package htpasswd

import (
	"bytes"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
)

// Sha256 facilitates sha256 style hashing
type Sha256 struct{}

// Hash returns the hashed variant of the password or an error
func (ss *Sha256) Hash(passwd string) (string, error) {
	s := sha256.New()
	_, err := s.Write([]byte(passwd))
	if err != nil {
		return "", err
	}
	passwordSum := []byte(s.Sum(nil))
	return ss.Prefix() + base64.StdEncoding.EncodeToString(passwordSum), nil
}

// Match verifier the hashed password using the original
func (*Sha256) Match(password, hashedPassword string) error {
	eppS := hashedPassword[3:]
	hash, err := base64.StdEncoding.DecodeString(eppS)

	if err != nil {
		return fmt.Errorf("cannot base64 decode")
	}

	sha := sha256.New()
	_, err = sha.Write([]byte(password))

	if err != nil {
		return err
	}

	sum := sha.Sum(nil)

	if !bytes.Equal(sum, hash) {
		return fmt.Errorf("wrong password")
	}
	return nil
}

// Name returns the name of the hasher
func (*Sha256) Name() string { return "sha256" }

// Prefix returns the hasher's prefix
func (*Sha256) Prefix() string { return "$5$" }