using System.Text.Json.Serialization;
using SPTarkov.Server.Core.Models.Eft.Common;
using SPTarkov.DI.Annotations;
using SPTarkov.Server.Core.Callbacks;
using SPTarkov.Server.Core.DI;
using SPTarkov.Server.Core.Models.Eft.Launcher;
using SPTarkov.Server.Core.Routers.Static;
using SPTarkov.Server.Core.Utils;

namespace PersonalAuthMod;



[Injectable(TypePriority = OnLoadOrder.PostSptModLoader + 100)]
public class AuthRouter : StaticRouter
{
    public AuthRouter(
        JsonUtil jsonUtil,
        LauncherCallbacks launcherCallbacks,
        ProfileCallbacks profileCallbacks,
        DatabaseManager dbManager
    ) : base(jsonUtil, 
    [
        // Get Profile (Filter / Validate)
        new RouteAction<LoginRequestData>(
            "/launcher/profile/get",
            async (url, info, sessionID, _) =>
            {
                if (!dbManager.ValidateSession(sessionID))
                    return "FAILED"; 

                var sessionUser = dbManager.GetUsernameBySession(sessionID);
                // info.Username is typically passed by launcher. Verify it matches.
                if (!string.IsNullOrEmpty(info.Username) && sessionUser != info.Username)
                {
                    return "FAILED"; 
                }

                return await launcherCallbacks.Get(url, info, sessionID);
            }
        ),
        // Remove Profile (Protect)
        new RouteAction<RemoveProfileData>(
            "/launcher/profile/remove",
            async (url, info, sessionID, _) =>
            {
                if (!dbManager.ValidateSession(sessionID)) return "FAILED";
                
                // Also verify the user owns the profile being removed.
                // Assuming sessionID is the "access token", calls to Remove need a valid session.
                return await launcherCallbacks.RemoveProfile(url, info, sessionID);
            }
        )
    ])
    {
    }
}