let src = Logs.Src.create "requests.auth" ~doc:"HTTP Authentication"
module Log = (val Logs.src_log src : Logs.LOG)

type t =
  | None
  | Basic of { username : string; password : string }
  | Bearer of { token : string }
  | Digest of { username : string; password : string }
  | Custom of (Headers.t -> Headers.t)

let none = None

let basic ~username ~password = Basic { username; password }

let bearer ~token = Bearer { token }

let digest ~username ~password = Digest { username; password }

let custom f = Custom f

let apply auth headers =
  match auth with
  | None -> headers
  | Basic { username; password } ->
      Log.debug (fun m -> m "Applying basic authentication for user: %s" username);
      Headers.basic ~username ~password headers
  | Bearer { token } ->
      Log.debug (fun m -> m "Applying bearer token authentication");
      Headers.bearer token headers
  | Digest { username; password = _ } ->
      Log.debug (fun m -> m "Digest auth configured for user: %s (requires server challenge)" username);
      (* Digest auth requires server challenge first, handled elsewhere *)
      headers
  | Custom f ->
      Log.debug (fun m -> m "Applying custom authentication handler");
      f headers