package middleware

import (
	"net/http"
	"slices"
	"strings"

	"leafdev.top/Leaf/leaf-library-3/internal/base/conf"
	authService "leafdev.top/Leaf/leaf-library-3/internal/services/auth"
	"leafdev.top/Leaf/leaf-library-3/internal/types/constants"
	"leafdev.top/Leaf/leaf-library-3/internal/types/dto"
	"leafdev.top/Leaf/leaf-library-3/internal/types/errs"
	authType "leafdev.top/Leaf/leaf-library-3/internal/types/user"

	"github.com/gofiber/fiber/v2"
)

type Auth struct {
	config      *conf.Config
	authService *authService.Service
}

var audienceLength int

func NewAuth(config *conf.Config, authService *authService.Service) *Auth {
	audienceLength = len(config.App.AllowedAudiences)

	return &Auth{
		config,
		authService,
	}
}

func (a *Auth) Handler() fiber.Handler {
	return func(c *fiber.Ctx) error {
		var r = dto.Ctx(c)
		var err error
		var token = new(authType.User)

		if a.config.Debug.Enabled {
			token, err = a.authService.AuthFromToken(constants.JwtTokenTypeAccessToken, "")
			if err != nil {
				return r.Error(err).Send()
			}

			c.Locals(constants.AuthMiddlewareKey, token)

			return c.Next()
		}

		authorization := c.Get(constants.AuthHeader)

		if authorization == "" {
			return r.Error(errs.JWTFormatError).Send()
		}

		authSplit := strings.Split(authorization, " ")
		if len(authSplit) != 2 {
			return r.Error(errs.JWTFormatError).Send()
		}

		if authSplit[0] != constants.AuthPrefix {
			return r.Error(errs.NotBearerType).Send()
		}

		token, err = a.authService.AuthFromToken(constants.JwtTokenTypeIDToken, authSplit[1])

		if err != nil {
			return r.Error(err).Status(http.StatusUnauthorized).Send()
		}

		if token == nil {
			return r.Error(err).Status(http.StatusUnauthorized).Send()
		}

		if audienceLength > 0 {
			// 检测 aud
			if !slices.Contains(a.config.App.AllowedAudiences, token.Token.Aud) {
				return r.Error(errs.NotValidToken).Send()
			}
		}

		c.Locals(constants.AuthMiddlewareKey, token)

		return c.Next()
	}

}