package com.stephenschafer.budget;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
	@Autowired
	private JwtAuthenticationEntryPoint unauthorizedHandler;
	@Autowired
	CustomCorsConfiguration customCorsConfiguration;

	@Bean
	AuthenticationManager authenticationManager(final UserDetailsService userDetailsService,
			final PasswordEncoder passwordEncoder) {
		final var provider = new DaoAuthenticationProvider(userDetailsService);
		provider.setPasswordEncoder(passwordEncoder);
		return new ProviderManager(provider);
	}

	@Bean
	BCryptPasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Bean
	JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception {
		return new JwtAuthenticationFilter();
	}

	@Bean
	SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
		http.cors(c -> c.configurationSource(customCorsConfiguration)) //
				.csrf(AbstractHttpConfigurer::disable) //
				.authorizeHttpRequests(requests -> {
					requests.requestMatchers("/token/*",
						"/signup").permitAll().anyRequest().authenticated();
				}) //
				.exceptionHandling(
					configurer -> configurer.authenticationEntryPoint(unauthorizedHandler)) //
				.sessionManagement(configurer -> configurer.sessionCreationPolicy(
					SessionCreationPolicy.STATELESS));
		http.addFilterBefore(authenticationTokenFilterBean(),
			UsernamePasswordAuthenticationFilter.class);
		/*
		requests.requestMatchers("/token/*",
				"/signup").permitAll().anyRequest().authenticated();
		*/
		/*
		http.cors().and().csrf().disable().authorizeRequests().antMatchers("/token/*",
				"/signup").permitAll().anyRequest().authenticated().and().exceptionHandling().authenticationEntryPoint(
					unauthorizedHandler).and().sessionManagement().sessionCreationPolicy(
						SessionCreationPolicy.STATELESS);
			// @formatter:on
			http.addFilterBefore(authenticationTokenFilterBean(),
				UsernamePasswordAuthenticationFilter.class);
		*/
		return http.build();
	}
}