AUTHZD_BIN := bin/authzd
GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD | sed 's/\//_/g')
PROJECT_NAME := $(shell basename $(shell pwd))
IMAGE_TAG := $(PROJECT_NAME):$(GIT_BRANCH)

# SpiceDB configuration
SPICEDB_ENDPOINT ?= localhost:20000
SPICEDB_TOKEN ?= secret

# Set ZED command with appropriate flags
ifeq ($(findstring :443,$(SPICEDB_ENDPOINT)),:443)
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)"
else
ZED_CMD = zed --endpoint "$(SPICEDB_ENDPOINT)" --token "$(SPICEDB_TOKEN)" --insecure
endif

.PHONY: build test run clean tidy
.PHONY: build-image run-image

setup:
	mise install
	mise exec go -- go install github.com/xlgmokha/minit@latest

$(AUTHZD_BIN): $(shell find . -name "*.go" 2>/dev/null) go.sum
	@go build -o $(AUTHZD_BIN) ./cmd/authzd/main.go

build: $(AUTHZD_BIN)

test:
	@go test ./...

lint:
	@zed validate etc/authzd/*.schema

run: build
	@minit

clean:
	@rm -f $(AUTHZD_BIN)

tidy:
	@go get -u ./...
	@go mod tidy
	@go mod vendor
	@go tool yamlfmt -exclude vendor .

# Docker targets
build-image:
	@docker build --tag $(IMAGE_TAG) .

run-image: build-image
	@docker run --rm -p 20000:20000 --init -it $(IMAGE_TAG)

# spice targets
# Usage: make run-spicedb-setup SPICEDB_ENDPOINT=localhost:20000
#        make run-spicedb-setup SPICEDB_ENDPOINT=authzd.staging.runway.gitlab.net:443
#        make run-spicedb-setup SPICEDB_ENDPOINT=authzd.runway.gitlab.net:443

run-spicedb-setup:
	@$(ZED_CMD) schema write etc/authzd/spice.schema
	@$(ZED_CMD) schema read
	@$(ZED_CMD) relationship create project:1 maintainer user:mokhax
	@$(ZED_CMD) relationship create project:1 developer user:tanuki

run-spicedb-sparkle-relationships:
	@$(ZED_CMD) relationship touch resource:/ reader user:*
	@$(ZED_CMD) relationship touch resource:/callback reader user:*
	@$(ZED_CMD) relationship touch resource:/dashboard reader user:root
	@$(ZED_CMD) relationship touch resource:/dashboard/nav reader user:*
	@$(ZED_CMD) relationship touch resource:/signout reader user:root
	@$(ZED_CMD) relationship touch resource:/sparkles reader user:*
	@$(ZED_CMD) relationship touch resource:/sparkles writer user:root

run-spicedb-permission-check:
	@$(ZED_CMD) permission check project:1 read user:mokhax
	@$(ZED_CMD) permission check project:1 write user:mokhax
	@$(ZED_CMD) permission check project:1 read user:tanuki
	@$(ZED_CMD) permission check project:1 write user:tanuki
	@$(ZED_CMD) permission check resource:/ read user:public

run-spicedb-relationships-list:
	@$(ZED_CMD) relationship read group
	@$(ZED_CMD) relationship read project
	@$(ZED_CMD) relationship read user