package middleware

import (
	"net/http"

	"github.com/gin-gonic/gin"
)

var validAPIKeys = map[string]string{
	"ADMINAPI": "admin",
	"GUESTAPI": "guest",
}

var validSignatures = map[string]string{
	"MAILADMIN123":                         "admin",
	"2fc40b52-6b21-4705-a88a-4e4b674a2490": "guest",
	"967ae409-fd44-4853-ab15-4cab3a611a81": "guest",
	"99d4f94c-419d-4556-849a-3ad6a466527a": "guest",
	"ad8697db-9491-4faf-aac2-bf415de0de32": "guest",
	"f67a17ba-e1f1-4356-87f8-33ece72750cc": "guest",
	"e7b6deae-4177-45d0-b8e3-ac9f96c5427a": "guest",
	"9accd55b-b868-475c-a54b-d6cd05a46eb3": "guest",
	"8e593935-65b5-407c-9fb3-d16fbbe6bd65": "guest",
	"20d4b986-9bea-4277-923f-1a7fd107ca52": "guest",
}

func APIKeySignatureMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		// Ambil API key dari header X-API-Key
		apiKey := c.GetHeader("X-API-Key")
		if apiKey == "" {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "API key diperlukan dalam header X-API-Key",
			})
			return
		}

		roleFromAPIKey, validAPIKey := validAPIKeys[apiKey]
		if !validAPIKey {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "API key tidak valid",
			})
			c.Abort()
			return
		}

		signature := c.GetHeader("X-SIGNATURE")
		if signature == "" {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "Signature diperlukan dalam header X-SIGNATURE",
			})
			return
		}

		roleFromSignature, validSignature := validSignatures[signature]
		if !validSignature {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "Signature tidak valid",
			})
			c.Abort()
			return
		}

		if roleFromAPIKey != roleFromSignature {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "API key dan signature tidak sesuai",
			})
			c.Abort()
			return
		}

		c.Set("role", roleFromAPIKey)
		c.Next()
	}
}

func RoleMiddleware(allowedRoles ...string) gin.HandlerFunc {
	return func(c *gin.Context) {

		role, exists := c.Get("role")
		if !exists {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
				"status":  "error",
				"message": "API key tidak terdeteksi",
			})
			return
		}

		roleStr := role.(string)
		roleAllowed := false
		for _, r := range allowedRoles {
			if r == roleStr {
				roleAllowed = true
				break
			}
		}

		if !roleAllowed {
			c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
				"status":  "error",
				"message": "Anda tidak memiliki izin untuk mengakses resource ini",
			})
			return
		}

		c.Next()
	}
}