# frozen_string_literal: true

module Brevio::Session
  module Cookies::Parse
    extend self

    def perform!(cookie)
      raise NilSession if cookie.nil?
      data, iv, auth_tag = cookie.split('--').map { |value| Base64.decode64(value) }
      cipher = OpenSSL::Cipher.new(CIPHER)
      secret = OpenSSL::PKCS5.pbkdf2_hmac_sha1(brevio_config.encryption_key,
                                               SALT, 1000, cipher.key_len)

      cipher.decrypt
      cipher.key = secret
      cipher.iv  = iv
      cipher.auth_tag = auth_tag
      cipher.auth_data = ''

      cookie_payload = cipher.update(data)
      cookie_payload << cipher.final
      cookie_payload = JSON.parse(cookie_payload)
      key = JSON.parse(Base64.decode64(cookie_payload['_rails']['message']))

      "#{Config::Redis::Prefixes::SESSION}:#{key}"
    end

    private

    # https://github.com/team-brevio/brevio-id-gem/blob/master/lib/brevio_id/session/cookie_jar.rb#L79
    CIPHER = 'aes-256-gcm'
    # https://github.com/team-brevio/brevio-id-gem/blob/master/lib/brevio_id/session/cookie_jar.rb#L84
    SALT   = 'authenticated encrypted cookie'

    def brevio_config
      Config.config
    end
  end
end