import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { Request, Response } from 'express';
import { ManagerService } from 'src/modules/objects/manager/manager.service';

@Injectable()
export class ZoneAccessGuard implements CanActivate {
  constructor(private service: ManagerService) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest<Request>();
    const response = context.switchToHttp().getResponse<Response>();
    const authHeader = request.headers.authorization;

    if (!authHeader) return false;

    const [base, token] = authHeader.split(' ');
    if (!base || base.toLowerCase() !== 'bearer' || !token) return false;

    const access = await this.service.getZoneForKey(token);
    if (!access) return false;

    const domain = request.params?.domain;
    if (domain && access.zone !== domain) return false;

    response.locals.zone = access;

    return true;
  }
}