package sec

import (
	"errors"

	"git.clearsky.net.au/cody/gex.git/sess"
	"git.clearsky.net.au/cody/gex.git/srv"
	"git.clearsky.net.au/cody/gex.git/utils"
)

func Middleware(req *srv.Req, res *srv.Res) error {

	sess, err := sess.GetCtxSess(req)
	if err != nil {
		utils.Err(err)
		return err
	}

	// default auth
	auth := Auth{0, "Guest", []string{"Guest", "Everyone"}}

	// if auth context exists, convert it to an Auth type
	if sess.Data["Auth"] != nil {
		sessAuth, ok := sess.Data["Auth"].(map[string]any)
		if !ok {
			err := errors.New("auth context in session data is not of the expected type, request cancelled")
			utils.Err(err)
			return err
		}

		auth.User_id, ok = sessAuth["User_id"].(float64)
		if !ok {
			err := errors.New("auth context in session data is not of the expected type, request cancelled")
			utils.Err(err)
			return err
		}

		auth.User_name, ok = sessAuth["User_name"].(string)
		if !ok {
			err := errors.New("auth context in session data is not of the expected type, request cancelled")
			utils.Err(err)
			return err
		}

		sessAuthRoles, ok := sessAuth["Roles"].([]any)
		if !ok {
			err := errors.New("auth context in session data is not of the expected type, request cancelled")
			utils.Err(err)
			return err
		}

		auth.Roles = []string{}
		for _, v := range sessAuthRoles {
			val, ok := v.(string)
			if !ok {
				err := errors.New("auth context in session data is not of the expected type, request cancelled")
				utils.Err(err)
				return err
			}
			auth.Roles = append(auth.Roles, val)
		}
	}

	sess.Data["Auth"] = auth
	sess.Save()

	// Route Access Check
	pattern := req.Pattern
	if permissions[pattern] == nil {
		return nil
	}

	for _, val := range permissions[pattern] {
		if auth.HasRole(val) {
			return nil
		}
	}

	res.Send("No Access")
	return nil
}