1 files changed, 13 insertions, 17 deletions

diff --git a/src/authorization/cedar_authorizer.rs b/src/authorization/cedar_authorizer.rs
index 432102ef..17867aba 100644
--- a/src/authorization/cedar_authorizer.rs
+++ b/src/authorization/cedar_authorizer.rs
@@ -1,10 +1,9 @@
 use super::authorizer::Authorizer;
 use cedar_policy::{
     Authorizer as CedarAuth, Context, Entities, EntityId, EntityTypeName, EntityUid, PolicySet,
-    Request as CedarRequest, RestrictedExpression,
+    Request as CedarRequest,
 };
 use envoy_types::ext_authz::v3::pb::CheckRequest;
-use std::collections::HashMap;
 use std::fs;
 use std::str::FromStr;
 
@@ -86,14 +85,7 @@ impl Authorizer for CedarAuthorizer {
             return true;
         }
 
-        let headers = &http_request.headers;
-
-        let bearer_token = headers
-            .get("authorization")
-            .and_then(|auth| auth.strip_prefix("Bearer "))
-            .unwrap_or("");
-
-        match self.create_cedar_request(bearer_token, &http_request.path.to_string()) {
+        match self.create_cedar_request(http_request.clone()) {
             Ok(cedar_request) => {
                 let entities = Entities::empty();
                 let response =
@@ -117,9 +109,14 @@ impl Authorizer for CedarAuthorizer {
 impl CedarAuthorizer {
     fn create_cedar_request(
         &self,
-        bearer_token: &str,
-        path: &str,
+        http_request: envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest,
     ) -> Result<CedarRequest, Box<dyn std::error::Error>> {
+        let headers = &http_request.headers;
+        let bearer_token = headers
+            .get("authorization")
+            .and_then(|auth| auth.strip_prefix("Bearer "))
+            .unwrap_or("");
+
         // Create principal entity
         let principal_id = EntityId::from_str("client")?;
         let principal_type = EntityTypeName::from_str("User")?;
@@ -135,18 +132,17 @@ impl CedarAuthorizer {
         let resource_type = EntityTypeName::from_str("Resource")?;
         let resource = EntityUid::from_type_name_and_id(resource_type, resource_id);
 
-        // Create context with bearer token and path
-        let mut context_map = HashMap::new();
+        let mut context_map = std::collections::HashMap::new();
         if !bearer_token.is_empty() {
             context_map.insert(
                 "bearer_token".to_string(),
-                RestrictedExpression::from_str(&format!("\"{bearer_token}\""))?,
+                cedar_policy::RestrictedExpression::from_str(bearer_token)?,
             );
         }
-        if !path.is_empty() {
+        if !http_request.path.is_empty() {
             context_map.insert(
                 "path".to_string(),
-                RestrictedExpression::from_str(&format!("\"{path}\""))?,
+                cedar_policy::RestrictedExpression::from_str(&http_request.path.to_string())?,
             );
         }