package authz

import (
	"fmt"
	"net"
	"net/http"

	"github.com/casbin/casbin/v3"
	"github.com/xlgmokha/x/pkg/log"
	"github.com/xlgmokha/x/pkg/x"
)

func WithCasbin() Authorizer {
	enforcer := x.Must(casbin.NewEnforcer("casbin.conf", "casbin.csv"))

	return AuthorizerFunc(func(r *http.Request) bool {
		host, _, err := net.SplitHostPort(r.Host)
		if err != nil {
			log.WithFields(r.Context(), log.Fields{"error": err})
			return false
		}

		subject, found := TokenFrom(r).Subject()
		if !found {
			subject = "*"
		}
		ok, err := enforcer.Enforce(subject, host, r.Method, r.URL.Path)
		if err != nil {
			log.WithFields(r.Context(), log.Fields{"error": err})
			return false
		}

		fmt.Printf("%v: %v -> %v %v%v\n", ok, subject, r.Method, host, r.URL.Path)
		log.WithFields(r.Context(), log.Fields{
			"authz":   ok,
			"subject": subject,
			"action":  r.Method,
			"domain":  host,
			"object":  r.URL.Path,
		})
		return ok
	})
}