defmodule MvWeb.JoinConfirmController do
  @moduledoc """
  Handles GET /confirm_join/:token for the public join flow (double opt-in).

  Calls a configurable callback (default Mv.Membership) so tests can stub the
  dependency. Public route; no authentication required.
  """
  use MvWeb, :controller

  def confirm(conn, %{"token" => token}) when is_binary(token) do
    callback = Application.get_env(:mv, :join_confirm_callback, Mv.Membership)

    case callback.confirm_join_request(token, actor: nil) do
      {:ok, _request} ->
        success_response(conn)

      {:error, :token_expired} ->
        expired_response(conn)

      {:error, _} ->
        invalid_response(conn)
    end
  end

  def confirm(conn, _params), do: invalid_response(conn)

  defp success_response(conn) do
    conn
    |> put_resp_content_type("text/html")
    |> send_resp(200, gettext("Thank you, we have received your request."))
  end

  defp expired_response(conn) do
    conn
    |> put_resp_content_type("text/html")
    |> send_resp(200, gettext("This link has expired. Please submit the form again."))
  end

  defp invalid_response(conn) do
    conn
    |> put_resp_content_type("text/html")
    |> put_status(404)
    |> send_resp(404, gettext("Invalid or expired link."))
  end
end