package auth

import (
	"context"
	"fmt"
	"net/http"

	"forge.cadoles.com/arcad/edge/pkg/jwtutil"
	"github.com/pkg/errors"
)

type GetClaimFunc func(ctx context.Context, r *http.Request, name string) (string, error)

type Option struct {
	GetClaim      GetClaimFunc
	ProfileClaims []string
}

type OptionFunc func(*Option)

func defaultOptions() *Option {
	return &Option{
		GetClaim: dummyGetClaim,
		ProfileClaims: []string{
			ClaimSubject,
			ClaimIssuer,
			ClaimEdgeEntrypoint,
			ClaimEdgeRole,
			ClaimPreferredUsername,
			ClaimEdgeTenant,
		},
	}
}

func dummyGetClaim(ctx context.Context, r *http.Request, name string) (string, error) {
	return "", errors.Errorf("dummy getclaim func cannot retrieve claim '%s'", name)
}

func WithGetClaims(fn GetClaimFunc) OptionFunc {
	return func(o *Option) {
		o.GetClaim = fn
	}
}

func WithProfileClaims(claims ...string) OptionFunc {
	return func(o *Option) {
		o.ProfileClaims = claims
	}
}

func WithJWT(getKeySet jwtutil.GetKeySetFunc) OptionFunc {
	funcs := []jwtutil.FindTokenOptionFunc{
		jwtutil.WithFinders(
			jwtutil.FindTokenFromAuthorizationHeader,
			jwtutil.FindTokenFromQueryString(CookieName),
			jwtutil.FindTokenFromCookie(CookieName),
		),
	}

	return func(o *Option) {
		o.GetClaim = func(ctx context.Context, r *http.Request, name string) (string, error) {
			token, err := jwtutil.FindToken(r, getKeySet, funcs...)
			if err != nil {
				return "", errors.WithStack(err)
			}

			tokenMap, err := token.AsMap(ctx)
			if err != nil {
				return "", errors.WithStack(err)
			}

			value, exists := tokenMap[name]
			if !exists {
				return "", nil
			}

			return fmt.Sprintf("%v", value), nil
		}
	}
}