package server

import (
	"context"
	"fmt"
	"net/http"

	"github.com/common-fate/httpsig"
	"github.com/common-fate/httpsig/inmemory"
	"github.com/common-fate/httpsig/verifier"
)

func Start(isCaddyAuth bool, keyDir verifier.KeyDirectory) error {
	mux := http.NewServeMux()

	verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
		NonceStorage: inmemory.NewNonceStorage(),
		KeyDirectory: keyDir,
		Tag:          "auth",
		Scheme:       "http",
		Authority:    "localhost:8080",

		OnValidationError: func(ctx context.Context, err error) {
			fmt.Printf("validation error: %s\n", err)
		},

		OnDeriveSigningString: func(ctx context.Context, stringToSign string) {
			fmt.Printf("string to sign:\n%s\n", stringToSign)
		},
	})

	verifyHandler := verifier(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		attr := httpsig.AttributesFromContext(r.Context()).(string)

		if isCaddyAuth {
			w.Header().Add("Remote-User", attr)
		} else {
			msg := fmt.Sprintf("hello, %s!", attr)
			w.Write([]byte(msg))
		}
	}))

	var handler http.Handler

	if isCaddyAuth {
		handler = rewriteHeaders(verifyHandler)
	} else {
		handler = verifyHandler
	}

	mux.Handle("/", handler)

	err := http.ListenAndServe("localhost:8080", mux)

	return err
}