ruby-roda/auth_middleware.rb

class AuthMiddleware
  def initialize(app)
    @app = app
  end

  def call(env)
    auth = env['HTTP_AUTHORIZATION']
    if auth == "Bearer mysecrettoken"
      @app.call(env)
    else
      [401, { "Content-Type" => "application/json" }, [{ error: "Unauthorized" }.to_json]]
    end
  end
end