55 lines
1.6 KiB
Elixir
55 lines
1.6 KiB
Elixir
|
defmodule HostasWeb.Plugs.Auth do
|
||
|
import Plug.Conn
|
||
|
use HostasWeb, :controller
|
||
|
import Ecto.Query, only: [from: 2]
|
||
|
|
||
|
alias Hostas.Repo
|
||
|
alias Hostas.Denizen
|
||
|
alias Hostas.Token
|
||
|
|
||
|
def init(default), do: default
|
||
|
|
||
|
def call(conn, _default) do
|
||
|
case get_req_header(conn, "authorization") |> List.first() do
|
||
|
nil -> conn
|
||
|
|> put_status(401)
|
||
|
|> json(%{"error" => "No API key provided"})
|
||
|
|> halt()
|
||
|
header_value ->
|
||
|
case header_value |> String.split() do
|
||
|
[method, key] ->
|
||
|
if method == "Bearer" do
|
||
|
case Token.get(key) do
|
||
|
{:ok, struct} ->
|
||
|
denizen = Repo.one!(from d in Denizen, where: d.id == ^struct.denizen_id)
|
||
|
|
||
|
conn
|
||
|
|> assign(:token, struct)
|
||
|
|> assign(:denizen, denizen)
|
||
|
{:error, :expired} ->
|
||
|
conn
|
||
|
|> put_status(401)
|
||
|
|> json(%{"error" => "Token expired"})
|
||
|
|> halt()
|
||
|
{:error, :unknown} ->
|
||
|
conn
|
||
|
|> put_status(401)
|
||
|
|> json(%{"error" => "API key not found"})
|
||
|
|> halt()
|
||
|
end
|
||
|
else
|
||
|
conn
|
||
|
|> put_status(401)
|
||
|
|> json(%{"error" => "Unknown authorization method"})
|
||
|
|> halt()
|
||
|
end
|
||
|
_ ->
|
||
|
conn
|
||
|
|> put_status(422)
|
||
|
|> json(%{"error" => "Malformed Authorization header"})
|
||
|
|> halt()
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|