module Grack
  class Auth < Rack::Auth::Basic

    def valid?
      # Authentication with username and password
      email, password = @auth.credentials
      user = User.find_by_email(email)
      return false unless user.try(:valid_password?, password)

      # Set GL_USER env variable
      ENV['GL_USER'] = email
      # Pass Gitolite update hook
      ENV['GL_BYPASS_UPDATE_HOOK'] = "true"

      # Need this patch due to the rails mount
      @env['PATH_INFO'] = @request.path
      @env['SCRIPT_NAME'] = ""

      # Find project by PATH_INFO from env
      if m = /^\/([\w-]+).git/.match(@request.path_info).to_a
        return false unless project = Project.find_by_path(m.last)
      end

      # Git upload and receive
      if @request.get?
        true
      elsif @request.post?
        if @request.path_info.end_with?('git-upload-pack')
          return project.dev_access_for?(user)
        elsif @request.path_info.end_with?('git-receive-pack')
          if project.protected_branches.map(&:name).include?(current_ref)
            project.master_access_for?(user)
          else
            project.dev_access_for?(user)
          end
        else
          false
        end
      else
        false
      end
    end# valid?

    def current_ref
      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
        input = Zlib::GzipReader.new(@request.body).read
      else
        input = @request.body.read
      end
      # Need to reset seek point
      @request.body.rewind
      /refs\/heads\/([\w-]+)/.match(input).to_a.first
    end
  end# Auth
end# Grack