package middleware

import (
	"fmt"
	"net/http"
	"net/url"

	"tangled.org/core/appview/oauth"
	"tangled.org/core/appview/session"
	"tangled.org/core/log"
)

// WithSession resumes atp session from cookie, ensure it's not malformed and
// pass the session through context
func WithSession(o *oauth.OAuth) middlewareFunc {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			atSess, err := o.ResumeSession(r)
			if err != nil {
				next.ServeHTTP(w, r)
				return
			}

			registry := o.GetAccounts(r)
			sess := session.Session{
				User: &oauth.MultiAccountUser{
					Did:      atSess.Data.AccountDID.String(),
					Accounts: registry.Accounts,
				},
				AtpClient: atSess.APIClient(),
			}
			ctx := session.IntoContext(r.Context(), sess)
			next.ServeHTTP(w, r.WithContext(ctx))
		})
	}
}

// AuthMiddleware ensures the request is authorized and redirect to login page
// when unauthorized
func AuthMiddleware() middlewareFunc {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			ctx := r.Context()
			l := log.FromContext(ctx)

			returnURL := "/"
			if u, err := url.Parse(r.Header.Get("Referer")); err == nil {
				returnURL = u.RequestURI()
			}

			loginURL := fmt.Sprintf("/login?return_url=%s", url.QueryEscape(returnURL))

			if _, ok := session.FromContext(ctx); !ok {
				l.Debug("no session, redirecting...")
				if r.Header.Get("HX-Request") == "true" {
					w.Header().Set("HX-Redirect", loginURL)
					w.WriteHeader(http.StatusOK)
				} else {
					http.Redirect(w, r, loginURL, http.StatusTemporaryRedirect)
				}
				return
			}

			next.ServeHTTP(w, r)
		})
	}
}