import { getServerSession } from "next-auth";

type Permission =
  | "TEMP"
  | "authifier"
  | `accounts${
      | ""
      | `/fetch${"" | "/by-id"}`
      | "/disable"
      | "/restore"
      | `/deletion${"" | "/queue" | "/cancel"}`}`
  | `bots${
      | ""
      | `/fetch${"" | "/by-id" | "/by-user"}`
      | `/update${"" | "/discoverability"}`}`
  | `channels${"" | `/fetch${"" | "/by-id" | "/dm"}` | `/create${"" | "/dm"}`}`
  | `messages${"" | `/fetch${"" | "/by-id" | "/by-user"}`}`
  | `reports${
      | ""
      | `/fetch${
          | ""
          | "/by-id"
          | "/open"
          | `/related${"" | "/by-content" | "/by-user" | "/against-user"}`
          | `/snapshots${"" | "/by-report" | "/by-user"}`}`
      | `/update${
          | ""
          | "/notes"
          | "/resolve"
          | "/reject"
          | "/reopen"
          | `/bulk-close${"" | "/by-user"}`}`}`
  | `sessions${"" | `/fetch${"" | "/by-account-id"}`}`
  | `servers${
      | ""
      | `/fetch${"" | "/by-id"}`
      | `/update${"" | "/flags" | "/discoverability"}`}`
  | `users${
      | ""
      | `/fetch${
          | ""
          | "/by-id"
          | "/memberships"
          | "/strikes"
          | "/notices"
          | "/relations"}`
      | `/create${"" | "/alert" | "/strike"}`
      | `/update${"" | "/badges"}`
      | `/action${"" | "/unsuspend" | "/suspend" | "/wipe" | "/ban"}`}`;

const PermissionSets = {
  // View open reports
  "view-open-reports": [
    "users/fetch/by-id",
    "reports/fetch/open",
    "reports/fetch/by-id",
    "reports/fetch/related",
    "reports/fetch/snapshots/by-report",
  ] as Permission[],

  // Edit reports
  "edit-reports": [
    "reports/update/notes",
    "reports/update/resolve",
    "reports/update/reject",
    "reports/update/reopen",
  ] as Permission[],

  // Moderate users
  "moderate-users": [
    "users/fetch/by-id",
    "users/fetch/strikes",
    "users/fetch/notices",
    // "bots/fetch/by-user",
    // "messages/fetch/by-user",
    // "users/fetch/memberships",
    // "servers/fetch",
    "reports/fetch/related/by-user",
    "reports/fetch/related/against-user",
  ] as Permission[],
};

const Roles = {
  moderator: [
    ...PermissionSets["view-open-reports"],
    ...PermissionSets["edit-reports"],
    ...PermissionSets["moderate-users"],
  ],
};

const ACL: Record<string, Set<Permission>> = {
  "insert@revolt.chat": new Set([...Roles["moderator"]] as Permission[]),
};

function hasPermission(email: string, permission: Permission) {
  if (email === "insert@revolt.chat") return true;

  const segments = permission.split("/");
  while (segments.length) {
    if (ACL[email].has(segments.join("/") as Permission)) {
      return true;
    }

    segments.pop();
  }

  return false;
}

export async function hasPermissionFromSession(permission: Permission) {
  const session = await getServerSession();
  if (!session?.user?.email) throw "Not authenticated.";
  return hasPermission(session.user.email, permission);
}

export async function checkPermission(permission: Permission) {
  if (!(await hasPermissionFromSession(permission)))
    throw `Missing permission ${permission}`;
}