Commit 601de5a

mo khan <mo@mokhan.ca>
2025-03-13 14:40:13
refactor: use rack to parse authorization header
main
1 parent 9b267c4
Changed files (1)
bin
api
bin/api
@@ -95,9 +95,11 @@ class API
   private
 
   def authorized?(request, permission, resource = Organization.new(id: 1))
-    token = request&.get_header('HTTP_AUTHORIZATION')&.split(' ', 2)&.last
+    authorization = Rack::Auth::AbstractRequest.new(request.env)
+    return false unless authorization.provided?
+
     response = rpc.allowed(
-      subject: token,
+      subject: authorization.params,
       permission: permission,
       resource: ::GlobalID.create(resource, app: "example").to_s
     )