package auth

import (
	"net/http"

	"github.com/yusing/godoxy/internal/common"
)

var defaultAuth Provider

// Initialize sets up authentication providers.
func Initialize() error {
	if !IsEnabled() {
		return nil
	}

	var err error
	// Initialize OIDC if configured.
	if common.OIDCIssuerURL != "" {
		defaultAuth, err = NewOIDCProviderFromEnv()
	} else {
		defaultAuth, err = NewUserPassAuthFromEnv()
	}

	return err
}

func GetDefaultAuth() Provider {
	return defaultAuth
}

func IsEnabled() bool {
	return !common.DebugDisableAuth && (common.APIJWTSecret != nil || IsOIDCEnabled())
}

func IsOIDCEnabled() bool {
	return common.OIDCIssuerURL != ""
}

type nextHandler struct{}

var nextHandlerContextKey = nextHandler{}

func ProceedNext(w http.ResponseWriter, r *http.Request) {
	next, ok := r.Context().Value(nextHandlerContextKey).(http.HandlerFunc)
	if ok {
		next(w, r)
	} else {
		w.WriteHeader(http.StatusOK)
	}
}

func AuthCheckHandler(w http.ResponseWriter, r *http.Request) {
	if defaultAuth == nil {
		w.WriteHeader(http.StatusServiceUnavailable)
		return
	}
	err := defaultAuth.CheckToken(r)
	if err != nil {
		defaultAuth.LoginHandler(w, r)
	} else {
		w.WriteHeader(http.StatusOK)
	}
}

func AuthOrProceed(w http.ResponseWriter, r *http.Request) (proceed bool) {
	if defaultAuth == nil {
		return true
	}
	err := defaultAuth.CheckToken(r)
	if err != nil {
		defaultAuth.LoginHandler(w, r)
		return false
	}
	return true
}