auth fix

.htaccess

@@ -5,7 +5,7 @@ RewriteCond %{HTTPS} off
 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
 #token to HTTP_AUTHORIZATION
-RewriteCond %{HTTP:Authorization} ^(.)
+RewriteCond %{HTTP:Authorization} ^(.*)
 RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
 
 # serve all files from public subfolder

app/models/managers/AuthManager.php

@@ -52,8 +52,9 @@ class AuthManager {
 	}
 
 	public function validateToken($token){
-		$tokens = Db::loadAll('SELECT * FROM tokens WHERE token = ? AND expire >= CURRENT_TIMESTAMP AND blocked = 0;', array($token));
-		if (count($tokens) == 1) {
+		list($type, $hash) = explode(' ', $token);
+		$tokens = Db::loadAll('SELECT * FROM tokens WHERE token = ? AND expire >= CURRENT_TIMESTAMP AND blocked = 0;', array($hash));
+		if ($type == 'Bearer' && count($tokens) == 1) {
 			return true;
 		} else if (count($tokens) == 0) {
 			return false;

library/ApiController.php

@@ -20,7 +20,7 @@ class ApiController {
 		if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
 			// TODO: call appropriate class/method
 			$authManager = new AuthManager();
-			$this->authenticated = $authManager>validateToken($_SERVER['HTTP_AUTHORIZATION']);
+			$this->authenticated = $authManager->validateToken($_SERVER['HTTP_AUTHORIZATION']);
 			if(!$this->authenticated){
 				throw new Exception("Authorization required", 401);
 			}

public/.htaccess

@@ -7,9 +7,13 @@ RewriteCond %{REQUEST_FILENAME} !.css
 RewriteCond %{REQUEST_FILENAME} !.js
 RewriteRule (.*) ./index.php?url=$1 [QSA,L]
 
+#token to HTTP_AUTHORIZATION
+RewriteCond %{HTTP:Authorization} ^(.*)
+RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
+
 RewriteCond %{HTTPS} off
 RewriteCond %{REQUEST_FILENAME} !api.php
 RewriteCond %{REQUEST_FILENAME} !apiFront.php
 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 
-AddType application/x-httpd-php .php .phtml
+AddType application/x-httpd-php .php .phtml