package auth

import (
	"errors"
	"strings"
	"time"

	"git.jasinco.work/wgcl/internal/logger"
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
	"go.uber.org/zap"
)

var AuthorizeWG uint16 = 0x1
var AuthorizeRevProxy uint16 = 0x2

var JWTKey = []byte("fecv")

type User struct {
	UserName   string `json:"dn" binding:"required"`
	Authorized uint16 `json:"pwr" binding:"required"`
	jwt.RegisteredClaims
}

func (u *User) setupClaim() {
	u.ExpiresAt = jwt.NewNumericDate(time.Now().Add(24 * time.Hour))
	u.Issuer = "tethsues"
	u.Subject = "smb"
	u.ID = "1"
	u.Audience = nil
}
func AuthMiddleware() gin.HandlerFunc {
	return func(ctx *gin.Context) {

		logger.Logger.Info("auth middleware first")
		var user *User = nil
		auth_head, auth_head_exist := ctx.Request.Header["Authorization"]
		// cookie,cookie_err := ctx.Request.Cookie("token")
		if auth_head_exist && strings.HasPrefix(auth_head[0], "Bearer ") {
			_token, err := jwt.ParseWithClaims(strings.TrimPrefix(auth_head[0], "Bearer "), &User{}, func(t *jwt.Token) (any, error) {
				return JWTKey, nil
			})
			if err != nil {
				ctx.Status(400)
				ctx.Abort()
				return
			}
			if _user, ok := _token.Claims.(*User); ok {
				user = _user
			}
		}
		if user != nil {
			logger.Logger.Info("auth middleware", zap.String("dn", user.UserName))
			ctx.Set("token", user)
		} else {
			ctx.Set("token", nil)
			ctx.Status(400)
			ctx.Abort()
			return
		}
		ctx.Next()

	}
}
func IssueJWT(c *gin.Context) {
	cred, err := UserLogin(c)
	if errors.Is(err, ErrBadRequest) {
		c.Status(400)
		return
	} else if err != nil {
		logger.Logger.Warn(err.Error())
		c.Status(500)
		return
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, *cred)
	ss, err := token.SignedString(JWTKey)
	if err != nil {
		logger.Logger.Warn(err.Error())
		c.Status(500)
		return
	}

	c.JSON(200, gin.H{
		"token": ss,
	})

	// c.SetCookie("credential", )
}