package middleware

import (
	"fmt"
	"log"
	"net/http"
	"os"
	"strings"

	"github.com/golang-jwt/jwt"
)

var secret = []byte(os.Getenv("SECRET"))

func Auth(f http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// get token
		authheader, ok := r.Header["Authorization"]
		if !ok {
			http.Error(w, "Missing token", http.StatusBadRequest)
			return
		}
		tokenString := strings.Split(authheader[0], " ")[1]

		//parse token
		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
				return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
			}
			return secret, nil
		})
		if err != nil {
			http.Error(w, "Bad token", http.StatusBadRequest)
			return
		}

		// check if path is allowed
		if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid && r.URL.Path == claims["path"] {
			log.Println(r.URL.Path)
			f(w, r)
		} else {
			log.Println(err)
			http.Error(w, "Forbidden", http.StatusUnauthorized)
		}
		// it's all good
	}
}

func GenerateToken(path string) {
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"path": path,
	})
	tokenString, err := token.SignedString(secret)
	if err != nil {
		panic(err)
	}
	fmt.Println(tokenString)
}