// Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License"). You may
// not use this file except in compliance with the License. A copy of the
// License is located at
//
//     http://aws.amazon.com/apache2.0/
//
// or in the "license" file accompanying this file. This file is distributed
// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
// express or implied. See the License for the specific language governing
// permissions and limitations under the License.

package imdsv2

import (
	"log"
	"net/http"
	"time"

	"github.com/aws/amazon-ec2-metadata-mock/pkg/server"
)

const (
	tokenRequestHeader = "X-aws-ec2-metadata-token"
)

// ValidateToken is a wrapper to validate token before passing request to provided handler
func ValidateToken(pathHandler server.HandlerType) server.HandlerType {
	return func(res http.ResponseWriter, req *http.Request) {
		log.Printf("ValidateToken Received request: %v", req)
		providedToken := req.Header.Get(tokenRequestHeader)
		if providedToken == "" {
			log.Println("Token required; No token provided.")
			server.ReturnUnauthorizedResponse(res)
			return
		}

		if actualToken, ok := generatedTokens[providedToken]; ok {
			accessTime := time.Now()
			duration := accessTime.Sub(actualToken.CreatedAt)
			if int(duration.Seconds()) >= actualToken.TTL {
				log.Println("Token has expired")
				delete(generatedTokens, providedToken)
				server.ReturnUnauthorizedResponse(res)
				return
			}
			log.Println("Token validated!")
			pathHandler(res, req)
		} else {
			log.Printf("Invalid token provided: %v", providedToken)
			server.ReturnUnauthorizedResponse(res)
			return
		}
	}
}