package eu.dnetlib.organizations;

import java.util.HashSet;
import java.util.Optional;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

import eu.dnetlib.organizations.controller.UserRole;
import eu.dnetlib.organizations.model.User;
import eu.dnetlib.organizations.repository.UserRepository;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private UserRepository userRepository;

	@Value("${openaire.api.valid.subnet}")
	private String openaireApiValidSubnet;

	@Override
	protected void configure(final HttpSecurity http) throws Exception {

		http.oauth2Login(oauth2 -> oauth2
			.userInfoEndpoint(userInfo -> userInfo.oidcUserService(this.oidcUserService())));
	}

	private OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
		final OidcUserService delegate = new OidcUserService();

		return (userRequest) -> {
			final OidcUser oidcUser = delegate.loadUser(userRequest);

			final Optional<User> user = userRepository.findById(oidcUser.getEmail());
			final String role = user.isPresent() ? user.get().getRole() : UserRole.PENDING.toString();

			final Set<GrantedAuthority> mappedAuthorities = new HashSet<>();
			mappedAuthorities.add(new SimpleGrantedAuthority("ROLE_OPENORGS_" + role));

			return new DefaultOidcUser(mappedAuthorities, oidcUser.getIdToken(), oidcUser.getUserInfo());
		};
	}

	// https://www.baeldung.com/spring-security-openid-connect

	// https://github.com/mitreid-connect/
	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/tree/master/openid-connect-client
	// https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration

	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-login-core/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/uoa-user-management/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-openaire-users/trunk/
	// https://svn.driver.research-infrastructures.eu/driver/dnet45/modules/dnet-login/trunk/

	// Aprire Ticket a GRNET con Argiro e Katerina come watchers

}