package main

import (
	"strings"

	restful "github.com/emicklei/go-restful"
)

func adminAuth(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
	tokenAuth(req, resp, chain, *adminToken)
}

func hostsAuth(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
	tokenAuth(req, resp, chain, *hostsToken, *adminToken)
}

func tokenAuth(req *restful.Request, resp *restful.Response, chain *restful.FilterChain, allowedTokens ...string) {
	token := getToken(req)

	for _, allowedToken := range allowedTokens {
		if allowedToken == "" || token == allowedToken {
			chain.ProcessFilter(req, resp)
			return
		}
	}

	resp.WriteErrorString(401, "401: Not Authorized")
	return
}

func getToken(req *restful.Request) string {
	const bearerPrefix = "Bearer "

	token := req.HeaderParameter("Authorization")

	if token == "" {
		return req.QueryParameter("token")
	}

	if !strings.HasPrefix(token, bearerPrefix) {
		return ""
	}

	return token[len(bearerPrefix):]
}