defmodule CustomerServiceWeb.Router do
  use CustomerServiceWeb, :router

  alias CustomerServiceWeb.{CustomerController, LeadController}

  pipeline :api do
    plug :accepts, ["json"]
    plug OpenApiSpex.Plug.PutApiSpec, module: CustomerServiceWeb.ApiSpec
  end

  pipeline :auth do
    plug Oidcc.Plug.ExtractAuthorization
    plug Oidcc.Plug.RequireAuthorization

    plug CustomerServiceWeb.Plugs.RequireOrganizationId
    plug CustomerServiceWeb.Plugs.ExtractOrganizationId

    plug :introspect
  end

  pipeline :customer_create do
    plug :authorize_roles, required_permissions: ["customer:create"]
  end

  pipeline :customer_read do
    plug :authorize_roles, required_permissions: ["customer:read"]
  end

  pipeline :customer_update do
    plug :authorize_roles, required_permissions: ["customer:update"]
  end

  pipeline :lead_create do
    plug :authorize_roles, required_permissions: ["lead:create"]
  end

  pipeline :lead_read do
    plug :authorize_roles, required_permissions: ["lead:read"]
  end

  pipeline :lead_update do
    plug :authorize_roles, required_permissions: ["lead:update"]
  end

  get "/health", CustomerServiceWeb.HealthController, :health
  get "/health/ready", CustomerServiceWeb.HealthController, :ready

  scope "/api" do
    pipe_through [:api]

    get "/openapi", OpenApiSpex.Plug.RenderSpec, []

    scope "/v1" do
      pipe_through [:auth]

      scope "/" do
        pipe_through [:customer_create]
        post "/customers", CustomerController, :create
        post "/customers/individual", CustomerController, :create
        post "/customers/corporate", CustomerController, :create_corporate
      end

      scope "/" do
        pipe_through [:customer_read]
        get "/customers", CustomerController, :index
        get "/customers/:id", CustomerController, :show
      end

      scope "/" do
        pipe_through [:customer_update]
        put "/customers/individual/:id", CustomerController, :update
        put "/customers/corporate/:id", CustomerController, :update_corporate
      end

      scope "/" do
        pipe_through [:lead_create]
        post "/leads", LeadController, :create
      end

      scope "/" do
        pipe_through [:lead_read]
        get "/leads", LeadController, :index
        get "/leads/:id", LeadController, :show
      end

      scope "/" do
        pipe_through [:lead_update]
        put "/leads/:id", LeadController, :update
        put "/leads/:id/status", LeadController, :update_status
      end
    end
  end

  if Mix.env() == :dev do
    scope "/swaggerui" do
      get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
    end
  end

  def introspect(conn, _opts) do
    zitadel = Application.get_env(:customer_service, :zitadel)

    opts =
      Oidcc.Plug.IntrospectToken.init(
        provider: CustomerService.ZitadelProvider,
        client_id: zitadel[:client_id],
        client_secret: zitadel[:client_secret],
        token_introspection_opts: %{client_self_only: false}
      )

    Oidcc.Plug.IntrospectToken.call(conn, opts)
  end

  def authorize_roles(conn, opts) do
    zitadel = Application.get_env(:customer_service, :zitadel)

    o =
      CustomerServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])

    CustomerServiceWeb.Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, o))
  end
end