lib/security.ex

defmodule PhoenixApiToolkit.Security do
  @moduledoc false

  defmodule AjaxCSRFError do
    @moduledoc """
    Error raised when a state-changing request does not have a "x-csrf-token" header.
    """
    defexception message: "missing 'x-csrf-token' header", plug_status: 403
  end

  defmodule MissingContentTypeError do
    @moduledoc "Error raised when a content-carrying request does not have a content-type header."
    defexception message: "missing 'content-type' header", plug_status: 415
  end

  defmodule Oauth2TokenVerificationError do
    @moduledoc "Error raised when an Oauth2 token is invalid"
    defexception message: "Oauth2 token invalid", plug_status: 401

    def exception([]), do: %Oauth2TokenVerificationError{}

    def exception(message) do
      %Oauth2TokenVerificationError{message: message}
    end
  end

  defmodule HmacVerificationError do
    @moduledoc "Error raised the HMAC used to sign a request body is invalid"
    defexception message: "HMAC invalid", plug_status: 401

    def exception([]), do: %HmacVerificationError{}

    def exception(message) do
      %HmacVerificationError{message: message}
    end
  end
end