use envoy_types::pb::envoy::service::auth::v3::{CheckRequest, CheckResponse};
use std::sync::Arc;
use tonic::{Request, Response, Status};

use super::authorizer::Authorizer;

#[derive(Debug)]
pub struct CheckService {
    authorizer: Arc<dyn Authorizer + Send + Sync>,
}

impl CheckService {
    pub fn new(authorizer: Arc<dyn Authorizer + Send + Sync>) -> Self {
        Self { authorizer }
    }
}

#[tonic::async_trait]
impl envoy_types::pb::envoy::service::auth::v3::authorization_server::Authorization
    for CheckService
{
    async fn check(
        &self,
        request: Request<CheckRequest>,
    ) -> Result<Response<CheckResponse>, Status> {
        if self.authorizer.authorize(request.into_inner()) {
            Ok(Response::new(CheckResponse {
                status: Some(envoy_types::pb::google::rpc::Status {
                    code: 0,
                    message: "OK".to_string(),
                    details: vec![],
                }),
                dynamic_metadata: None,
                http_response: None,
            }))
        } else {
            Ok(Response::new(CheckResponse {
                status: Some(envoy_types::pb::google::rpc::Status {
                    code: 16,
                    message: "Unauthorized".to_string(),
                    details: vec![],
                }),
                dynamic_metadata: None,
                http_response: None,
            }))
        }
    }
}