class DiscourseController < ApplicationController

  before_action -> { require_plugin_enabled FoodsoftDiscourse }

  protected

  def valid_signature?
    return false if params[:sso].blank? || params[:sig].blank?
    get_hmac_hex_string(params[:sso]) == params[:sig]
  end

  def redirect_to_with_payload(url, payload)
    base64_payload = Base64.strict_encode64 payload.to_query
    sso = CGI::escape base64_payload
    sig = get_hmac_hex_string base64_payload
    redirect_to "#{url}#{url.include?('?') ? '&' : '?'}sso=#{sso}&sig=#{sig}"
  end

  def parse_payload
    payload = Rack::Utils.parse_query Base64.decode64(params[:sso])
    payload.symbolize_keys!
  end

  def get_hmac_hex_string payload
    discourse_sso_secret = FoodsoftConfig[:discourse_sso_secret]
    OpenSSL::HMAC.hexdigest 'sha256', discourse_sso_secret, payload
  end
end