package auth

import (
	"fmt"

	"git.acooldomain.co/server-manager/backend/models"
	"github.com/gin-gonic/gin"
)

const AuthorizedParam string = "authorized"

func AuthorizedTo(requiredPermissions models.Permission) gin.HandlerFunc {
	return func(ctx *gin.Context) {
		claimsPointer, exists := ctx.Get("claims")
		if !exists {
			ctx.AbortWithError(500, fmt.Errorf("Did not call LoggedIn first"))
			return
		}

		claims, ok := claimsPointer.(*AuthClaims)
		if !ok {
			return
		}

		if (requiredPermissions&claims.Permissions != requiredPermissions) && (models.Admin&claims.Permissions != models.Admin) {
			return
		}

		ctx.Set(AuthorizedParam, true)
	}
}

func AuthorizationEnforcer() gin.HandlerFunc {
	return func(ctx *gin.Context) {
		authorized, exists := ctx.Get(AuthorizedParam)
		if !exists {
			ctx.AbortWithStatus(403)
			return
		}

		if !authorized.(bool) {
			ctx.AbortWithStatus(403)
		}

	}
}