package POE::Component::Server::HTTPServer::BasicAuthenHandler;
use strict;
use HTTP::Status;
use MIME::Base64 qw( decode_base64 );
use POE::Component::Server::HTTPServer::Handler qw( H_CONT H_FINAL );
use base 'POE::Component::Server::HTTPServer::Handler';

sub _init {
  my $self = shift;
  my $realm = shift;
  $self->{realm} = $realm;
}

sub handle {
  my $self = shift;
  my $context = shift;
  my $cred = $context->{request}->header('Authorization');
  if ( defined($cred) && $cred =~ /^Basic\s+(.*)$/ ) {
    my $unscrambled = decode_base64($1);
    if ( my($username,$password) = ( $unscrambled=~/^(.*?):(.*)/ ) ) {
      $context->{basic_username} = $username;
      $context->{basic_password} = $password;
      return H_CONT;
    }
  }
  # respond with basic auth challenge
  return $self->authen_challenge($context);
}

sub authen_challenge {
  my $self = shift;
  my $context = shift;
  my $realm = $self->{realm};
  $context->{response}->header('WWW-Authenticate', 
			       qq{Basic realm="$realm"});
  $context->{response}->code( RC_UNAUTHORIZED );
  $context->{response}->content( "<HTML><BODY>Unauthorized</BODY></HTML>\n" );
  return H_FINAL;
}

1;
__END__

=pod

=head1 NAME

POE::Component::Server::HTTPServer::BasicAuthenHandler - Basic HTTP Basic Authentication

=head1 SYNOPSIS

    use POE::Component::Server::HTTPServer;
    
    my $server = POE::Component::Server::HTTPServer->new();
    $server->handlers( [
        '/protected' => new_handler( 'BasicAuthenHandler', 'realm' ),
        '/protected' => MyAuthorizationHandler->new(),
        '/protected' => new_handler( 'StaticHandler', './secretdox' ),
    ] );

=head1 DESCRIPTION

BasicAuthenHandler performs the necessary processing on requests to
support HTTP Basic authentication.  If the user-agent making the
request supplies authentication information (via the
C<WWW-Authenticate> header), this handler extracts the supplied user
name and password and sets the context attributes C<basic_username>
and C<basic_password> respectively.  If no authentication is given,
the handler generates and returns an appropriate C<403 Unauthorized>
response.

Note that this handler performs authentication only, it does not
perform authorization.  You will need to supply logic to check the
user name and password for your own purposes.

=head1 SEE ALSO

L<POE::Component::Server::HTTPServer::Handler>

=head1 AUTHOR

Greg Fast <gdf@speakeasy.net>

=head1 COPYRIGHT

Copyright 2003 Greg Fast.

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut