import Elysia from "elysia";
import { User, Session, verifyRequestOrigin } from "lucia";
import { lucia } from "./db";
import type { Generator } from "elysia-rate-limit";

export const ipGenerator = () => {
  let gen: Generator<any>;

  if (process.env.DETECT_IP == "fwf") {
    gen = (req, server) => {
      let fwf = req.headers.get("x-forwarded-for")!;
      if (!fwf) {
        console.log(
          "!!! x-forwarded-for missing on request, while DETECT_IP is set to fwf! falling back to server IP !!!"
        );
        fwf = server?.requestIP(req)?.address!;
      }

      return fwf;
    };
  } else {
    gen = (req, server) => {
      return server?.requestIP(req)?.address!;
    };
  }
  return gen;
};

export default new Elysia({
  name: "session",
}).derive(
  { as: "global" },
  async (
    context
  ): Promise<{
    user: User | null;
    session: Session | null;
  }> => {
    // CSRF check
    if (context.request.method !== "GET") {
      const originHeader = context.request.headers.get("Origin");
      // NOTE: You may need to use `X-Forwarded-Host` instead
      if (
        !originHeader ||
        !verifyRequestOrigin(originHeader, ["chat.sad.ovh", "localhost:5173"])
      ) {
        return {
          user: null,
          session: null,
        };
      }
    }

    // use headers instead of Cookie API to prevent type coercion
    const cookieHeader = context.request.headers.get("Cookie") ?? "";
    const sessionId = lucia.readSessionCookie(cookieHeader);
    if (!sessionId) {
      return {
        user: null,
        session: null,
      };
    }

    const { session, user } = await lucia.validateSession(sessionId);
    if (session && session.fresh) {
      const sessionCookie = lucia.createSessionCookie(session.id);
      context.cookie[sessionCookie.name].set({
        value: sessionCookie.value,
        ...sessionCookie.attributes,
      });
    }

    if (!session) {
      const sessionCookie = lucia.createBlankSessionCookie();
      context.cookie[sessionCookie.name].set({
        value: sessionCookie.value,
        ...sessionCookie.attributes,
      });
    }

    return {
      user,
      session,
    };
  }
);