package server

import (
	"context"
	"errors"

	"git.xeserv.us/xena/route/internal/database"
	"github.com/Xe/ln"
	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/metadata"
)

// errors
var (
	ErrNotAuthorized = errors.New("server: not authorized")
)

func (s *Server) getAuth(ctx context.Context, scope string) (database.Token, error) {
	var err error

	md, ok := metadata.FromContext(ctx)
	if !ok {
		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
	}

	jwtToken, ok := md["authorization"]
	if !ok {
		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
	}
	val := jwtToken[0]

	t, err := s.db.GetToken(ctx, val)
	if err != nil {
		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
	}

	ok = false
	for _, sc := range t.Scopes {
		if sc == scope {
			ok = true
		}
	}
	if !ok {
		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "invalid scope.")
	}

	return t, nil
}

func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
	ln.Error(err, f, clitok.F())

	return err
}