refactor: use rack to parse authorization header

author: mo khan <mo@mokhan.ca> 2025-03-13 08:40:13 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-13 08:40:13 -0600
commit: 601de5a9af3532798aaf13969d9e509f63af64b6 (patch)
tree: ce1fab5bad36fa1092dc1322bb332d5132f5f18f /bin/api
parent: 9b267c499709472cd20d95df76b53fc6c571e797 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/bin/api b/bin/api
index 5332638..dbec0d9 100755
--- a/bin/api
+++ b/bin/api
@@ -95,9 +95,11 @@ class API
   private
 
   def authorized?(request, permission, resource = Organization.new(id: 1))
-    token = request&.get_header('HTTP_AUTHORIZATION')&.split(' ', 2)&.last
+    authorization = Rack::Auth::AbstractRequest.new(request.env)
+    return false unless authorization.provided?
+
     response = rpc.allowed(
-      subject: token,
+      subject: authorization.params,
       permission: permission,
       resource: ::GlobalID.create(resource, app: "example").to_s
     )
author	mo khan <mo@mokhan.ca>	2025-03-13 08:40:13 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-13 08:40:13 -0600
commit	601de5a9af3532798aaf13969d9e509f63af64b6 (patch)
tree	ce1fab5bad36fa1092dc1322bb332d5132f5f18f /bin/api
parent	9b267c499709472cd20d95df76b53fc6c571e797 (diff)