package auth

import (
	"fmt"

	"git.phc.dm.unipi.it/phc/website/model"
)

// ErrInvalidSession is thrown when an AuthenticatorService is given a missing
// or invalid session token
var ErrInvalidSession = fmt.Errorf(`invalid session token`)

// Service is an authentication service abstraction. When a user is logged in a
// new session token is returned, this can be used to read and modify user
// properties without having to re-send the user password. (TODO: implement
// token renewal)
type Service interface {
	// GetUser retrieves the user info given the username
	GetUser(username string) (*model.User, error)
	// GetUsers retrieves the full user list from the authentication service
	GetUsers() ([]*model.User, error)
	// GetSession retrieves the user session associated to a session token
	GetSession(token string) (*model.Session, error)
	// Login tries to log in a user given username and password and if successful returns a new user session
	Login(username, password string) (*model.Session, error)
}

// UserForSession returns the user linked to the given session token, this is just a shortcut for calling [AuthenticatorService.GetSession] and then [AuthenticatorService.GetUser]
func UserForSession(as Service, token string) (*model.User, error) {
	session, err := as.GetSession(token)
	if err != nil {
		return nil, err
	}

	user, err := as.GetUser(session.Username)
	if err != nil {
		return nil, err
	}

	return user, nil
}

// NewDefaultService create an AuthenticatorService given an "host" string,
// If host is ":memory:" then this uses the [auth.Memory] implementation,
// otherwise for now this defaults to [auth.LDAPAuthService]
func NewDefaultService(host string) Service {
	if host == ":memory:" {
		return exampleMemoryUsers
	}

	return newLDAPAuthService(host)
}