var ldap = require('ldapjs');
var session = require('express-session');
var router = module.parent.router;

module.exports = function(plugin) {
  plugin.defaults({
    "session": {
      secret: 'session-ldap',
      resave: false,
      saveUninitialized: true
    },
    // See https://github.com/joyent/node-ldapjs/blob/master/docs/client.md#create-a-client
    "bind": {
      dn: "cn=%u,ou=People,dc=domain",
      password: "%u"
    }
  });


  function requestAuth(res) {
    res.set('WWW-Authenticate', 'Basic realm="Auth"');
    res.status(401).send('Auth required.');
  }

  router.all('*', session(plugin.conf.session));
  router.all('*', function(req, res, next) {
    if (req.session.isValid) {
      next();
      return;
    }
    // parse login and password from headers
    var b64auth = (req.headers.authorization || '').split(' ')[1] || '';
    var strauth = new Buffer(b64auth, 'base64').toString();
    var splitIndex = strauth.indexOf(':');
    var login = strauth.substring(0, splitIndex);
    var password = strauth.substring(splitIndex + 1);

    if (!login || !password) {
      requestAuth(res);
      return;
    }

    // It seems stupid to create a client each time, but joyent's ldapjs cannot bind then unbind to the same client multiple times...
    var client = ldap.createClient(plugin.conf.options)

    client.bind(plugin.conf.bind.dn.replace('%u', login), plugin.conf.bind.password.replace('%p', password), function(err) {
      if (err) {
        console.log('E: ldap.bind: ', err)
        requestAuth(res);
      } else {
        req.session.isValid = true;
        client.unbind(function(err) {
          if (err) {
            console.log('E: ldap.unbind: ', err)
          }
        })
        next();
      }
    })
  });
};