local auth_header = ngx.var.http_authorization

local function authenticate()
    ngx.header.content_type = 'text/plain'
    ngx.header.www_authenticate = 'Basic realm="Restricted Area"'
    ngx.status = ngx.HTTP_UNAUTHORIZED
    ngx.say('Unauthorized')
    ngx.exit(ngx.HTTP_UNAUTHORIZED)
end

if not auth_header then
    return authenticate()
end

local _, _, encoded = string.find(auth_header, "Basic%s+(.+)")
if not encoded then
    return authenticate()
end


local decoded = ngx.decode_base64(encoded)
local user_account, user_password = decoded:match("([^:]+):(.+)")

ngx.log(ngx.INFO, encoded, " ", user_account, " ", user_password)

local accounts = require("lua/accounts")
local credentials = accounts.credentials()

if credentials and credentials[user_account] == user_password then
    return
else
    return authenticate()
end