package zitadel

import (
	"time"

	"github.com/gofiber/fiber/v3"
)

// MiddlewareFactoryConfig configures a JWT middleware created from env-backed settings.
type MiddlewareFactoryConfig struct {
	BaseURL      string
	Issuer       string
	Audience     string
	ClientID     string
	ClientSecret string

	RequiredClaims []string
	AdminEndpoints []string
	SkipPaths      []string
	Timeout        time.Duration
}

// BuildJWTMiddleware builds a JWT middleware or returns nil when auth is disabled.
func BuildJWTMiddleware(cfg MiddlewareFactoryConfig) fiber.Handler {
	if cfg.BaseURL == "" {
		return nil
	}

	timeout := cfg.Timeout
	if timeout <= 0 {
		timeout = 10 * time.Second
	}

	client := NewClient(Config{
		BaseURL:      cfg.BaseURL,
		ClientID:     cfg.ClientID,
		ClientSecret: cfg.ClientSecret,
		Issuer:       cfg.Issuer,
		Audience:     cfg.Audience,
		Timeout:      timeout,
	})

	return JWTMiddleware(JWTMiddlewareConfig{
		Client:         client,
		Issuer:         cfg.Issuer,
		Audience:       cfg.Audience,
		RequiredClaims: cfg.RequiredClaims,
		AdminEndpoints: cfg.AdminEndpoints,
		SkipPaths:      cfg.SkipPaths,
	})
}