from base64 import b64decode
import traceback

from flask import g, request

from ceo_common.logger_factory import logger_factory
from ceo_common.krb5.utils import store_fwd_tgt_creds

logger = logger_factory(__name__)


def before_request():
    if 'x-krb5-cred' not in request.headers:
        return
    cred = b64decode(request.headers['x-krb5-cred'])
    ctx = store_fwd_tgt_creds(cred)
    name = ctx.__enter__()
    g.stored_creds_ctx = ctx
    g.sasl_user = name


def teardown_request(err):
    if 'stored_creds_ctx' not in g:
        return
    try:
        ctx = g.stored_creds_ctx
        ctx.__exit__(None, None, None)
    except Exception:
        logger.error(traceback.format_exc())