using Microsoft.AspNetCore.Authorization;
using Moonlight.Shared;

namespace Moonlight.Api.Implementations;

public class PermissionAuthorizationHandler : AuthorizationHandler<PermissionRequirement>
{
    protected override Task HandleRequirementAsync(
        AuthorizationHandlerContext context,
        PermissionRequirement requirement)
    {
        var permissionClaim = context.User.FindFirst(x =>
            x.Type.Equals(Permissions.ClaimType, StringComparison.OrdinalIgnoreCase) &&
            x.Value.Equals(requirement.Identifier, StringComparison.OrdinalIgnoreCase)
        );

        if (permissionClaim == null)
        {
            context.Fail(new AuthorizationFailureReason(
                this,
                $"User does not have the requested permission '{requirement.Identifier}'"
            ));
            return Task.CompletedTask;
        }

        context.Succeed(requirement);
        return Task.CompletedTask;
    }
}