package com.infinite.focus.server.auth;

import java.util.Arrays;


import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.config.annotation.CorsRegistry;

/**
 * 
 * @author Saboor
 * 
 *
 */

@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
	
    private UserDetailsService userDetailsService;
    private BCryptPasswordEncoder bCryptPasswordEncoder;
    
    public WebSecurity(UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
        this.userDetailsService = userDetailsService;
        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    }
    
    
    //Set certain controllers to bypass security filter
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests()
        .antMatchers(HttpMethod.GET, SecurityConstants.COMPANY_SEARCH_URL).permitAll()
                .antMatchers(HttpMethod.POST, SecurityConstants.COMPANY_SIGN_UP_URL).permitAll()
                .antMatchers(HttpMethod.POST, SecurityConstants.USER_SIGN_UP_URL).permitAll()
                .antMatchers(HttpMethod.GET, SecurityConstants.CONFIRM_RESET_PASSWORD_URL ).permitAll()
                .antMatchers(HttpMethod.GET, SecurityConstants.RESET_PASSWORD_URL ).permitAll()
                .antMatchers(HttpMethod.GET, SecurityConstants.CONFIRM ).permitAll()
                .antMatchers(HttpMethod.GET, SecurityConstants.WEBHOOK_EVENT_URL ).permitAll()
                .antMatchers(HttpMethod.GET, "/api/account/verify/license" ).permitAll()
                .antMatchers(HttpMethod.GET, "/api/device/register" ).permitAll()
                .antMatchers(HttpMethod.POST, "/api/profile/create/profile" ).permitAll()
                .antMatchers(HttpMethod.GET, "/api/profile/get/group" ).permitAll()
                .antMatchers("/socket/**" ).permitAll()
                //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                //.antMatchers(HttpMethod.POST, SecurityConstants.LOGIN_URL).permitAll()
                //.anyRequest().authenticated()
                .and()
                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                .addFilter(new JWTAuthorizationFilter(authenticationManager()));
    }
    
    
    //Set our custom classes to handle spring security authentication
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        //.authenticationEventPublisher(new DefaultAuthenticationEventPublisher(applicationEventPublisher))
        .userDetailsService(userDetailsService)
        .passwordEncoder(bCryptPasswordEncoder)
       ;
    }
    
    
   
   
}