package middleware

import (
	"net/http"

	"github.com/rideaware/admin-panel/internal/config"

	"github.com/gin-gonic/gin"
	"github.com/gorilla/sessions"
)

var store *sessions.CookieStore

// Init initializes the package-level cookie store used for session management.
// It panics if config.Current.SecretKey is empty.
// The created store is configured with Path "/", MaxAge one week, HttpOnly true, Secure false, and SameSite 0.
func Init() {
	if config.Current.SecretKey == "" {
		panic("SECRET_KEY not set")
	}
	store = sessions.NewCookieStore([]byte(config.Current.SecretKey))
	store.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   86400 * 7,
		HttpOnly: true,
		Secure:   false,
		SameSite: 0,
	}
}

// GetStore returns the package-level Gorilla cookie store used for session management.
// It may be nil if Init has not been called.
func GetStore() *sessions.CookieStore {
	return store
}

// Auth enforces session-based authentication for Gin handlers.
// If the request has no session named "session" or the session lacks a "username" value,
// the middleware redirects to "/login" (HTTP 302) and aborts further handling.
// Otherwise the middleware calls the next handler in the chain.
func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {
		session, err := store.Get(c.Request, "session")
		if err != nil || session.Values["username"] == nil {
			c.Redirect(http.StatusFound, "/login")
			c.Abort()
			return
		}
		c.Next()
	}
}