using DigitalData.Core.API;
using DigitalData.Core.Application;
using DigitalData.UserManager.Application;
using DigitalData.UserManager.Infrastructure.Repositories;
using EnvelopeGenerator.Application;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.EntityFrameworkCore;

var builder = WebApplication.CreateBuilder(args);

var config = builder.Configuration;

builder.Services.AddControllers();

//CORS Policy
var allowedOrigins = config.GetSection("AllowedOrigins").Get<string[]>() ??
    throw new InvalidOperationException("AllowedOrigins section is missing in the configuration.");
builder.Services.AddCors(options =>
    {
        options.AddPolicy("AllowSpecificOriginsPolicy", builder =>
        {
            builder.WithOrigins(allowedOrigins)
                   .SetIsOriginAllowedToAllowWildcardSubdomains()
                   .AllowAnyMethod()
                   .AllowAnyHeader()
                   .AllowCredentials();
        });
    });

// Swagger
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

// DbContext
var connStr = config.GetConnectionString("Default") ?? throw new InvalidOperationException("There is no default connection string in appsettings.json.");
builder.Services.AddDbContext<EGDbContext>(options => options.UseSqlServer(connStr));

// Authentication
builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
    options.Cookie.HttpOnly = true;  // Makes the cookie inaccessible to client-side scripts for security
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
    options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
    options.LoginPath = "/api/auth/login";
    options.LogoutPath = "/api/auth/logout";
    options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
    options.SlidingExpiration = true;
});

// User manager
builder.Services.AddUserManager<EGDbContext>();

// LDAP
builder.ConfigureBySection<DirectorySearchOptions>();
builder.Services.AddDirectorySearchService();

// Localizer
builder.Services.AddCookieBasedLocalizer() ;

// Envelope generator serives
builder.Services.AddEnvelopeGenerator();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
	app.UseSwagger();
	app.UseSwaggerUI();
}

// Set CORS policy
app.UseCors("AllowSpecificOriginsPolicy");

// Localizer
app.UseCookieBasedLocalizer("de-DE", "en-US");

app.UseHttpsRedirection();

app.UseDefaultFiles();
app.UseStaticFiles();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();