package api

import (
	"git.jmbit.de/jmb/patchman/server/database"
	"git.jmbit.de/jmb/patchman/server/utils"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
	"golang.org/x/crypto/bcrypt"
	"net/http"
)

// Handles Auth for the Endpoint route group.
// takes the full paths for URLs to bypass as an argument
func endpointAuth(bypass []string) gin.HandlerFunc {
	var endpoint database.Endpoint
	var err error
	return func(c *gin.Context) {
		// Check if URL is in Bypass list. Be careful with those!
		for _, url := range bypass {
			if c.FullPath() == url {
				c.Next()
			}
		}
		endpoint.ID, err = uuid.Parse(c.Request.Header["x-patchman-id"][0])
		utils.HandleError(err, http.StatusBadRequest, "Could not parse Endpoint ID", c)

		secret := c.Request.Header["x-patchman-secret"][0]

		// Get corresponding Endpoint
		result := database.DB.First(&endpoint)
		utils.HandleError(result.Error, http.StatusBadRequest, "Could not find UUID", c)

		// Compare Secret with hash
		err = bcrypt.CompareHashAndPassword([]byte(endpoint.SecretHash), []byte(secret))
		utils.HandleError(err, http.StatusUnauthorized, "Authentication failed", c)

	}
}