module Scrivito

module BinaryParamVerifier
  InvalidSignature = Class.new(StandardError)

  class << self
    def verify(encrypted_params)
      params = decrypt(encrypted_params)
      expires = DateConversion.deserialize_from_backend(params['expires'])
      raise InvalidSignature if expires && expires < Time.zone.now
      verify_without_expire(encrypted_params)
    end

    def verify_without_expire(encrypted_params)
      params = decrypt(encrypted_params)
      Binary.new(params['binary_id'], params['expires'].nil?,
          transformation_definition: params['transformation_definition'],
          obj_id: params['obj_id'])
    end

    def generate(binary)
      params = {
        binary_id: binary.id,
        obj_id: binary.obj_id,
        transformation_definition: binary.transformation_definition,
      }
      if binary.private?
        params[:expires] = DateConversion.serialize_for_backend(Time.zone.now + 1.hour)
      end
      message_verifier.generate(params)
    end

    private

    def decrypt(encrypted_params)
      message_verifier.verify(encrypted_params)
    rescue ActiveSupport::MessageVerifier::InvalidSignature
      raise InvalidSignature
    end

    def message_verifier
      ActiveSupport::MessageVerifier.new(
        Rails.application.secrets.secret_key_base, serializer: JSON)
    end
  end
end

end