using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;

namespace AMWD.Common.AspNetCore.Security.PathProtection
{
	/// <summary>
	/// Implements a check to provide protected paths.
	/// </summary>
	/// <remarks>
	/// Initializes a new instance of the <see cref="ProtectedPathExtensions"/> class.
	/// </remarks>
	/// <param name="next">The following delegate in the process chain.</param>
	/// <param name="options">The options to configure the middleware.</param>
	public class ProtectedPathMiddleware(RequestDelegate next, ProtectedPathOptions options)
	{
		private readonly RequestDelegate _next = next;
		private readonly PathString _path = options.Path;
		private readonly string _policyName = options.PolicyName;

		/// <summary>
		/// The delegate invokation.
		/// Performs the protection check.
		/// </summary>
		/// <param name="httpContext">The corresponding HTTP context.</param>
		/// <param name="authorizationService">The <see cref="IAuthorizationService"/>.</param>
		/// <returns>An awaitable task.</returns>
		public async Task InvokeAsync(HttpContext httpContext, IAuthorizationService authorizationService)
		{
			if (httpContext.Request.Path.StartsWithSegments(_path))
			{
				var result = await authorizationService.AuthorizeAsync(httpContext.User, null, _policyName).ConfigureAwait(false);
				if (!result.Succeeded)
				{
					await httpContext.ChallengeAsync().ConfigureAwait(false);
					return;
				}
			}
			await _next.Invoke(httpContext).ConfigureAwait(false);
		}
	}
}