package authz

import (
	"context"
	"os"

	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
	"github.com/authzed/authzed-go/v1"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
	"google.golang.org/grpc"
)

func NewSpiceDBClient(ctx context.Context, host string, presharedKey string) *authzed.Client {
	client, err := authzed.NewClient(
		host,
		grpc.WithTransportCredentials(credentialsFor(ctx, host)),
		grpc.WithPerRPCCredentials(NewBearerToken(presharedKey)),
	)
	if err != nil {
		pls.LogErrorNow(ctx, err)
	}
	return client
}

type CheckPermissionService interface {
	CheckPermission(ctx context.Context, in *v1.CheckPermissionRequest, opts ...grpc.CallOption) (*v1.CheckPermissionResponse, error)
}

func WriteSchema(ctx context.Context, client *authzed.Client, path string) (*v1.WriteSchemaResponse, error) {
	content, err := os.ReadFile(path)
	if err != nil {
		return nil, err
	}

	return client.WriteSchema(ctx, &v1.WriteSchemaRequest{
		Schema: string(content),
	})
}