Auth: adds JWT bearer auth via /authenticate.

Works in addition to digest auth

kordophone/Bridge/MBIMHTTPConnection.m

@@ -11,8 +11,14 @@
 #import "MBIMBridge.h"
 #import "MBIMBridge_Private.h"
 #import "MBIMBridgeOperation.h"
+#import "MBIMAuthToken.h"
 
 #import <Security/Security.h>
+#import <CocoaHTTPServer/HTTPMessage.h>
+
+@interface HTTPConnection (/* INTERNAL */)
+- (BOOL)isAuthenticated;
+@end
 
 @implementation MBIMHTTPConnection {
     NSMutableData *_bodyData;
@@ -31,7 +37,15 @@
 
 - (BOOL)isPasswordProtected:(NSString *)path
 {
-    return [[MBIMBridge sharedInstance] usesAccessControl];
+    if ([[MBIMBridge sharedInstance] usesAccessControl]) {
+        NSURL *url = [NSURL URLWithString:path];
+        NSString *endpointName = [url lastPathComponent];
+        
+        Class operationClass = [MBIMBridgeOperation operationClassForEndpointName:endpointName];
+        return [operationClass requiresAuthentication];
+    }
+    
+    return NO;
 }
 
 - (NSString *)passwordForUser:(NSString *)username
@@ -41,7 +55,23 @@
         return bridge.authPassword;
     }
     
-    return @"";
+    // nil means "user not in system"
+    return nil;
+}
+
+- (BOOL)isAuthenticated
+{
+    NSString *authInfo = [request headerField:@"Authorization"];
+    if ([authInfo hasPrefix:@"Bearer"]) {
+        NSArray *bearerAuthTuple = [authInfo componentsSeparatedByString:@" "];
+        if ([bearerAuthTuple count] == 2) {
+            NSString *jwtToken = [bearerAuthTuple objectAtIndex:1];
+            MBIMAuthToken *authToken = [[MBIMAuthToken alloc] initWithTokenString:jwtToken];
+            return [authToken isValid];
+        }
+    }
+    
+    return [super isAuthenticated];
 }
 
 - (BOOL)useDigestAccessAuthentication