package router

import (
	"net/http"

	"go.jolheiser.com/cabinet/internal/workspace"
)

func tokenMiddleware(c Cabinet, perm workspace.TokenPermission) func(handler http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			prot, err := c.IsProtected()
			if err != nil {
				http.Error(w, "could not check token protection", http.StatusInternalServerError)
				return
			}
			if !prot {
				next.ServeHTTP(w, r)
				return
			}

			t := r.FormValue("token")
			if t == "" {
				http.Error(w, "this host is token protected", http.StatusUnauthorized)
				return
			}

			token, err := c.Token(t)
			if err != nil {
				http.Error(w, "could not get token", http.StatusInternalServerError)
				return
			}

			if !token.Has(perm) {
				http.Error(w, "this token cannot access this resource", http.StatusForbidden)
				return
			}

			next.ServeHTTP(w, r)
		})
	}
}