From 27c6209ae57b5eaa116233e0bb36f61fc281d992 Mon Sep 17 00:00:00 2001
From: Paul Liverman III <paul.liverman.iii@gmail.com>
Date: Tue, 24 Apr 2018 18:43:07 -0700
Subject: [PATCH] implemented cookie-based and Authorization header-based
 authentication

---
 applications/api.moon | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/applications/api.moon b/applications/api.moon
index 7f57185..16dbcb7 100644
--- a/applications/api.moon
+++ b/applications/api.moon
@@ -12,17 +12,17 @@ class API extends Application
   @name: "api_"
 
   @before_filter( api_request =>
-    -- TODO implement Authorization: api_key VALUE as acceptable method to send api_key
-    abort "api_key not specified." unless @params.api_key -- this does not seem to be triggering!!!
+    return if @user
+    if auth = @req.headers["authorization"]
+      if auth\len! > 0
+        @params.api_key = auth
+    abort "api_key not specified." unless @params.api_key
     @api_key = APIKeys\find key: @params.api_key
     abort "Invalid api_key" unless @api_key
     @user = Users\find id: @api_key.user_id
     abort "Invalid api_key." unless @user -- NOTE this should also delete the api_key and error (this should never happen!)
   )
 
-  [err_test: "/err"]: api_request =>
-    error "this is a testing error"
-
   [new: "/new"]: api_request =>
     assert_valid @params, {
       {"content", exists: true, min_length: 1, "Task content not specified."}