module Secure
  ( loggedAction
  , getUserFromToken
  ) where

import           Control.Monad.IO.Class    (liftIO)
import           Data.Text                 (Text)
import           Data.Text.Lazy            (fromStrict)
import           Network.HTTP.Types.Status (forbidden403)
import           Web.Scotty

import           Common.Model              (User)
import qualified Common.Msg                as Msg

import qualified LoginSession
import           Model.Query               (Query)
import qualified Model.Query               as Query
import qualified Model.SignIn              as SignIn
import qualified Persistence.User          as UserPersistence

loggedAction :: (User -> ActionM ()) -> ActionM ()
loggedAction action = do
  maybeToken <- LoginSession.get
  case maybeToken of
    Just token -> do
      maybeUser <- liftIO . Query.run . getUserFromToken $ token
      case maybeUser of
        Just user ->
          action user
        Nothing -> do
          status forbidden403
          html . fromStrict . Msg.get $ Msg.Secure_Unauthorized
    Nothing -> do
      status forbidden403
      html . fromStrict . Msg.get $ Msg.Secure_Forbidden

getUserFromToken :: Text -> Query (Maybe User)
getUserFromToken token = do
  mbSignIn <- SignIn.getSignIn token
  case mbSignIn of
    Just signIn ->
      UserPersistence.get (SignIn.email signIn)
    Nothing ->
      return Nothing