michael@0:  /* Any copyright is dedicated to the Public Domain.
michael@0:    http://creativecommons.org/publicdomain/zero/1.0/ */
michael@0: 
michael@0: Cu.import("resource://services-common/utils.js");
michael@0: 
michael@0: function basic_auth_header(user, password) {
michael@0:   return "Basic " + btoa(user + ":" + CommonUtils.encodeUTF8(password));
michael@0: }
michael@0: 
michael@0: function basic_auth_matches(req, user, password) {
michael@0:   if (!req.hasHeader("Authorization")) {
michael@0:     return false;
michael@0:   }
michael@0: 
michael@0:   let expected = basic_auth_header(user, CommonUtils.encodeUTF8(password));
michael@0:   return req.getHeader("Authorization") == expected;
michael@0: }
michael@0: 
michael@0: function httpd_basic_auth_handler(body, metadata, response) {
michael@0:   if (basic_auth_matches(metadata, "guest", "guest")) {
michael@0:     response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
michael@0:     response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
michael@0:   } else {
michael@0:     body = "This path exists and is protected - failed";
michael@0:     response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
michael@0:     response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
michael@0:   }
michael@0:   response.bodyOutputStream.write(body, body.length);
michael@0: }