package com.example.sbcamel;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.ldap.core.support.BaseLdapPathContextSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.ldap.LdapBindAuthenticationManagerFactory;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.web.SecurityFilterChain;

import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider;

@Configuration
public class SecurityConfig {

	public static final String ROLE_BACKEND = "ROLE_BACKEND";
	public static final String ROLE_SERVER = "ROLE_SERVER";

	@Value("${app.group-search-base:ou=groups}")
	private String groupSearchBase;

	@Value("${app.group-search-filter:(member={0})}")
	private String groupSearchFilter;

	@Value("${app.user-search-base:ou=users}")
	private String userSearchBase;

	@Value("${app.user-search-filter:(uid={0})}")
	private String userSearchFilter;

	@Bean
	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		http.authorizeHttpRequests(
				(authorize) -> authorize.requestMatchers(HttpMethod.GET, "/**").hasAuthority(ROLE_BACKEND)
				.requestMatchers(HttpMethod.POST, "/**").hasAuthority(ROLE_SERVER))
				.httpBasic(Customizer.withDefaults()).csrf(csrf -> csrf.disable());
		return http.build();
	}

	@Bean
	public LdapAuthoritiesPopulator authorities(BaseLdapPathContextSource contextSource) {
		DefaultLdapAuthoritiesPopulator authorities = new DefaultLdapAuthoritiesPopulator(contextSource,
				groupSearchBase);
		authorities.setGroupSearchFilter(groupSearchFilter);
		return authorities;
	}

	@Bean
	public AuthenticationManager authenticationManager(BaseLdapPathContextSource contextSource,
			LdapAuthoritiesPopulator authorities) {
		LdapBindAuthenticationManagerFactory factory = new LdapBindAuthenticationManagerFactory(contextSource);
		factory.setUserSearchBase(userSearchBase);
		factory.setUserSearchFilter(userSearchFilter);
		factory.setLdapAuthoritiesPopulator(authorities);
		return factory.createAuthenticationManager();
	}

	@Bean
	public JacksonJsonProvider jaxrsProvider() {
		return new JacksonJsonProvider();
	}
}