package config

import (
	"fmt"

	"forge.cadoles.com/Cadoles/emissary/internal/auth/user"
)

type ServerConfig struct {
	HTTP     HTTPConfig     `yaml:"http"`
	Database DatabaseConfig `yaml:"database"`
	CORS     CORSConfig     `yaml:"cors"`
	Auth     AuthConfig     `yaml:"auth"`
}

func NewDefaultServerConfig() ServerConfig {
	return ServerConfig{
		HTTP:     NewDefaultHTTPConfig(),
		Database: NewDefaultDatabaseConfig(),
		CORS:     NewDefaultCORSConfig(),
		Auth:     NewDefaultAuthConfig(),
	}
}

type AuthConfig struct {
	Local                 *LocalAuthConfig  `yaml:"local"`
	Remote                *RemoteAuthConfig `yaml:"remote"`
	RoleExtractionRules   []string          `yaml:"roleExtractionRules"`
	TenantExtractionRules []string          `yaml:"tenantExtractionRules"`
}

func NewDefaultAuthConfig() AuthConfig {
	return AuthConfig{
		Local: &LocalAuthConfig{
			PrivateKeyPath: "server-key.json",
		},
		Remote: nil,
		RoleExtractionRules: []string{
			fmt.Sprintf("jwt.%s != nil ? str(jwt.%s) : ''", user.DefaultRoleKey, user.DefaultRoleKey),
		},
		TenantExtractionRules: []string{
			fmt.Sprintf("jwt.%s != nil ? str(jwt.%s) : ''", user.DefaultTenantKey, user.DefaultTenantKey),
		},
	}
}

type LocalAuthConfig struct {
	PrivateKeyPath InterpolatedString `yaml:"privateKeyPath"`
}

type RemoteAuthConfig struct {
	JsonWebKeySetURL InterpolatedString    `yaml:"jwksUrl"`
	RefreshInterval  *InterpolatedDuration `yaml:"refreshInterval"`
}