split out validate_auth! to its own file

Author: GrantBirki

lib/hooks/app/api.rb

@@ -4,6 +4,7 @@
 require "json"
 require "securerandom"
 require_relative "helpers"
+require_relative "auth/auth"
 require_relative "../handlers/base"
 require_relative "../handlers/default"
 require_relative "../core/logger_factory"
@@ -19,6 +20,7 @@ module App
     # Factory for creating configured Grape API classes
     class API
       include Hooks::App::Helpers
+      include Hooks::App::Auth
 
       # Expose start_time for endpoint modules
       def self.start_time
@@ -52,7 +54,7 @@ def self.create(config:, endpoints:, log:)
         # Use class_eval to dynamically define routes
         api_class.class_eval do
           # Define helper methods first, before routes
-          helpers Helpers
+          helpers Helpers, Auth
 
           # Mount core operational endpoints
           mount Hooks::App::HealthEndpoint => config[:health_path]

lib/hooks/app/auth/auth.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Hooks
+  module App
+    module Auth
+      # Verify the incoming request using the configured authentication method
+      def validate_auth!(payload, headers, endpoint_config)
+        auth_config = endpoint_config[:auth]
+        auth_plugin_type = auth_config[:type].downcase
+        secret_env_key = auth_config[:secret_env_key]
+
+        return unless secret_env_key
+
+        secret = ENV[secret_env_key]
+        unless secret
+          error!("secret '#{secret_env_key}' not found in environment", 500)
+        end
+
+        auth_class = nil
+
+        case auth_plugin_type
+        when "hmac"
+          auth_class = Plugins::Auth::HMAC
+        when "shared_secret"
+          auth_class = Plugins::Auth::SharedSecret
+        else
+          error!("Custom validators not implemented in POC", 500)
+        end
+
+        unless auth_class.valid?(
+          payload:,
+          headers:,
+          secret:,
+          config: endpoint_config
+        )
+          error!("authentication failed", 401)
+        end
+      end
+    end
+  end
+end

lib/hooks/app/helpers.rb

@@ -29,40 +29,6 @@ def enforce_request_limits(config)
         # Note: Timeout enforcement would typically be handled at the server level (Puma, etc.)
       end
 
-      # Verify the incoming request using the configured authentication method
-      def validate_auth!(payload, headers, endpoint_config)
-        auth_config = endpoint_config[:auth]
-        auth_plugin_type = auth_config[:type].downcase
-        secret_env_key = auth_config[:secret_env_key]
-
-        return unless secret_env_key
-
-        secret = ENV[secret_env_key]
-        unless secret
-          error!("secret '#{secret_env_key}' not found in environment", 500)
-        end
-
-        auth_class = nil
-
-        case auth_plugin_type
-        when "hmac"
-          auth_class = Plugins::Auth::HMAC
-        when "shared_secret"
-          auth_class = Plugins::Auth::SharedSecret
-        else
-          error!("Custom validators not implemented in POC", 500)
-        end
-
-        unless auth_class.valid?(
-          payload:,
-          headers:,
-          secret:,
-          config: endpoint_config
-        )
-          error!("authentication failed", 401)
-        end
-      end
-
       # Parse request payload
       def parse_payload(raw_body, headers, symbolize: true)
         content_type = headers["Content-Type"] || headers["CONTENT_TYPE"] || headers["content-type"] || headers["HTTP_CONTENT_TYPE"]