defmodule ProviderServiceWeb.Router do
  use Phoenix.Router
  import Plug.Conn

  alias ProviderServiceWeb.Plugs

  pipeline :api do
    plug(:accepts, ["json"])
    plug(OpenApiSpex.Plug.PutApiSpec, module: ProviderServiceWeb.ApiSpec)
  end

  pipeline :auth do
    plug(Oidcc.Plug.ExtractAuthorization)
    plug(Oidcc.Plug.RequireAuthorization)
    plug(ProviderServiceWeb.Plugs.RequireOrganizationId)
    plug(ProviderServiceWeb.Plugs.ExtractOrganizationId)
    plug(:introspect)
  end

  pipeline :read do
    plug(:authorize_roles, required_permissions: ["provider:read"])
  end

  pipeline :manage do
    plug(:authorize_roles, required_permissions: ["provider:manage"])
  end

  get("/health", ProviderServiceWeb.HealthController, :health)
  get("/health/ready", ProviderServiceWeb.HealthController, :ready)

  scope "/api" do
    pipe_through(:api)

    get("/openapi", OpenApiSpex.Plug.RenderSpec, [])

    scope "/v1" do
      pipe_through([:auth])

      scope "/" do
        pipe_through([:read])
        get("/providers", ProviderServiceWeb.ProviderController, :index)
        get("/providers/:provider_id", ProviderServiceWeb.ProviderController, :show)
        get("/providers/:provider_id/templates", ProviderServiceWeb.TemplateController, :index)
      end

      scope "/" do
        pipe_through([:manage])
        post("/providers", ProviderServiceWeb.ProviderController, :create)
        put("/providers/:provider_id", ProviderServiceWeb.ProviderController, :update)

        post(
          "/providers/:provider_id/deactivate",
          ProviderServiceWeb.ProviderController,
          :deactivate
        )

        post(
          "/providers/:provider_id/reactivate",
          ProviderServiceWeb.ProviderController,
          :reactivate
        )

        post(
          "/providers/:provider_id/templates",
          ProviderServiceWeb.TemplateController,
          :upload_template
        )

        post(
          "/providers/:provider_id/templates/:template_id/activate",
          ProviderServiceWeb.TemplateController,
          :activate
        )

        post(
          "/providers/:provider_id/templates/:template_id/deactivate",
          ProviderServiceWeb.TemplateController,
          :deactivate
        )

        post(
          "/providers/:provider_id/templates/:template_id/set-default",
          ProviderServiceWeb.TemplateController,
          :set_default
        )

        delete(
          "/providers/:provider_id/templates/:template_id",
          ProviderServiceWeb.TemplateController,
          :remove
        )
      end
    end
  end

  defp introspect(conn, _opts) do
    zitadel = Application.get_env(:provider_service, :zitadel)

    opts =
      Oidcc.Plug.IntrospectToken.init(
        provider: ProviderService.ZitadelProvider,
        client_id: zitadel[:client_id],
        client_secret: zitadel[:client_secret],
        token_introspection_opts: %{client_self_only: false}
      )

    Oidcc.Plug.IntrospectToken.call(conn, opts)
  end

  defp authorize_roles(conn, opts) do
    zitadel = Application.get_env(:provider_service, :zitadel)

    init_opts = Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])

    Plugs.AuthorizeRoles.call(conn, Keyword.merge(opts, init_opts))
  end

  if Mix.env() == :dev do
    scope "/swaggerui" do
      get("/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi")
    end
  end
end