%%% -*- erlang -*-
%%%
%%% Barrel P2P Distribution Auth Callback
%%%
%%% Adapter that plugs barrel_p2p's Ed25519 identity protocol into the
%%% upstream `quic_dist_auth' behaviour. The actual handshake lives in
%%% `barrel_p2p_dist_auth_stream'; this module exists only to expose the
%%% `(Conn, Side, Timeout) -> {ok, _} | {error, _}' contract that
%%% `quic_dist' calls between QUIC handshake and Erlang dist handshake.
%%%
%%% Wire it up via sys.config:
%%%
%%% ```
%%% {quic, [{dist, [
%%% {auth_callback, {barrel_p2p_dist_auth_callback, authenticate}},
%%% {auth_handshake_timeout, 10000}
%%% ]}]}.
%%% '''
%%%
%%% Copyright (c) 2026 Benoit Chesneau
%%% Apache License 2.0
%%%
-module(barrel_p2p_dist_auth_callback).
-behaviour(quic_dist_auth).
-export([authenticate/3]).
-spec authenticate(
Conn :: pid(),
Side :: client | server,
Timeout :: timeout()
) ->
{ok, node() | undefined} | {error, term()}.
authenticate(Conn, server, Timeout) ->
barrel_p2p_dist_auth_stream:authenticate_incoming(Conn, Timeout);
authenticate(Conn, client, Timeout) ->
%% barrel_p2p_dist:setup/5 stashes the dialed node in the process
%% dictionary so the client side can verify cookie_only_nodes
%% before accepting an AUTH_OK short-circuit.
TargetNode = erlang:get(barrel_p2p_dial_target),
barrel_p2p_dist_auth_stream:authenticate_outgoing(Conn, TargetNode, Timeout).