# Copyright (C) 2018  Lars Wirzenius
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


import logging


import muck


class AuthorizationChecker:

    def __init__(self, signing_key_text):
        self._tc = muck.TokenChecker(signing_key_text.strip().encode('ascii'))

    def request_is_allowed(self, r, required_method, required_scopes):
        if r.get_method() != required_method:
            logging.debug(
                'Wanted method %s, got %s', required_method, r.get_method())
            return False

        token = self._get_token(r)
        logging.debug('token: %r', token)
        if token is None:
            logging.debug('No token')
            return False

        scope = token.get('scope', '')
        scopes = set(scope.split())
        required_scopes = set(required_scopes)
        logging.debug('Want scopes %r', required_scopes)
        logging.debug('Got scopes %r', scopes)
        return scopes.intersection(required_scopes) == required_scopes

    def get_claims_from_token(self, r):
        return self._get_token(r)

    def _get_token(self, r):
        authz = r.get_authorization()
        try:
            return self._tc.parse_header(authz)
        except muck.Error:
            return None