package auth

import (
	"net/http"
	"strings"
	"encoding/base64"
)

type BasicAuth struct {
	users map[string]string
}


func (ba *BasicAuth) authenticate(user, password string) bool {
	pass,ok := ba.users[user]
	if !ok {
		return false
	}

	if pass == password {
		return true
	}

	return false
}

func (ba *BasicAuth) DoAuth(h http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)

		s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
		if len(s) != 2 {
			http.Error(w, "Not authorized", 401)
			return
		}

		b, err := base64.StdEncoding.DecodeString(s[1])
		if err != nil {
			http.Error(w, err.Error(), 401)
			return
		}

		pair := strings.SplitN(string(b), ":", 2)
		if len(pair) != 2 {
			http.Error(w, "Not authorized", 401)
			return
		}

		if !ba.authenticate(pair[0], pair[1]) {
			http.Error(w, "Not authorized", 401)
			return
		}

		h.ServeHTTP(w, r)
	}
}


func  (ba *BasicAuth) AddUser(user, password string) {
	ba.users[user] = password
}

func NewBasicAuth() *BasicAuth {
	return &BasicAuth{
		users: make(map[string]string),
	}
}