package middleware

import (
	"cybertron/constants"
	"cybertron/service"
	"github.com/gin-gonic/gin"
	"net/http"
	"strings"
)

type UserInfo struct {
	SessionToken      string   `json:"sessionToken"`
	ClientID          string   `json:"clientId"`
	Name              string   `json:"name"`
	Exp               int      `json:"exp"`
	EmailID           string   `json:"emailId"`
	AccountID         string   `json:"accountId"`
	PhoneNumber       string   `json:"phoneNumber"`
	Roles             []string `json:"roles"`
	Groups            []string `json:"groups"`
	Permissions       []string `json:"permissions"`
	FirebaseJwtToken  string   `json:"firebaseJwtToken"`
	FirebaseNode      string   `json:"firebaseNode"`
	ProfilePictureURL string   `json:"profilePictureUrl"`
	PreferredUsername string   `json:"preferred_username"`
}

func PermissionMiddleware(authService *service.AuthService) gin.HandlerFunc {
	return func(c *gin.Context) {
		excludedPublicUrls := []string{
			"/envelope",
		}

		for _, url := range excludedPublicUrls {
			if strings.Contains(c.Request.RequestURI, url) {
				c.Next()
				return
			}
		}

		//println("%s", path.Base(c.Request.URL.Path))

		sessionToken := c.GetHeader(constants.SESSION_HEADER_NAME)
		userEmail := c.GetHeader(constants.EMAIL_HEADER_NAME)

		validUser, err := authService.CheckValidUser(c, sessionToken, userEmail)
		if err != nil || !validUser {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
			c.Abort()
			return
		}

		c.Next()
	}
}

func isAdmin(roles []string) bool {
	for _, role := range roles {
		if role == "Admin" {
			return true
		}
	}
	return false
}