package lu.foyer
package auth

import zio.*
import zio.http.*

object AuthMiddleware:
  def jwtAuthentication(realm: String): HandlerAspect[JwtTokenService, UserInfo] =
    HandlerAspect.interceptIncomingHandler {
      handler { (request: Request) =>
        request.header(Header.Authorization) match
          case Some(Header.Authorization.Bearer(token)) =>
            ZIO
              .serviceWithZIO[JwtTokenService](_.verify(token.value.asString))
              .map(UserInfo(_))
              .map(userInfo => (request, userInfo))
              .orElseFail(
                Response.unauthorized.addHeaders(Headers(Header.WWWAuthenticate.Bearer(realm)))
              )
          case _ =>
            ZIO.fail(
              Response.unauthorized.addHeaders(Headers(Header.WWWAuthenticate.Bearer(realm)))
            )
      }
    }