defmodule MatrixAppServiceWeb.AuthPlug do
  @moduledoc """
  Implements the Application Service authorization as a Plug.

  https://matrix.org/docs/spec/application_service/r0.1.2#authorization
  """

  @behaviour Plug
  import Plug.Conn
  require Logger

  @doc false
  @impl Plug
  def init(homeserver_token) do
    homeserver_token
  end

  @doc false
  @impl Plug
  def call(%Plug.Conn{params: %{"access_token" => _access_token}} = conn, homeserver_token)
      when is_binary(homeserver_token) do
    verify_access_token(conn, homeserver_token)
  end

  def call(%Plug.Conn{params: %{"access_token" => _access_token}} = conn, homeserver_token)
      when is_function(homeserver_token, 0) do
    verify_access_token(conn, homeserver_token.())
  end

  def call(conn, _opts) do
    Logger.warn("No homeserver token provided")

    respond_error(conn, 401)
  end

  defp verify_access_token(
         %Plug.Conn{params: %{"access_token" => access_token}} = conn,
         homeserver_token
       )
       when access_token == homeserver_token do
    conn
  end

  defp verify_access_token(conn, _homeserver_token) do
    Logger.warn("Received invalid homeserver token")

    respond_error(conn, 403)
  end

  defp respond_error(conn, error_code) do
    conn
    |> put_status(error_code)
    |> Phoenix.Controller.put_view(MatrixAppServiceWeb.ErrorView)
    |> Phoenix.Controller.render("#{error_code}.json")
    |> halt
  end
end