package server

import (
	"context"
	"fmt"
	"net/http"

	"edge-infra.dev/pkg/lib/fog"
	"edge-infra.dev/pkg/sds/emergencyaccess/apierror"
	errorhandler "edge-infra.dev/pkg/sds/emergencyaccess/apierror/handler"
	"edge-infra.dev/pkg/sds/emergencyaccess/types"

	"github.com/gin-gonic/gin"
)

func (server *GatewayServer) EndSession(c *gin.Context) {
	log := fog.FromContext(c)

	var payload types.EndSessionPayload
	if err := c.ShouldBindJSON(&payload); err != nil {
		errorhandler.ErrorHandler(c, apierror.E(apierror.ErrPayloadStructure, err))
		return
	}

	if err := payload.Validate(); err != nil {
		errorhandler.ErrorHandler(c, apierror.E(apierror.ErrPayloadProperties, err))
		return
	}
	log = log.WithValues("sessionID", payload.SessionID)
	c.Request = c.Request.Clone(fog.IntoContext(c.Request.Context(), log))

	// Validate user roles for *any* authorized privileges before ending session
	if err := server.authorizeUser(c); err != nil {
		errorhandler.ErrorHandler(c, apierror.E(
			apierror.ErrEndSessionFailure,
			err,
		))
		return
	}

	user, ok := types.UserFromContext(c)
	if !ok {
		errorhandler.ErrorHandler(c, apierror.E(apierror.ErrEndSessionFailure, fmt.Errorf("error retrieving user details")))
		return
	}

	log.Info("Ending Session",
		"userID", user.Username,
	)

	err := server.rcli.EndSession(c, payload.SessionID)
	if err != nil {
		errorhandler.ErrorHandler(c, apierror.E(apierror.ErrEndSessionFailure, err))
		return
	}
	c.Status(http.StatusOK)
}

func (server *GatewayServer) authorizeUser(ctx context.Context) error {
	log := fog.FromContext(ctx)

	url := server.authorizeUserURL.String()
	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, nil)
	if err != nil {
		return fmt.Errorf("creating http request: %w", err)
	}

	log.Info("Invoking auth service", "url", url)
	resp, err := server.client.Do(req)
	if err != nil {
		return fmt.Errorf("request error: %w", err)
	}
	defer resp.Body.Close()

	log.Info("Auth service response received", "url", url)
	if resp.StatusCode != http.StatusOK {
		return apierror.E(
			apierror.ErrEndSessionFailure,
			errorhandler.ParseJSONAPIError(resp.Body),
			fmt.Errorf("non-ok status from auth service authorizeUser(%d)", resp.StatusCode),
		)
	}

	return nil
}