package styx

import input.client as client
import input.request as http_request

# HTTP -> HTTPS redirects for allowed domains
redirect = concat("", ["https://", http_request.host, http_request.path]) if {
    _social
    http_request.scheme == "http"
}

reject = 403 if {
    _childsafe_network
    _social
}

reject = 403 if {
    _childsafe_network
    _toxic
}

# Sensitive domains are always allowed
permit if {
    _sensitive
}

permit if {
    reject != 0
}

_sensitive if {
    styx.in_domains("sensitive", http_request.host)
}

_social if {
    styx.in_domains("social", http_request.host)
    print("Domain in social", http_request.host)
}

errors contains "Social networking domain not allowed" if {
    reject != 0
    _social
}

_toxic if {
    styx.in_domains("toxic", http_request.host)
}

errors contains "Toxic domain not allowed" if {
    reject != 0
    _toxic
}

_childsafe_network if {
    styx.in_networks("kids", client.ip)
}