package auth_test

import (
	"fmt"
	"net/http"

	"github.com/therootcompany/golib/auth"
)

// exampleCreds is a toy BasicAuthenticator used only in the example below.
type exampleCreds struct{}

func (exampleCreds) Authenticate(username, password string) (auth.BasicPrinciple, error) {
	return nil, fmt.Errorf("not implemented")
}

// ExampleRequestAuthenticator shows the typical usage pattern.
// Build a RequestAuthenticator once (at startup), attach your credential
// store as the Authenticator, then call Authenticate in each handler.
// Call Challenge before writing a 401 so the browser knows which scheme
// to offer.
func ExampleRequestAuthenticator() {
	ra := auth.NewRequestAuthenticator()
	ra.Authenticator = exampleCreds{} // swap in your real credential store

	http.HandleFunc("/api/", func(w http.ResponseWriter, r *http.Request) {
		principle, err := ra.Authenticate(r)
		if err != nil {
			ra.Challenge(w) // sets WWW-Authenticate: Basic
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}
		fmt.Fprintf(w, "hello %s", principle.ID())
	})
}