package middleware

import (
	"net/http"

	"github.com/gin-gonic/gin"
	"github.com/gin-gonic/gin/binding"

	"edge-infra.dev/pkg/lib/fog"
	"edge-infra.dev/pkg/sds/interlock/internal/errors"
)

// ReadOnlyFieldValidation makes sure that request bodies are not trying to send
// data that could update read-only fields.
func ReadOnlyFieldValidation() gin.HandlerFunc {
	return func(c *gin.Context) {
		log := fog.FromContext(c.Request.Context())
		var body interface{}
		if err := c.ShouldBindBodyWith(&body, binding.JSON); err != nil {
			log.Error(err, "failed to validate read-only fields")
			c.AbortWithStatusJSON(http.StatusInternalServerError, errors.NewErrorResponse(errors.NewError(http.StatusText(http.StatusInternalServerError))))
		}
		data := body.(map[string]interface{})
		if _, ok := data["name"]; ok {
			detail := errors.NewReadOnlyFieldMessage("Name")
			c.AbortWithStatusJSON(http.StatusBadRequest, errors.NewErrorResponse(errors.NewError(detail)))
		}
		c.Next()
	}
}