Merge branch 'test/matrix_app_auth_plug' into 'master'

added test for the authplug

See merge request kazarma/matrix_app_service.ex!4

1 files changed, 45 insertions, 0 deletions

diff --git a/lib/matrix_app_service_web/auth_plug.ex b/lib/matrix_app_service_web/auth_plug.ex
new file mode 100644
index 0000000..2d2ae23
--- /dev/null
+++ b/lib/matrix_app_service_web/auth_plug.ex
@@ -0,0 +1,45 @@
+defmodule MatrixAppServiceWeb.AuthPlug do
+  @moduledoc """
+  This Plug implements the Application Service authorization,
+  as described here:
+
+  https://matrix.org/docs/spec/application_service/r0.1.2#authorization
+  """
+
+  @behaviour Plug
+  import Plug.Conn
+  require Logger
+
+  @doc false
+  @impl Plug
+  def init(opts) do
+    opts
+  end
+
+  @doc false
+  @impl Plug
+  def call(%Plug.Conn{params: %{"access_token" => hs_token}} = conn, _opts) do
+    config_hs_token = Application.fetch_env!(:matrix_app_service, :homeserver_token)
+
+    with ^config_hs_token <- hs_token do
+      conn
+    else
+      _ ->
+        Logger.warn("Received invalid homeserver token")
+        respond_error(conn, 403)
+    end
+  end
+
+  def call(conn, _opts) do
+    Logger.warn("No homeserver token provided")
+    respond_error(conn, 401)
+  end
+
+  defp respond_error(conn, error_code) do
+    conn
+    |> put_status(error_code)
+    |> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView)
+    |> Phoenix.Controller.render("#{error_code}.json")
+    |> halt
+  end
+end