From 8a6d63ff3eaa6ccbb8f0a599d71c464e95bc3733 Mon Sep 17 00:00:00 2001
From: "Rodrigo Rodriguez (Pragmatismo)" <me@rodrigorodriguez.com>
Date: Sat, 10 Jan 2026 14:24:56 -0300
Subject: [PATCH] debug: add logging for auth header extraction

---
 src/security/auth.rs | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/security/auth.rs b/src/security/auth.rs
index e8f18700c..fb8af15ea 100644
--- a/src/security/auth.rs
+++ b/src/security/auth.rs
@@ -920,13 +920,28 @@ impl ExtractedAuthData {
             .and_then(|v| v.to_str().ok())
             .map(|s| s.to_string());
 
-        let bearer_token = request
+        // Debug: log raw Authorization header
+        let raw_auth = request
             .headers()
             .get(header::AUTHORIZATION)
-            .and_then(|v| v.to_str().ok())
+            .and_then(|v| v.to_str().ok());
+
+        if let Some(auth) = raw_auth {
+            debug!("Raw Authorization header: {}", &auth[..std::cmp::min(50, auth.len())]);
+        } else {
+            warn!("No Authorization header found in request to {}", request.uri().path());
+        }
+
+        let bearer_token = raw_auth
             .and_then(|s| s.strip_prefix(&config.bearer_prefix))
             .map(|s| s.to_string());
 
+        if bearer_token.is_some() {
+            debug!("Bearer token extracted successfully");
+        } else if raw_auth.is_some() {
+            warn!("Authorization header present but failed to extract bearer token. Prefix expected: '{}'", config.bearer_prefix);
+        }
+
         let session_id = extract_session_from_cookies(request, &config.session_cookie_name);
 
         let user_id_header = request