-- This file is part of the Wire Server implementation.
--
-- Copyright (C) 2022 Wire Swiss GmbH <opensource@wire.com>
--
-- This program is free software: you can redistribute it and/or modify it under
-- the terms of the GNU Affero General Public License as published by the Free
-- Software Foundation, either version 3 of the License, or (at your option) any
-- later version.
--
-- This program is distributed in the hope that it will be useful, but WITHOUT
-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-- details.
--
-- You should have received a copy of the GNU Affero General Public License along
-- with this program. If not, see <https://www.gnu.org/licenses/>.

-- | > docs/reference/user/activation.md {#RefActivationAllowlist}
--
-- Email/phone whitelist.
module Wire.API.Allowlists
  ( AllowlistEmailDomains (..),
    verify,
  )
where

import Data.Aeson
import Data.Text.Encoding (decodeUtf8)
import Imports
import Wire.API.User.Identity

-- | A service providing a whitelist of allowed email addresses and phone numbers
data AllowlistEmailDomains = AllowlistEmailDomains [Text]
  deriving (Int -> AllowlistEmailDomains -> ShowS
[AllowlistEmailDomains] -> ShowS
AllowlistEmailDomains -> String
(Int -> AllowlistEmailDomains -> ShowS)
-> (AllowlistEmailDomains -> String)
-> ([AllowlistEmailDomains] -> ShowS)
-> Show AllowlistEmailDomains
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> AllowlistEmailDomains -> ShowS
showsPrec :: Int -> AllowlistEmailDomains -> ShowS
$cshow :: AllowlistEmailDomains -> String
show :: AllowlistEmailDomains -> String
$cshowList :: [AllowlistEmailDomains] -> ShowS
showList :: [AllowlistEmailDomains] -> ShowS
Show, (forall x. AllowlistEmailDomains -> Rep AllowlistEmailDomains x)
-> (forall x. Rep AllowlistEmailDomains x -> AllowlistEmailDomains)
-> Generic AllowlistEmailDomains
forall x. Rep AllowlistEmailDomains x -> AllowlistEmailDomains
forall x. AllowlistEmailDomains -> Rep AllowlistEmailDomains x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cfrom :: forall x. AllowlistEmailDomains -> Rep AllowlistEmailDomains x
from :: forall x. AllowlistEmailDomains -> Rep AllowlistEmailDomains x
$cto :: forall x. Rep AllowlistEmailDomains x -> AllowlistEmailDomains
to :: forall x. Rep AllowlistEmailDomains x -> AllowlistEmailDomains
Generic)

instance FromJSON AllowlistEmailDomains

-- | Consult the whitelist settings in brig's config file and verify that the provided
-- email address is whitelisted.
verify :: Maybe AllowlistEmailDomains -> EmailAddress -> Bool
verify :: Maybe AllowlistEmailDomains -> EmailAddress -> Bool
verify (Just (AllowlistEmailDomains [Text]
allowed)) EmailAddress
email = (ByteString -> Text
decodeUtf8 (ByteString -> Text)
-> (EmailAddress -> ByteString) -> EmailAddress -> Text
forall b c a. (b -> c) -> (a -> b) -> a -> c
. EmailAddress -> ByteString
domainPart (EmailAddress -> Text) -> EmailAddress -> Text
forall a b. (a -> b) -> a -> b
$ EmailAddress
email) Text -> [Text] -> Bool
forall a. Eq a => a -> [a] -> Bool
forall (t :: * -> *) a. (Foldable t, Eq a) => a -> t a -> Bool
`elem` [Text]
allowed
verify Maybe AllowlistEmailDomains
Nothing (EmailAddress
_) = Bool
True