package utils

import (
	"errors"
	"github.com/go-chi/chi/v5"
	conf "github.com/muety/wakapi/config"
	"github.com/muety/wakapi/middlewares"
	"github.com/muety/wakapi/models"
	"github.com/muety/wakapi/services"
	"net/http"
)

// CheckEffectiveUser extracts the requested user from a URL (like '/users/{user}'), compares it with the currently authorized user and writes an HTTP error if they differ.
// Fallback can be used to manually set a value for '{user}' if none is present.
func CheckEffectiveUser(w http.ResponseWriter, r *http.Request, userService services.IUserService, fallback string) (*models.User, error) {
	respondError := func(code int, text string) (*models.User, error) {
		err := errors.New(conf.ErrUnauthorized)
		w.WriteHeader(http.StatusUnauthorized)
		w.Write([]byte(err.Error()))
		return nil, err
	}

	userParam := chi.URLParam(r, "user")
	if userParam == "" {
		userParam = fallback
	}

	authorizedUser := middlewares.GetPrincipal(r)
	if authorizedUser == nil {
		return respondError(http.StatusUnauthorized, conf.ErrUnauthorized)
	} else if userParam == "current" {
		return authorizedUser, nil
	}

	if authorizedUser.ID != userParam && !authorizedUser.IsAdmin {
		return respondError(http.StatusUnauthorized, conf.ErrUnauthorized)
	}

	requestedUser, err := userService.GetUserById(userParam)
	if err != nil {
		return respondError(http.StatusNotFound, "user not found")
	}

	return requestedUser, nil
}