1 files changed, 16 insertions, 5 deletions

diff --git a/src/extractors/auth_token.rs b/src/extractors/auth_token.rs
index c3f781c..9728146 100644
--- a/src/extractors/auth_token.rs
+++ b/src/extractors/auth_token.rs
@@ -26,26 +26,37 @@ impl FromRequest for AuthenticationToken {
             None => return ready(Err(ErrorUnauthorized("No authorization token given"))),
         };
 
-        let auth_token: String = auth_header.to_str().unwrap_or("").to_string(); // check errors later
-                                                                                 // stop empty and weird (ascii, chinese...) auth_token strings:
-        if auth_token.is_empty() {
+        /* Get value as &str */
+        let processed_header: &str = auth_header.to_str().unwrap_or("");
+        if processed_header.is_empty() {
             return ready(Err(ErrorUnauthorized("Invalid auth token!")));
         }
+
+        /* Accept both bearer tokens and raw tokens */
+        let splitted_header: Vec<&str> = processed_header.split_whitespace().collect();
+        let auth_token: String = match splitted_header[0] {
+            "Bearer" => splitted_header[1].to_string(),
+            _ => processed_header.to_string(),
+        };
+
+        /* Get application secret */
         let secret: String = req
             .app_data::<web::Data<AppState>>()
             .unwrap()
             .secret
             .to_string();
 
-        // decode token with secret
+        /* Decode token with secret */
         let decode: Result<TokenData<Claims>, JwtError> = decode::<Claims>(
             &auth_token,
             &DecodingKey::from_secret(secret.as_str().as_ref()),
             &Validation::new(Algorithm::HS256),
         );
 
+        // for testing purposes
         println!("{}", auth_token);
-        // return authenticationtoken
+
+        /* Return authenticationtoken */
         match decode {
             Ok(token) => ready(Ok(AuthenticationToken {
                 id: token.claims.id,