package calls

import (
	"log"
	"net/http"

	b "streifling.com/jason/cpolis/cmd/backend"
)

// tokenIsVerified verifies that a request is authorized. It returns a bool.
func tokenIsVerified(w http.ResponseWriter, r *http.Request, c *b.Config) bool {
	idToken := r.Header.Get("Authorization")
	if idToken == "" {
		log.Println("Authorization header missing")
		http.Error(w, "Authorization header missing", http.StatusUnauthorized)
		return false
	}

	client, err := b.NewClient(c)
	if err != nil {
		log.Println(err)
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return false
	}

	_, err = client.Verify(idToken)
	if err != nil {
		log.Println(err)
		http.Error(w, err.Error(), http.StatusUnauthorized)
		return false
	}

	return true
}