package rest

import (
	"errors"
	"fmt"
	"git.sch9.ru/new_gate/ms-auth/internal/models"
	"git.sch9.ru/new_gate/ms-auth/internal/users"
	"git.sch9.ru/new_gate/ms-auth/pkg"
	"github.com/gofiber/fiber/v2"
	"github.com/golang-jwt/jwt/v4"
	"strings"
)

const (
	TokenKey = "token"
)

func AuthMiddleware(jwtSecret string, userUC users.UseCase) fiber.Handler {
	return func(c *fiber.Ctx) error {
		const op = "AuthMiddleware"

		authHeader := c.Get("Authorization", "")
		if authHeader == "" {
			c.Locals(TokenKey, nil)
			return c.Next()
		}

		authParts := strings.Split(authHeader, " ")
		if len(authParts) != 2 || strings.ToLower(authParts[0]) != "bearer" {
			c.Locals(TokenKey, nil)
			return c.Next()
		}

		parsedToken, err := jwt.ParseWithClaims(authParts[1], &models.JWT{}, func(token *jwt.Token) (interface{}, error) {
			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
			}

			return []byte(jwtSecret), nil
		})
		if err != nil {
			c.Locals(TokenKey, nil)
			return c.Next()
		}

		token, ok := parsedToken.Claims.(*models.JWT)
		if !ok {
			c.Locals(TokenKey, nil)
			return c.Next()
		}

		err = token.Valid()
		if err != nil {
			c.Locals(TokenKey, nil)
			return c.Next()
		}

		ctx := c.Context()

		// check if session exists
		_, err = userUC.ReadSession(ctx, token.SessionId)
		if err != nil {
			if errors.Is(err, pkg.ErrNotFound) {
				c.Locals(TokenKey, nil)
				return c.Next()
			}

			return c.SendStatus(pkg.ToREST(err))
		}

		c.Locals(TokenKey, token)
		return c.Next()
	}
}