use axum::{extract::FromRequestParts, http::request::Parts};
use axum_extra::TypedHeader;
use entity::users;
use headers::authorization::{Authorization, Bearer};
use sea_orm::EntityTrait;

use crate::{ApiError, AppState, validate_jwt};

pub struct Auth(pub users::Model);

impl FromRequestParts<AppState> for Auth {
    type Rejection = ApiError;

    async fn from_request_parts(
        parts: &mut Parts,
        state: &AppState,
    ) -> Result<Self, Self::Rejection> {
        let token_header =
            TypedHeader::<Authorization<Bearer>>::from_request_parts(parts, state).await?;

        let jwt_claims = validate_jwt(token_header.token(), &state.secret)
            .map_err(|_| ApiError::NotAuthorized)?;

        let user = users::Entity::find_by_id(jwt_claims.sub)
            .one(&state.db)
            .await?
            .ok_or(ApiError::NotAuthorized)?;

        if jwt_claims.iat < user.password_issue_date.and_utc().timestamp() {
            return Err(ApiError::NotAuthorized);
        }

        Ok(Auth(user))
    }
}