package auth

import (
	"net/http"

	"github.com/gin-contrib/sessions"
	"github.com/gin-gonic/gin"

	"git.jmbit.de/jmb/goipam/utils"
	"git.jmbit.de/jmb/goipam/web/templates"
)

// AuthMiddleware deals with checking authentication and authorization (Is the user logged in and permitted to see/do something)
func AuthMiddleware(requiredLevel int) gin.HandlerFunc {
	return func(c *gin.Context) {
		session := sessions.Default(c)
		isLoggedIn := session.Get("isLoggedIn")
		accessLevel := session.Get("accessLevel")
		if isLoggedIn != true {
			c.Redirect(http.StatusFound, "/login.html")
			// Not logged in, abort
			c.Abort()
			return
		}
		if accessLevelValue, ok := accessLevel.(int); ok {
			if accessLevelValue < requiredLevel {
				metaContent := utils.GenMetaContent(c)
				metaContent.ErrorTitle = "Not Authorized"
				metaContent.ErrorText = "You are not authorized to do this Action"
				c.HTML(http.StatusUnauthorized, "", templates.Login(metaContent, "Login", nil))
				c.Abort()
				return
			}
		}
		// Logged in and authorized, continue
		c.Next()
	}
}