package khttp

import (
	"fmt"
	"github.com/ubccr/kerby"
	"log"
	"net/http"
	"strings"
)

func Handler(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		authReq := strings.Split(r.Header.Get(authorizationHeader), " ")
		if len(authReq) != 2 || authReq[0] != negotiateHeader {
			w.Header().Set(wwwAuthenticateHeader, negotiateHeader)
			http.Error(w, "Invalid authorization header", http.StatusUnauthorized)
			return
		}

		ks := new(kerby.KerbServer)
		err := ks.Init("")
		if err != nil {
			log.Printf("KerbServer Init Error: %s", err.Error())
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		defer ks.Clean()

		err = ks.Step(authReq[1])
		if err != nil {
			log.Printf("KerbServer Step Error: %s", err.Error())
			http.Error(w, err.Error(), http.StatusUnauthorized)
			return
		}

		w.Header().Set(wwwAuthenticateHeader, fmt.Sprintf("%s %s", negotiateHeader, ks.Response()))
		h.ServeHTTP(w, r)
	})
}