package interceptors

import (
	"context"

	"gitea.benny.dog/torjus/ezshare/pb"
	"gitea.benny.dog/torjus/ezshare/store"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
	"google.golang.org/grpc/peer"
)

type ContextKey string

var ContextKeyRole ContextKey = "role"
var ContextKeyUserID ContextKey = "userid"

func NewAuthInterceptor(s store.UserStore) grpc.UnaryServerInterceptor {
	// TODO: Verify that cert is signed by our ca
	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {
		p, ok := peer.FromContext(ctx)
		if ok {
			tlsInfo, ok := p.AuthInfo.(credentials.TLSInfo)
			if ok {
				if len(tlsInfo.State.PeerCertificates) == 1 {
					cert := tlsInfo.State.PeerCertificates[0]

					id := cert.Subject.CommonName

					user, err := s.GetUser(id)
					if err == nil {
						newCtx := context.WithValue(ctx, ContextKeyRole, user.UserRole)
						newCtx = context.WithValue(newCtx, ContextKeyUserID, user.Id)
						return handler(newCtx, req)
					}
				}
			}
		}

		newCtx := context.WithValue(ctx, ContextKeyRole, pb.User_UNKNOWN)

		return handler(newCtx, req)
	}
}

func RoleFromContext(ctx context.Context) pb.User_Role {
	value := ctx.Value(ContextKeyRole)
	if value == nil {
		return pb.User_UNKNOWN
	}
	role, ok := value.(pb.User_Role)
	if ok {
		return role
	}
	return pb.User_UNKNOWN
}

func UserIDFromContext(ctx context.Context) string {
	value := ctx.Value(ContextKeyUserID)
	if value == nil {
		return ""
	}
	id, ok := value.(string)
	if ok {
		return id
	}
	return ""
}