/-  *coki
/+  server, sr=sortug
|_  [=sessions =bowl:gall]
+$  sess  ^sessions
++  session-timeout
  |%
  ++  host  ~d30
  ++  guest  ~d7
  --
++  session-hash
  (~(raw og (shas %coki eny.bowl)) 128)
++  session-cookie-string  |=  [session=@ proven=@p desk=@tas]
  ^-  @t
  =/  max-age=tape  %-  a-co:co
    =/  its-a-me  .=(src.bowl our.bowl)
    =,  session-timeout
    (div (msec:milly ?:(its-a-me host guest)) 1.000)
  %-  crip
    "urbcoki-{(trip desk)}-{(scow %p proven)}={(scow:parsing:sr %uv session)}; Path=/{(trip desk)}; HttpOnly; SameSite=Lax; Max-Age={max-age}"
    :: "urbneo={(scow:parsing:sr %uv session)}; Path=/; Max-Age={max-age}"
++  validate-coki  |=  coki=@t  ^-  (unit @p)
  =/  cookies  (rush coki cock:de-purl:html)
  ~&  cookies=cookies
  ?~  cookies  ~
  =/  cokis=(list [@t @t])  u.cookies
  |-
    ?~  cokis  ~
    =/  hd  i.cokis
    :: ?:  (contains:string:sr (trip hd) "urbneo")
      =/  hash  (slaw:parsing:sr %uv +.hd)
      ?~  hash  $(cokis t.cokis)
      =/  sess  (~(get by users.sessions) u.hash)
      ?~  sess  $(cokis t.cokis)
      `u.sess
++  send-self-poke  |=  poke=self-poke
  ^-  (list card:agent:gall)
  :~  [%pass /gib %agent [our.bowl dap.bowl] %poke %coki !>(poke)]
  ==
::  handle-self-pokes
++  handle-self-poke  |=  poke=self-poke
?-  -.poke
  %meta    :-  ~  (handle-challenge +.poke)
  %coki    :-  ~  (handle-coki +.poke)
  %logout  (handle-logout +.poke)
==
++  handle-challenge
  |=  new-challenge=@  ^-  ^sessions
  :: =?    users.sessions
  ::     !(~(has by users.sessions) src.bowl)
  ::   (~(put by users.sessions) [src.bowl src.bowl])
  :: =?    challenges.sessions
  ::     =(src.bowl (~(got by users.sessions) src.bowl))
    =.  challenges.sessions
    (~(put in challenges.sessions) new-challenge)

  sessions


++  parse-coki  |=  coki=@t
  =/  cookies  (rush coki cock:de-purl:html)
  ?~  cookies  users.sessions
  =/  cokis=(list [@t @t])  u.cookies
  |-
    ?~  cokis  users.sessions
    =/  hd  i.cokis
    :: ?:  (contains:string:sr (trip hd) "urbneo")
    =/  hash  (slaw:parsing:sr %uv +.hd)
    ?~  hash  $(cokis t.cokis)
    =/  sess  (~(get by users.sessions) u.hash)
    ?~  sess  $(cokis t.cokis)
    (~(del by users.sessions) u.hash)

++  logout  |=  [order-id=@t coki=@t redirect=@t]
  (send-self-poke [%logout order-id coki redirect])

++  handle-logout  |=  [order-id=@t coki=@t redirect=@t]
  ~&  handling-logout=coki
  =/  new-users  (parse-coki coki)
  :_  sessions(users new-users)
  %+  give-simple-payload:app:server
    order-id
  (redirect:gen:server redirect)

  ++  handle-coki
    |=  [who=@p coki=@ =challenge]  ^-  ^sessions
    :: ~&  >  "%ustj: Successful authentication of {<src>} as {<who>}."
    =.  users.sessions        (~(put by users.sessions) coki who)
    =.  challenges.sessions   (~(del in challenges.sessions) challenge)
    sessions

  
--