module Sinatra
  module DevopsAuth
    module Helpers
      def protect!
        return if auth_with_basic?
        headers['WWW-Authenticate'] = 'Basic realm="Restricted Area"'
        halt 401, "Not authorized\n"
      end

      def auth_with_basic?
        @auth ||= Rack::Auth::Basic::Request.new(request.env)
        if @auth.provided? and @auth.basic? and @auth.credentials
          c = @auth.credentials
          begin
            u = Devops::Model::User.auth(c[0], c[1])
            return false if u.nil?
            request.env['REMOTE_USER'] = c[0]
            request.env['USER'] = u
            true
          rescue Devops::Exception::RecordNotFound => e
            false
          end
        else
          false
        end
      end
    end

    def self.registered(app)
      app.helpers Sinatra::DevopsAuth::Helpers
    end

  end
end