package middlewares

import (
	"slices"
	"strings"

	"git.secnex.io/secnex/masterlog"
	"git.secnex.io/secnex/mgmt-api/config"
	"github.com/gofiber/fiber/v2"
)

func AuthMiddleware() fiber.Handler {
	return func(c *fiber.Ctx) error {
		if slices.Contains(config.CONFIG.UnprotectedEndpoints, c.Path()) {
			masterlog.Debug("Unprotected endpoint", map[string]interface{}{"path": c.Path()})
			return c.Next()
		}
		token := c.Get("Authorization")
		if token == "" {
			masterlog.Debug("No token provided", map[string]interface{}{"path": c.Path(), "authorization": c.Get("Authorization")})
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
		}

		tokenParts := strings.Split(token, " ")
		if len(tokenParts) != 2 {
			masterlog.Debug("Invalid token parts", map[string]interface{}{"token_parts": tokenParts})
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
		}

		tokenPartType, _ := tokenParts[0], tokenParts[1]
		if tokenPartType != "Bearer" {
			masterlog.Debug("Invalid token type", map[string]interface{}{"token_type": tokenPartType})
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
		}

		return c.Next()
	}
}