defmodule PolicyServiceWeb.Router do
  use PolicyServiceWeb, :router

  alias PolicyServiceWeb.PolicyController
  alias PolicyServiceWeb.HealthController

  @zitadel Application.get_env(:policy_service, :zitadel)

  pipeline :api do
    plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
  end

  pipeline :authorize do
    plug Oidcc.Plug.ExtractAuthorization
    plug Oidcc.Plug.RequireAuthorization

    plug PolicyServiceWeb.Plugs.RequireOrganizationId
    plug PolicyServiceWeb.Plugs.ExtractOrganizationId

    plug Oidcc.Plug.IntrospectToken,
      provider: PolicyService.ZitadelProvider,
      client_id: @zitadel[:client_id],
      client_secret: @zitadel[:client_secret]

    plug PolicyServiceWeb.Plugs.AuthorizeRoles,
      roles_claim: @zitadel[:roles_claim]
  end

  get "/health", HealthController, :health
  get "/health/ready", HealthController, :ready

  scope "/api" do
    pipe_through [:api]

    get "/openapi", OpenApiSpex.Plug.RenderSpec, []

    scope "/v1" do
      pipe_through [:authorize]

      get "/policies", PolicyController, :index, required_permission: ["policy:read"]

      get "/policies/:application_id", PolicyController, :show,
        required_permissions: ["policy:read"]

      post "/policies", PolicyController, :create, required_permissions: ["policy:create_request"]

      post "/policies/:application_id/accept", PolicyController, :accept,
        required_permission: ["policy:submit_solicitation"]
    end
  end

  scope "/swaggerui" do
    get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
  end
end