using MD5
using HTTP
function getlogin(app, req)
    query = HTTP.URIs.queryparams(req[:query])
    username = string(get(query, "u", ""))
    token = get(query, "t", "")
    salt = get(query, "s", "")
    password = get(query, "p", "")
    req[:login] = Dict(:name => username,
                       :token => token,
                       :salt => salt,
                       :password => password,
                       :login => false)
    return app(req)
end

function checkpassword(app, req)
    # FIXME: do not hardcode the password here!
    password = "test"
    # @show bytes2hex(MD5.md5(string(password, salt)))
    # @show req[:login][:token]
    # @show req[:login][:salt]
    if !isempty(req[:login][:salt])
        if bytes2hex(MD5.md5(string(password, req[:login][:salt]))) ==
            req[:login][:token]
            req[:login][:login] = true
        end
    elseif !isempty(req[:login][:password])
        if startswith(req[:login][:password], "enc:")
            req[:login][:login] =
                String(hex2bytes(split(req[:login][:password], ":")[2])) == password
        else
            req[:login][:login] = password == req[:login][:password]
        end
    end
    return app(req)
end

sonic_login = stack(getlogin, checkpassword)