use v6.d.PREVIEW;
use Cro::HTTP::Middleware;

# mixin for requests, carrying authentication info
role Ultramarine::Request::Authed {
    has Str $.user;
}

class Ultramarine::Middleware::Authentication
 does Cro::HTTP::Middleware::Request {
    has $.users;
    method process(Supply:D $request-stream) {
        supply whenever $request-stream -> $request {
            # here we would have some proper authentication logic
            my $user = $request.query-value('u')[0];
            my $valid;
            if (my $password = $request.query-value('p')[0]) {
                $valid = $.users.authenticate(:$user,:$password);
            }
            elsif (my $token = $request.query-value('t')[0]
                   and my $salt = $request.query-value('s')[0]) {
                $valid = $.users.authenticate(:$user,:$token,:$salt);
            }
            $request does Ultramarine::Request::Authed(:user($user))
                if $valid;

            emit $request;
        }
    }
}