use crate::{app::AdminAuthToken, AppState};
use actix_web::{
    body::{EitherBody, MessageBody},
    dev::{forward_ready, Service, ServiceRequest, ServiceResponse, Transform},
    Error,
};
use futures::prelude::future::LocalBoxFuture;
use std::future::{ready, Ready};

#[derive(Clone)]
pub struct AuthService;

impl<S, B> Transform<S, ServiceRequest> for AuthService
where
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
    B: MessageBody + 'static,
{
    type Response = ServiceResponse<EitherBody<B>>;
    type Error = Error;
    type InitError = ();
    type Transform = AuthenticatedMiddleware<S>;
    type Future = Ready<Result<Self::Transform, Self::InitError>>;

    fn new_transform(&self, service: S) -> Self::Future {
        ready(Ok(AuthenticatedMiddleware {
            service: std::rc::Rc::new(service),
        }))
    }
}

pub struct AuthenticatedMiddleware<S> {
    service: std::rc::Rc<S>,
}

async fn authenticate(req: &mut ServiceRequest, token: &AdminAuthToken) -> bool {
    match req.cookie(&token.cookie_name) {
        Some(cookie) => token.match_value(cookie.value().to_string()),
        None => false,
    }
}

impl<S, B> Service<ServiceRequest> for AuthenticatedMiddleware<S>
where
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
    B: MessageBody + 'static,
{
    type Response = ServiceResponse<EitherBody<B>>;
    type Error = Error;
    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;

    forward_ready!(service);

    fn call(&self, req: ServiceRequest) -> Self::Future {
        let token = {
            let app_state = req
                .app_data::<actix_web::web::Data<std::sync::Mutex<AppState>>>()
                .expect("Failed to extract AppState from ServiceRequest")
                .lock()
                .expect("Failed to lock AppState Mutex");
            app_state.admin_auth_token.clone()
        };

        let service = self.service.clone();

        Box::pin(async move {
            let mut req = req;
            if let false = authenticate(&mut req, &token).await {
                return Ok(req.into_response(
                    actix_web::HttpResponse::Unauthorized()
                        .body("<html><body>Error 401 - Unauthorized - Please go to <a href='/admin/login'>login page</a>.</body></html>") // TODO a proper 401 view ?
                        .map_into_right_body(),
                ));
            }

            Ok(service.call(req).await?.map_into_left_body())
        })
    }
}