using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using ZB.MOM.WW.Auth.AspNetCore;
using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Services;

namespace ZB.MOM.WW.ScadaBridge.Security;

/// <summary>
/// HTTP-backed <see cref="IAuditActorAccessor"/> (Phase 3): resolves the audit
/// <c>Actor</c> from the authenticated principal on the ambient
/// <see cref="IHttpContextAccessor.HttpContext"/>. Used by the user-facing
/// inbound API audit path so a cookie/LDAP-authenticated request records the
/// real user as <c>AuditEvent.Actor</c>.
/// </summary>
/// <remarks>
/// <para>The username is sourced from the canonical
/// <see cref="ZbClaimTypes.Username"/> claim (= <see cref="JwtTokenService.UsernameClaimType"/>,
/// minted by <see cref="JwtTokenService"/> and by the cookie login path), falling
/// back to <see cref="System.Security.Principal.IIdentity.Name"/> (which
/// <see cref="JwtTokenService"/> pins to <see cref="ZbClaimTypes.Name"/> via its
/// token-validation <c>NameClaimType</c>).
/// When there is no ambient request, the principal is unauthenticated, or no
/// usable name claim is present, <see cref="CurrentActor"/> returns <c>null</c> so
/// the caller keeps its existing actor/fallback — an unauthenticated principal is
/// never echoed back as an actor.</para>
/// </remarks>
public sealed class HttpAuditActorAccessor : IAuditActorAccessor
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    /// <summary>Initializes a new instance of <see cref="HttpAuditActorAccessor"/>.</summary>
    /// <param name="httpContextAccessor">Accessor for the ambient HTTP context.</param>
    public HttpAuditActorAccessor(IHttpContextAccessor httpContextAccessor)
    {
        _httpContextAccessor = httpContextAccessor
            ?? throw new ArgumentNullException(nameof(httpContextAccessor));
    }

    /// <inheritdoc />
    public string? CurrentActor
    {
        get
        {
            var user = _httpContextAccessor.HttpContext?.User;
            if (user?.Identity is not { IsAuthenticated: true })
            {
                // No ambient request, or the principal is unauthenticated — never
                // echo an unauthenticated identity back as an actor.
                return null;
            }

            // Prefer the canonical username claim (the value JwtTokenService and
            // the cookie login path mint); fall back to Identity.Name (pinned to
            // ZbClaimTypes.Name by JwtTokenService.NameClaimType).
            var username = user.FindFirst(JwtTokenService.UsernameClaimType)?.Value;
            if (!string.IsNullOrWhiteSpace(username))
            {
                return username;
            }

            var name = user.Identity?.Name;
            return string.IsNullOrWhiteSpace(name) ? null : name;
        }
    }
}