// Copyright 2020 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package authutil

import (
	"encoding/base64"
	"net/http"
	"strings"
)

// DecodeBasic extracts username and password from given header using HTTP Basic Auth.
// It returns empty strings if values are not presented or not valid.
func DecodeBasic(header http.Header) (username, password string) {
	if len(header) == 0 {
		return "", ""
	}

	fields := strings.Fields(header.Get("Authorization"))
	if len(fields) != 2 || fields[0] != "Basic" {
		return "", ""
	}

	p, err := base64.StdEncoding.DecodeString(fields[1])
	if err != nil {
		return "", ""
	}

	creds := strings.SplitN(string(p), ":", 2)
	if len(creds) == 1 {
		return creds[0], ""
	}
	return creds[0], creds[1]
}