#!/usr/bin/perl
#
#
use strict;
use Carp;
use CGI::Simple;
use IPC::Open3;

my $configfile = $ENV{rest_auth_configfile} || '/etc/benno-import-tools/rest_auth.conf';
my $DEBUG = $ENV{DEBUG};


my $accept_type = 'text/plain';

my $q = CGI::Simple->new;
$q->charset('UTF-8');

my $accept_header = $q->http('Accept');
my $auth_string   = $q->param('POSTDATA');
my $request_key   = $q->url_param('apikey');

my $config;
eval {
    $config = read_config($configfile);
};
if ($@) {
    print STDERR "[REST_AUTH:0] configuration error: $@";
    return_error($q,'500 Internal Server Error',$accept_type);
}

return_error($q,'400 Bad Request', $accept_type) if ($accept_header ne $accept_type);
return_error($q,'403 Forbidden', $accept_type) unless $request_key;
return_error($q,'401 Unauthorized', $accept_type, 'API KEY mismatch') if ($request_key ne $config->{REST_AUTH_APIKEY});

# OK
print $q->header(
    -type   => 'text/plain',
    -status => 200,
);

my($wtr, $rdr, $err);
use Symbol 'gensym'; $err = gensym;
my $pid = open3($wtr, $rdr, $err, $config->{REST_AUTH_PROGRAM});
foreach my $line (split /\\n/, $auth_string) {
    print $wtr "$line\n";
}
close $wtr;
waitpid( $pid, 0 );
my $child_exit_status = $? >> 8;


foreach my $line (<$rdr>) {
    print STDERR "[REST_AUTH:4] RETURN $line\n" if $DEBUG >= 4;
    print $line;
}
 
foreach my $errline (<$err>) {
    print STDERR "$errline\n";
}



### SUBS ###

# return_error
sub return_error
{
    my ($q,$status,$type,$errmsg) = @_;

    print $q->header(
        -type   => $accept_type,
        -status => $status,
    );
    print STDERR "[REST_AUTH:0] $status";
    print STDERR ": $errmsg" if $errmsg;
    print STDERR "\n";
    print "ERR_INTERN\n";
    exit;
}

# read_config
sub read_config
{
    my $configfile = shift;
    my $config = {};
    open my $ch, $configfile or croak "Cannot open config file $configfile. $!\n";
    foreach my $line (<$ch>) {
        next if $line =~ /^$/;
        next if$line  =~ /^#/;
        chomp $line;
        my ($param,$value) = split(/\s*=\s*/,$line,2);
        $config->{$param} = $value;
    }
    close $ch;

    $config->{REST_AUTH_APIKEY}  || die "ERROR apikey \"REST_AUTH_APIKEY\" not defined\n";
    $config->{REST_AUTH_PROGRAM} = '/usr/sbin/benno_auth.d' unless $config->{REST_AUTH_PROGRAM};

    return $config;
}


1; ### EOP ###

