Imports System.Net.Http
Imports System.Security.Principal
Imports System.Threading
Imports System.Web.Http
Imports System.Web.Http.Controllers
Imports System.Text
Imports VERAG_PROG_ALLGEMEIN
Imports System.Net
Imports System.Web.Http.Filters

Public Class BasicAuthenticationAttribute
    Inherits AuthorizationFilterAttribute

    Public Overrides Sub OnAuthorization(ByVal actionContext As HttpActionContext)
        ' Check for AllowAnonymous attribute on method or controller
        If actionContext.ActionDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() OrElse
           actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes(Of AllowAnonymousAttribute)().Any() Then
            Return
        End If

        Dim authHeader = actionContext.Request.Headers.Authorization

        If authHeader IsNot Nothing Then
            Dim authenticationToken = authHeader.Parameter
            Dim decodedAuthenticationToken As String = ""
            Try
                decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken))
            Catch
                HandleUnathorized(actionContext)
                Return
            End Try

            Dim usernamePasswordArray = decodedAuthenticationToken.Split(":"c)
            If usernamePasswordArray.Length >= 2 Then
                Dim userName = usernamePasswordArray(0)
                Dim password = usernamePasswordArray(1)

                Dim isValid = getCredentials(userName, password)

                If isValid Then
                    Dim principal = New GenericPrincipal(New GenericIdentity(userName), Nothing)
                    Thread.CurrentPrincipal = principal
                    Return
                End If
            End If
        End If

        HandleUnathorized(actionContext)
    End Sub

    Private Shared Sub HandleUnathorized(ByVal actionContext As HttpActionContext)
        actionContext.Response = New HttpResponseMessage(HttpStatusCode.Unauthorized)
        actionContext.Response.Headers.Add("WWW-Authenticate", "Basic realm=""Data""")
    End Sub

    Private Shared Function getCredentials(user As String, password As String) As Boolean
        Dim SQL As New VERAG_PROG_ALLGEMEIN.SQL
        Dim authenticated As Boolean = False

        ' Using SQL.DLookup as per previous context usage
        Dim hashedPassword = SQL.DLookup("hashedPassword", "tblRESTAuthentication", "username='" & user & "' AND type = 'REST'", "ADMIN", "")
        If hashedPassword <> "" Then
            authenticated = BCrypt.Net.BCrypt.Verify(password, hashedPassword)
        End If

        Return authenticated
    End Function
End Class