Open
Description
Currently, when a request comes in, we first look at its authorization header. If the header is valid and the creds are correct, we then look at the requested route. If the header is not valid, we return 401 Unauthorized status code. But we should first check whether the route is valid and then check the credentials.
For instance, running
curl -v localhost:8080/not/valid/route
returns 401 but it should return 404.