michael@0: function handleRequest(request, response)
michael@0: {
michael@0:   if ((request.queryString == "test=user1_xhr" &&
michael@0:        request.hasHeader("Authorization") &&
michael@0:        request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=") ||
michael@0:       (request.queryString == "test=user1_evtsrc" &&
michael@0:        request.hasHeader("Authorization") &&
michael@0:        request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=")) {
michael@0:     response.setStatusLine(null, 200, "OK");
michael@0:     response.setHeader("Content-Type", "text/event-stream", false);
michael@0:     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
michael@0:     response.setHeader("Access-Control-Allow-Credentials", "true", false);
michael@0:     response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
michael@0:     if (request.queryString == "test=user1_xhr") {
michael@0:       response.setHeader("Set-Cookie", "test=5c", false);
michael@0:     }
michael@0:     response.write("event: message\ndata: 1\n\n");
michael@0:   } else if ((request.queryString == "test=user2_xhr" &&
michael@0:               request.hasHeader("Authorization") &&
michael@0:               request.getHeader("Authorization") == "Basic dXNlciAyOnBhc3N3b3JkIDI=") ||
michael@0:              (request.queryString == "test=user2_evtsrc" &&
michael@0:               request.hasHeader("Authorization") &&
michael@0:               request.getHeader("Authorization") == "Basic dXNlciAyOnBhc3N3b3JkIDI=" &&
michael@0:               request.hasHeader("Cookie") &&
michael@0:               request.getHeader("Cookie") == "test=5d")) {
michael@0:     response.setStatusLine(null, 200, "OK");
michael@0:     response.setHeader("Content-Type", "text/event-stream", false);
michael@0:     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
michael@0:     response.setHeader("Access-Control-Allow-Credentials", "true", false);
michael@0:     response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
michael@0:     if (request.queryString == "test=user2_xhr") {
michael@0:       response.setHeader("Set-Cookie", "test=5d", false);
michael@0:     }
michael@0:     response.write("event: message\ndata: 1\n\n");
michael@0:   } else if (request.queryString == "test=user1_xhr" ||
michael@0:              request.queryString == "test=user2_xhr") {
michael@0:     response.setStatusLine(null, 401, "Unauthorized");
michael@0:     response.setHeader("WWW-Authenticate", "basic realm=\"restricted\"", false);
michael@0:     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
michael@0:     response.setHeader("Access-Control-Allow-Credentials", "true", false);
michael@0:     response.write("Unauthorized");
michael@0:   } else {
michael@0:     response.setStatusLine(null, 403, "Forbidden");
michael@0:     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
michael@0:     response.setHeader("Access-Control-Allow-Credentials", "true", false);
michael@0:     response.write("Forbidden");
michael@0:   }
michael@0: }