|| headers.get("path"))
-            .map_or("", |v| v.as_str());
+        tracing::info!(
+            path = %http_request.path,
+            has_bearer_token = !bearer_token.is_empty(),
+            user_agent = ?headers.get("user-agent"),
+            x_request_id = ?headers.get("x-request-id"),
+            content_type = ?headers.get("content-type"),
+            "Extracted request details"
+        );
 
-        // Create Cedar entities and request
-        match self.create_cedar_request(bearer_token, path) {
+        match self.create_cedar_request(bearer_token, &http_request.path.to_string()) {
             Ok(cedar_request) => {
                 let entities = Entities::empty();
                 let response =
                     self.authorizer
                         .is_authorized(&cedar_request, &self.policies, &entities);
-                matches!(response.decision(), cedar_policy::Decision::Allow)
+
+                let decision = response.decision();
+                let is_allowed = matches!(decision, cedar_policy::Decision::Allow);
+
+                tracing::info!(
+                    method = %http_request.method,
+                    host = %http_request.host,
+                    path = %http_request.path,
+                    decision = ?decision,
+                    allowed = is_allowed,
+                    "Authorization decision"
+                );
+
+                is_allowed
+            }
+            Err(e) => {
+                tracing::error!(
+                    error = %e,
+                    path = %http_request.path,
+                    "Failed to create Cedar request"
+                );
+                false
             }
-            Err(_) => false,
         }
     }
 }