package app

import (
	"encoding/json"
	"io"
	"net/http"
	"strings"
)

func handleEgressIdentityGet(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodGet {
		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
		return
	}

	scope := strings.TrimSpace(r.URL.Query().Get("scope"))
	if scope == "" {
		http.Error(w, "scope is required", http.StatusBadRequest)
		return
	}

	refresh := false
	switch strings.ToLower(strings.TrimSpace(r.URL.Query().Get("refresh"))) {
	case "1", "true", "yes", "on":
		refresh = true
	}

	item, err := egressIdentitySWR.getSnapshot(scope, refresh)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	writeJSON(w, http.StatusOK, EgressIdentityResponse{
		OK:      true,
		Message: "ok",
		Item:    item,
	})
}

func handleEgressIdentityRefresh(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
		return
	}

	var body EgressIdentityRefreshRequest
	if r.Body != nil {
		defer r.Body.Close()
		if err := json.NewDecoder(io.LimitReader(r.Body, 1<<20)).Decode(&body); err != nil && err != io.EOF {
			http.Error(w, "bad json", http.StatusBadRequest)
			return
		}
	}

	resp, err := egressIdentitySWR.queueRefresh(body.Scopes, body.Force)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	writeJSON(w, http.StatusOK, resp)
}