class JekyllAuth
  class AuthSite < Sinatra::Base
    configure :production do
      require "rack-ssl-enforcer"
      use Rack::SslEnforcer if JekyllAuth.ssl?
    end

    use Rack::Session::Cookie,       :http_only => true,
                                     :secret    => ENV["SESSION_SECRET"] || SecureRandom.hex

    set :github_options, :scopes => "read:org"

    ENV["WARDEN_GITHUB_VERIFIER_SECRET"] ||= SecureRandom.hex
    register Sinatra::Auth::Github

    use Rack::Logger

    include JekyllAuth::Helpers

    before do
      pass if whitelisted?

      logger.info "Authentication strategy: #{authentication_strategy}"

      case authentication_strategy
      when :team
        github_team_authenticate! ENV["GITHUB_TEAM_ID"]
      when :teams
        github_teams_authenticate! ENV["GITHUB_TEAM_IDS"].split(",")
      when :org
        github_organization_authenticate! ENV["GITHUB_ORG_NAME"]
      else
        raise JekyllAuth::ConfigError
      end
    end

    get "/logout" do
      logout!
      redirect "/"
    end
  end
end