34 lines
978 B
Elixir
34 lines
978 B
Elixir
defmodule BirdyChatWeb.Api.Server.Internal.Controller do
|
|
use BirdyChatWeb, :controller
|
|
|
|
def create(conn, params) do
|
|
if authorised?(conn.req_headers, params) do
|
|
case BirdyChat.Message.validate(params) do
|
|
{:ok, changeset} ->
|
|
case BirdyChat.MessageWriter.write(changeset.changes) do
|
|
:ok ->
|
|
conn
|
|
|> put_status(:created)
|
|
|> render(:create, message: changeset.changes)
|
|
end
|
|
end
|
|
else
|
|
conn
|
|
|> put_status(:forbidden)
|
|
|> render(:error, message: "Unauthorised")
|
|
end
|
|
end
|
|
|
|
defp authorised?(headers, %{"from" => from}) do
|
|
case Enum.find(headers, fn {key, _value} -> key == "authorization" end) do
|
|
nil ->
|
|
false
|
|
|
|
{"authorization", token} ->
|
|
case Phoenix.Token.verify(BirdyChatWeb.Endpoint, "serverAuth", token, max_age: 1200) do
|
|
{:ok, id} -> id == from
|
|
{:error, :invalid} -> false
|
|
end
|
|
end
|
|
end
|
|
end
|