defmodule BerrypodWeb.OrderLookupController do
  use BerrypodWeb, :controller

  @salt "order_lookup"
  @max_age 3_600

  def verify(conn, %{"token" => token}) do
    case Phoenix.Token.verify(BerrypodWeb.Endpoint, @salt, token, max_age: @max_age) do
      {:ok, email} ->
        conn
        |> put_session(:order_lookup_email, email)
        |> redirect(to: ~p"/orders")

      {:error, :expired} ->
        conn
        |> put_flash(:error, "That link has expired. Please request a new one.")
        |> redirect(to: ~p"/contact")

      {:error, _} ->
        conn
        |> put_flash(:error, "That link is invalid.")
        |> redirect(to: ~p"/contact")
    end
  end

  @doc """
  Generates a signed, time-limited token for the given email address.
  """
  def generate_token(email) do
    Phoenix.Token.sign(BerrypodWeb.Endpoint, @salt, email)
  end
end