-- Deploy numerus:check_cookie to pg
-- requires: schema_auth
-- requires: user

begin;

set search_path to public, numerus, auth;

create or replace function check_cookie(input_cookie text) returns record as
$$
declare
	value record;
begin
	select email::text, role
	into value
	from "user"
	where email = split_part(input_cookie, '/', 2)
	  and cookie_expires_at > current_timestamp
	  and length(password) > 0
	  and cookie = split_part(input_cookie, '/', 1)
	;
	if value is null then
		select '', 'guest'::name into value;
	end if;
	return value;
end;
$$
language plpgsql
security definer
stable
set search_path = auth, numerus, pg_temp;

comment on function check_cookie(text) is
'Checks whether a given cookie is for a valid users, returning its email and role';

revoke execute on function check_cookie(text) from public;
grant execute on function check_cookie(text) to authenticator;

commit;