From 601de5a9af3532798aaf13969d9e509f63af64b6 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 13 Mar 2025 08:40:13 -0600
Subject: refactor: use rack to parse authorization header

---
 bin/api | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'bin')

diff --git a/bin/api b/bin/api
index 53326388..dbec0d93 100755
--- a/bin/api
+++ b/bin/api
@@ -95,9 +95,11 @@ class API
   private
 
   def authorized?(request, permission, resource = Organization.new(id: 1))
-    token = request&.get_header('HTTP_AUTHORIZATION')&.split(' ', 2)&.last
+    authorization = Rack::Auth::AbstractRequest.new(request.env)
+    return false unless authorization.provided?
+
     response = rpc.allowed(
-      subject: token,
+      subject: authorization.params,
       permission: permission,
       resource: ::GlobalID.create(resource, app: "example").to_s
     )
-- 
cgit v1.2.3