package eu.dnetlib.uoaauthorizationlibrary.security;

import eu.dnetlib.uoaauthorizationlibrary.utils.AuthorizationUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@Component
public class AuthorizationFilter implements Filter {

    private AuthorizationProvider authorizationProvider;
    private AuthorizationUtils utils;
    private final Logger log = Logger.getLogger(this.getClass());

    @Autowired
    AuthorizationFilter(AuthorizationProvider authorizationProvider, AuthorizationUtils utils) {
        this.authorizationProvider = authorizationProvider;
        this.utils = utils;
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        String token = utils.getToken(request);
        if (token != null) {
            Authentication auth = authorizationProvider.getAuthentication(token);
            SecurityContextHolder.getContext().setAuthentication(auth);
        } else {
            HttpServletResponse response = (HttpServletResponse) res;
            response.sendError(HttpStatus.UNAUTHORIZED.value(), "No token has been found");
            return;
        }
        filterChain.doFilter(req, res);
    }

    @Override
    public void destroy() {

    }
}