using HRD.LDAPService;
using HRD.LDAPService.JWT;
using HRD.WebApi;
using System.Collections.Generic;

namespace StaffDBServer.Extends

{
    public static class JwtMiddlewareOptionsHelper
    {
        public static JwtMiddlewareOptions GetJwtMiddlewareOptions()
        {
            var list = new List<JwtRole>();
            var ADGroupPrefix = WebApiConfig.IsLive ? "" : "__Test";

            //Admin Role
            list.Add(new JwtRole(JwtGlobals.ROLE_ADMIN, "GG_WebApp" + ADGroupPrefix + "_StaffDB_Admin"));

            //TODO: get roles from db
            //Core RoleList
            list.Add(new JwtRole(JwtGlobals.ROLE_USER, "GG_WebApp" + ADGroupPrefix + "_StaffDB_User")); //(RO) nur eigene
            list.Add(new JwtRole(JwtGlobals.ROLE_MASTER, "GG_WebApp" + ADGroupPrefix + "_StaffDB_Master")); //RW ALLE Abteilungen
            list.Add(new JwtRole(JwtGlobals.ROLE_DEPARTMENTUSER, "GG_WebApp" + ADGroupPrefix + "_StaffDB_DepartmentUser")); //(RW) auch andere aus eigener Abteilung
            list.Add(new JwtRole(JwtGlobals.ROLE_DEPARTMENTMASTER, "GG_WebApp" + ADGroupPrefix + "_StaffDB_DepartmentMaster")); //(RW) auch andere aus eigener Abteilung
            list.Add(new JwtRole(JwtGlobals.ROLE_DD_ADMIN, JwtGlobals.ROLE_DD_ADMIN)); //(RW) auch andere aus eigener Abteilung
            list.Add(new JwtRole(JwtGlobals.ROLE_DD_USER, JwtGlobals.ROLE_DD_USER));

            JwtMiddlewareOptions options = new JwtMiddlewareOptions()
            {
                Secret = "12345678901234567809_MY_VERY_LONG_SECRET",
                JwtRoleList = list,
                ExpirationInMin = 60 * 24 * 30 * 1, //1 Month
                AktivateAuthorizationFilter = true,
                AuthorizationFilterWhitelistPath = new List<string>() { "api/WebAppUser/LoginWithNameAndPassword", "api/Info" },
                AuthorizationFilterBlacklistPath = new List<string>() { "api/WebAppUser/all" }
            };
            return options;
        }
    }
}