From 9931199b8d88114b7b5ec23bd3f8f3fe2ff63253 Mon Sep 17 00:00:00 2001
From: Daniel Barber <github@danbarber.me>
Date: Tue, 12 Nov 2019 21:19:04 -0500
Subject: [PATCH] Properly authenticate the client

---
 lib/micropub/webserver.rb | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/lib/micropub/webserver.rb b/lib/micropub/webserver.rb
index 0f6db95..dfd188d 100644
--- a/lib/micropub/webserver.rb
+++ b/lib/micropub/webserver.rb
@@ -10,13 +10,15 @@ module Micropub
 
     github = Github.new
 
-    endpoints = Indieauth::Endpoints.new(ENV.fetch("SITE_URL"))
-    token = Indieauth::Token.new(endpoints.token_endpoint)
-
     get '/' do
       "Hello, World!"
     end
 
+    get '/view-headers' do
+      content_type :text
+      json request.env
+    end
+
     get "/micropub/main" do
       json data: {
         posts: github.posts
@@ -24,7 +26,7 @@ module Micropub
     end
 
     post "/micropub/main" do
-      if token.validate(ENV.fetch("INDIEAUTH_TOKEN"))
+      if valid_token?
         post = Post.new(params)
 
         if github.post!(post)
@@ -37,5 +39,17 @@ module Micropub
         status 401
       end
     end
+
+    def valid_token?
+      token = Indieauth::Token.new(endpoints.token_endpoint)
+
+      auth_type, auth_token = request.env["HTTP_AUTHORIZATION"]&.split(" ")
+
+      auth_type == "Bearer" && token.validate(auth_token)
+    end
+
+    def endpoints
+      @_endpoints ||= Indieauth::Endpoints.new(ENV.fetch("SITE_URL"))
+    end
   end
 end