using WorkFlow.Application;
using DigitalData.UserManager.Application;
using Microsoft.EntityFrameworkCore;
using WorkFlow.Infrastructure;
using Microsoft.AspNetCore.Authentication.Cookies;
using DigitalData.Core.API;
using DigitalData.Core.Application;
using DigitalData.UserManager.Application.DTOs.User;
using Microsoft.IdentityModel.Tokens;
using WorkFlow.API.Models;
using NLog;
using NLog.Web;
using WorkFlow.API.Extensions;
using Microsoft.Extensions.Configuration;

var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
logger.Info("Logging initialized.");

try
{
    var builder = WebApplication.CreateBuilder(args);
    var config = builder.Configuration;

    // Add NLogger
    builder.Logging.ClearProviders();
    builder.Host.UseNLog();

    // Add services to the container.
    var cnn_str = config.GetConnectionString("Default") ?? throw new("Default connection string not found.");
    builder.Services.AddDbContext<WFDBContext>(options => options.UseSqlServer(cnn_str).EnableDetailedErrors());
    builder.Services.AddWorkFlow().AddUserManager<WFDBContext>();
    builder.Services.AddCookieBasedLocalizer();
    builder.ConfigureBySection<DirectorySearchOptions>();
    builder.Services.AddDirectorySearchService();
    builder.Services.AddJWTService<UserReadDto>(user => new SecurityTokenDescriptor()
    {
        Claims = user.ToClaimList().ToDictionary(claim => claim.Type, claim => claim.Value as object)
    });
    
    if (config.GetSection("APIKeyAuth").Get<APIKeyAuthOptions>() is APIKeyAuthOptions options)
        builder.Services.AddAPIKeyAuth(options);

    builder.Services.AddControllers();

    builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.Cookie.HttpOnly = true;  // Makes the cookie inaccessible to client-side scripts for security
            options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
            options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
            options.LoginPath = "/api/auth/login";
            options.LogoutPath = "/api/auth/logout";
            options.ExpireTimeSpan = TimeSpan.FromMinutes(60); // timeout.
            options.SlidingExpiration = true; //refreshes the expiration time on each request.
            options.Cookie.Name = "AuthSession";
        });

    builder.Services.AddEndpointsApiExplorer();
    builder.Services.AddSwaggerGen();

    var app = builder.Build();

    // Configure the HTTP request pipeline.
    if (app.IsDevOrDiP() && app.Configuration.GetValue<bool>("EnableSwagger"))
    {
        app.UseSwagger();
        app.UseSwaggerUI();
    }

    app.UseHttpsRedirection();

    app.UseAuthentication();

    app.UseAuthorization();

    app.UseCookieBasedLocalizer("de-DE");

    app.MapControllers();

    app.Run();
}
catch (Exception ex)
{
    logger.Error(ex, "Stopped program because of exception.");
    throw;
}