package middleware

import (
	"net/http"
	"strings"

	"git.artlef.fr/PersonalLibraryManager/internal/jwtauth"
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
)

func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {

		//do not check current user if we are creating an account or logging in
		if strings.HasPrefix(c.FullPath(), "/ws/auth/") {
			return
		}

		//do not check static files
		if strings.HasPrefix(c.FullPath(), "/static/bookcover/") {
			return
		}

		username, err := parseUserFromJwt(c)
		if err != nil {
			c.AbortWithStatusJSON(http.StatusUnauthorized,
				gin.H{"error": "You must be logged in to access this resource."})
		} else {
			c.Set("user", username)
		}
	}
}

func parseUserFromJwt(c *gin.Context) (string, error) {

	jwtokenStr := jwtFromBearerToken(c.GetHeader("Authorization"))
	jwtoken, parseErr := jwt.Parse(jwtokenStr,
		func(token *jwt.Token) (any, error) {
			return jwtauth.GetJwtKey()
		}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
	if parseErr != nil {
		return "", parseErr
	}
	return jwtoken.Claims.GetSubject()
}

func jwtFromBearerToken(bearerToken string) string {
	splitToken := strings.Split(bearerToken, " ")
	if len(splitToken) == 2 {
		return splitToken[1]
	} else {
		return ""
	}
}