defmodule Boruta.BasicAuth do
@moduledoc """
HTTP BasicAuth utilities
Provide utilities to decode Basic authorization header as stated in [RFC 7617 - The 'Basic' HTTP Authentication Scheme](https://tools.ietf.org/html/rfc7617)
"""
@doc """
Decode given authorization header and returns an array containing username and password.
## Examples
iex> Boruta.BasicAuth.decode("Basic dXNlcm5hbWU6cGFzc3dvcmQ=")
{:ok, ["username", "password"]}
iex> Boruta.BasicAuth.decode("bad_authorization_header")
{:error, "`bad_authorization_header` is not a valid Basic authorization header."}
"""
@spec decode(authorization_header :: String.t()) :: {:ok, list(String.t())} | {:error, String.t()}
def decode("Basic " <> encoded) do
with {:ok, decoded} <- Base.decode64(encoded),
[username, password] <- String.split(decoded, ":") do
{:ok, [username, password]}
else
_ -> {:error, "Given credentials are invalid."}
end
end
def decode(string) when is_binary(string), do: {:error, "`#{string}` is not a valid Basic authorization header."}
end