defmodule BirdyChatWeb.Api.Server.Internal.Controller do
  use BirdyChatWeb, :controller

  def create(conn, params) do
    if authorised?(conn.req_headers, params) do
      case BirdyChat.Message.validate(params) do
        {:ok, changeset} ->
          case BirdyChat.MessageWriter.write(changeset.changes) do
            :ok ->
              conn
              |> put_status(:created)
              |> render(:create, message: changeset.changes)
          end
      end
    else
      conn
      |> put_status(:forbidden)
      |> render(:error, message: "Unauthorised")
    end
  end

  defp authorised?(headers, %{"from" => from}) do
    case Enum.find(headers, fn {key, _value} -> key == "authorization" end) do
      nil ->
        false

      {"authorization", token} ->
        case Phoenix.Token.verify(BirdyChatWeb.Endpoint, "serverAuth", token, max_age: 1200) do
          {:ok, id} -> id == from
          {:error, :invalid} -> false
        end
    end
  end
end