require 'geminabox'
require 'rack/session/redis'
require 'securerandom'

Geminabox.data = '/srv/gems'
Geminabox.rubygems_proxy = true
Geminabox.allow_remote_failure = true
Geminabox.build_legacy = false
Geminabox.rubygems_proxy_merge_strategy = :combine_local_and_remote_gem_versions

# https://github.com/geminabox/geminabox/wiki/Http-Basic-Auth
Geminabox::Server.helpers do
  def protected!
    unless authorized?
      response['WWW-Authenticate'] = %(Basic realm="Geminabox")
      halt 401, "No pushing or deleting without auth.\n"
    end
  end

  def authorized?
    @auth ||=  Rack::Auth::Basic::Request.new(request.env)
    @auth.provided? &&
      @auth.basic? &&
      @auth.credentials &&
      @auth.credentials == [ENV.fetch('HTTP_BASIC_USER', SecureRandom.hex),
                            ENV.fetch('HTTP_BASIC_PASSWORD', SecureRandom.hex)]
  end
end

Geminabox::Server.before '/upload' do
  protected!
end

Geminabox::Server.before do
  protected! if request.delete?
end

Geminabox::Server.before '/api/v1/gems' do
  unless ENV['HTTP_AUTHORIZATION'] == 'API_KEY'
    halt 401, "Access Denied. Api_key invalid or missing.\n"
  end
end

use Rack::Session::Redis, redis_server: ENV['REDIS_SERVER']
use Rack::Protection

run Geminabox::Server