use std::sync::Arc;

use axum::{
    extract::State,
    http::Request,
    middleware::Next,
    response::{IntoResponse, Response},
    RequestExt,
};
use oxide_auth::frontends::simple::endpoint;
use oxide_auth_axum::{OAuthResource, WebError};
use tracing::{debug, error};

use crate::context::Context;

pub async fn auth_required_middleware<B: Send + 'static>(
    State(state): State<Arc<Context>>,
    mut request: Request<B>,
    next: Next<B>,
) -> Response {
    let resource_request = match request.extract_parts::<OAuthResource>().await {
        Ok(v) => v,
        Err(e) => {
            error!("Rejecting request due to invalid Authorization header");
            return e.into_response();
        }
    };

    let grant = match state.oauth2.resource(resource_request.into()).await {
        Ok(v) => v,
        Err(e) => {
            error!("Rejecting request due to it being unauthorized");
            return e.map_err(endpoint::Error::pack::<WebError>).into_response();
        }
    };

    debug!(?grant, "Request authorized");

    request.extensions_mut().insert(grant);

    next.run(request).await
}