// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// Package auth provides access to user-provided authentication credentials.
package auth

import "net/http"

// AddCredentials fills in the user's credentials for req, if any.
// The return value reports whether any matching credentials were found.

package vcweb

import (
	"encoding/json"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"
	"path"
	"strings"
)

// authHandler serves requests only if the Basic Auth data sent with the request
// matches the contents of a ".access" file in the requested directory.
//
// For each request, the handler looks for a file named ".access" and parses it

handle auth

modzip vcs-test.golang.org/auth/or404/@v/v0.0.0-20190405155004-2234c475880e.zip vcs-test.golang.org/auth/or404@v0.0.0-20190405155004-2234c475880e .moddir

-- .access --
{
	"Username": "aladdin",
	"Password": "opensesame",
	"StatusCode": 404,
	"Message": "File? What file?"
}
-- index.html --
<!DOCTYPE html>
<html>
<meta name="go-import" content="vcs-test.golang.org/auth/or404 mod https://vcs-test.golang.org/auth/or404">

handle auth

modzip vcs-test.golang.org/auth/or401/@v/v0.0.0-20190405155051-52df474c8a8b.zip vcs-test.golang.org/auth/or401@v0.0.0-20190405155051-52df474c8a8b .moddir

-- .access --
{
	"Username": "aladdin",
	"Password": "opensesame",
	"StatusCode": 401,
	"Message": "ACCESS DENIED, buddy"
}
-- index.html --
<!DOCTYPE html>
<html>
<meta name="go-import" content="vcs-test.golang.org/auth/or401 mod https://vcs-test.golang.org/auth/or401">

# (For now, exactly eight.)
! go list -m vcs-test.golang.org/auth/ormanylines@latest
stderr '\tserver response:\n(.|\n)*\tline 8\n\t\[Truncated: too many lines.\]$'

# Server responses should be truncated to some reasonable number of characters.
! go list -m vcs-test.golang.org/auth/oronelongline@latest
! stderr 'blah{40}'
stderr '\tserver response: \[Truncated: too long\.\]$'

# basic auth should fail.
env NETRC=$WORK/empty
! go mod tidy
stderr '^\tserver response: ACCESS DENIED, buddy$'
stderr '^\tserver response: File\? What file\?$'

# With credentials from a netrc file, it should succeed.
env NETRC=$WORK/netrc
go mod tidy
go list all
stdout vcs-test.golang.org/auth/or401
stdout vcs-test.golang.org/auth/or404

-- go.mod --
module private.example.com

handle auth

-- .access --
{
	"Username": "aladdin",
	"Password": "opensesame",
	"StatusCode": 404,

	}
	if len(data) > 0 {
		var s [16]byte
		copy(s[:], data)
		gcmHash(hash[:], &g.productTable, s[:], len(s))
	}
}

// auth calculates GHASH(ciphertext, additionalData), masks the result with
// tagMask and writes the result to out.
func (g *gcmAsm) auth(out, ciphertext, aad []byte, tagMask *[gcmTagSize]byte) {
	var hash [16]byte
	g.paddedGHASH(&hash, aad)
	g.paddedGHASH(&hash, ciphertext)

handle auth

-- .access --
{
	"Username": "aladdin",
	"Password": "opensesame",
	"StatusCode": 404,
	"Message": "line 1\nline 2\nline 3\nline 4\nline 5\nline 6\nline 7\nline 8\nline 9\nline 10\nline 11\nline 12\nline 13\nline 14\nline 15\nline 16"

		lens := gcmLengths(0, uint64(len(nonce))*8)
		g.paddedGHASH(&hash, lens[:])
		copy(counter[:], hash[:])
	}
	return counter
}

// auth calculates GHASH(ciphertext, additionalData), masks the result with
// tagMask and writes the result to out.
func (g *gcmAsm) auth(out, ciphertext, additionalData []byte, tagMask *[gcmTagSize]byte) {
	var hash [16]byte
	g.paddedGHASH(&hash, additionalData)
	g.paddedGHASH(&hash, ciphertext)