package authz

import (
	"net/http"

	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
	auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
	"github.com/xlgmokha/x/pkg/log"
	"github.com/xlgmokha/x/pkg/mapper"
	"github.com/xlgmokha/x/pkg/x"
	"google.golang.org/protobuf/types/known/structpb"
)

func init() {
	mapper.Register[*auth.CheckRequest, log.Fields](func(r *auth.CheckRequest) log.Fields {
		return log.Fields{
			"host":       r.Attributes.Request.Http.Host,
			"id":         r.Attributes.Request.Http.Id,
			"method":     r.Attributes.Request.Http.Method,
			"path":       r.Attributes.Request.Http.Path,
			"protocol":   r.Attributes.Request.Http.Protocol,
			"request_id": r.Attributes.Request.Http.Headers["x-request-id"],
			"scheme":     r.Attributes.Request.Http.Scheme,
			"subject":    r.Attributes.Request.Http.Headers["x-jwt-claim-username"],
		}
	})

	mapper.Register[*auth.CheckRequest, *v1.ObjectReference](func(r *auth.CheckRequest) *v1.ObjectReference {
		return &v1.ObjectReference{
			ObjectType: "resource",
			ObjectId:   r.Attributes.Request.Http.Path,
		}
	})

	mapper.Register[*auth.CheckRequest, *v1.SubjectReference](func(r *auth.CheckRequest) *v1.SubjectReference {
		//TODO:: username is not ideal but it works for demo purposes
		username := r.Attributes.Request.Http.Headers["x-jwt-claim-username"]
		if x.IsZero(username) {
			username = "public"
		}

		return &v1.SubjectReference{
			Object: &v1.ObjectReference{
				ObjectType: "user",
				ObjectId:   username,
			},
		}
	})

	mapper.Register[*auth.CheckRequest, Permission](func(r *auth.CheckRequest) Permission {
		switch r.GetAttributes().Request.Http.Method {
		case http.MethodGet:
			return "read"
		case http.MethodPost:
			return "create"
		case http.MethodPut:
			return "update"
		case http.MethodPatch:
			return "update"
		case http.MethodDelete:
			return "delete"
		default:
			return "read"
		}
	})

	mapper.Register[*auth.CheckRequest, *v1.CheckPermissionRequest](func(r *auth.CheckRequest) *v1.CheckPermissionRequest {
		return &v1.CheckPermissionRequest{
			Resource:   mapper.MapFrom[*auth.CheckRequest, *v1.ObjectReference](r),
			Permission: mapper.MapFrom[*auth.CheckRequest, Permission](r).String(),
			Subject:    mapper.MapFrom[*auth.CheckRequest, *v1.SubjectReference](r),
			Context:    x.Must(structpb.NewStruct(map[string]any{})),
		}
	})
}