package auth

import (
	"net"
	"net/http"
)

type UserID string
type GroupID string
type CredID string

type Group struct {
	ID   GroupID `json:"id"`
	Name string  `json:"name"`
}

type User struct {
	ID       UserID      `json:"id"`
	GroupIDs []GroupID   `json:"group_ids"`
	Data     interface{} `json:"data,omitempty"`
	UserMetadata

	Creds         []*Credentials  `json:"-"`
	RefreshTokens []*RefreshToken `json:"-"`
}

type UserMetadata struct {
	Owner           bool   `json:"is_owner"`
	Active          bool   `json:"is_active"`
	Name            string `json:"name"`
	SystemGenerated bool   `json:"system_generated"`
	LocalOnly       bool   `json:"local_only"`
}

func (u *User) allowedToAuth(r *http.Request) error {
	if !u.Active {
		return ErrDisabled
	}

	if !u.LocalOnly {
		return nil
	}

	ip := net.ParseIP(r.RemoteAddr)
	if ip == nil {
		return ErrInvalidIP
	}

	if ip.IsLoopback() || ip.IsPrivate() || ip.IsLinkLocalUnicast() {
		return nil
	}

	return ErrUserAuthRemote
}

func (a *Authenticator) getOrCreateUser(c *Credentials) (*User, error) {
	u := a.store.User(c.UserID)
	if u == nil {
		return nil, ErrInvalidAuth
	}

	return u, nil
}