hostas/lib/hostas_web/controllers/auth/token_controller.ex

defmodule HostasWeb.Auth.TokenController do
  import Ecto.Query, only: [from: 2]
  use HostasWeb, :controller

  alias Hostas.Repo
  alias Hostas.Denizen
  alias Hostas.Token

  @doc """
  Generates an API token. Responds with the token if the user
  provides the correct password
  """
  def create(conn, %{"handle" => handle, "password" => given_password}) do
    case Repo.one(from d in Denizen,
                  where: d.handle == ^handle,
                  select: %{id: d.id, password: d.password}) do
      nil ->
        conn
        |> put_status(404)
        |> json(%{"error" => "No user with handle #{handle}"})

      denizen ->
        %{id: denizen_id, password: real_password_hash} = denizen

        if Bcrypt.verify_pass(given_password, real_password_hash) do
          {:ok, token_struct} = Token.new(denizen_id)

          conn
          |> put_status(201)
          |> json(Map.take(token_struct, [:token, :expires]))
        else
          # Reject the request, as passwords don't match
          conn
          |> put_status(401)
          |> json(%{"error" => "Password mismatch"})
        end
    end
  end

  def create(conn, _params) do
    conn
    |> put_status(422)
    |> json(%{"error" => "Missing required parameters"})
  end

  @doc """
  Responds with 200 OK if the requester's `Bearing` header
  contains a valid, non-expired API token
  """
  def verify(_conn, _params) do
    :ok
  end

  @doc """
  Deletes the token the requester used in the `Bearing` header
  """
  def revoke(_conn, _params) do
    :ok
  end

  @doc """
  Deletes the token the requester used in the `Bearing` header
  and responds with a new one if the old one was valid and unexpired
  """
  def renew(_conn, _params) do
    :ok
  end
end