module Bookends
  class GlostickUserExtractor
    attr_reader :secret,
                :token

    def initialize(cookies, secret)
      @secret = secret
      @token  = CGI::unescape(cookies[:heroku_user_session]) if cookies[:heroku_user_session]
    end

    def user
      session_info = decrypt_session_cookie
      if session_info && session_info['user']
        session_info['user']
      else
        {
          'email' => '',
          'full_name' => '',
          'id' => ''
        }
      end
    end

    private

    def decrypt_session_cookie
      return nil unless token && secret

      verifier = Fernet.verifier(secret, token)
      verifier.enforce_ttl = false

      return nil unless verifier.valid?

      JSON.parse(verifier.message)
    end
  end
end