package middleware

import (
	"net/http"

	"github.com/coreos/go-oidc/v3/oidc"
	"github.com/xlgmokha/x/pkg/log"
	"github.com/xlgmokha/x/pkg/mapper"
	"github.com/xlgmokha/x/pkg/x"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/domain"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
)

func User(db domain.Repository[*domain.User]) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			subject := r.Header.Get("x-jwt-claim-sub")
			log.WithFields(r.Context(), log.Fields{"sub": subject})
			user := db.Find(r.Context(), domain.ID(subject))

			if !x.IsPresent(user) {
				idToken := cfg.IDToken.From(r.Context())

				if x.IsZero(idToken) {
					next.ServeHTTP(w, r)
					return
				}

				user = db.Find(r.Context(), domain.ID(idToken.Subject))
				if !x.IsPresent(user) {
					user = mapper.MapFrom[*oidc.IDToken, *domain.User](idToken)
					if err := db.Save(r.Context(), user); err != nil {
						pls.LogError(r.Context(), err)
						next.ServeHTTP(w, r)
						return
					}
				}
			}

			next.ServeHTTP(w, r.WithContext(cfg.CurrentUser.With(r.Context(), user)))
		})
	}
}