package main

import (
	"errors"
	"fmt"
	"net/http"
	"time"

	"github.com/thermokarst/jwt"
)

func protectMe(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "secured")
}

func dontProtectMe(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "not secured")
}

func main() {
	authFunc := func(email string, password string) error {
		// Hard-code a user
		if email != "test" || password != "test" {
			return errors.New("invalid credentials")
		}
		return nil
	}

	claimsFunc := func(string) (map[string]interface{}, error) {
		currentTime := time.Now()
		return map[string]interface{}{
			"iat": currentTime.Unix(),
			"exp": currentTime.Add(time.Minute * 60 * 24).Unix(),
		}, nil
	}

	verifyClaimsFunc := func([]byte) error {
		// We don't really care about the claims, just approve as-is
		return nil
	}

	config := &jwt.Config{
		Secret: "password",
		Auth:   authFunc,
		Claims: claimsFunc,
	}

	j, err := jwt.New(config)
	if err != nil {
		panic(err)
	}

	protect := http.HandlerFunc(protectMe)
	dontProtect := http.HandlerFunc(dontProtectMe)

	http.Handle("/authenticate", j.GenerateToken())
	http.Handle("/secure", j.Secure(protect, verifyClaimsFunc))
	http.Handle("/insecure", dontProtect)
	http.ListenAndServe(":8080", nil)
}