package app

import (
	"code.tnxs.net/vernonkeenan/lib/api/auth/auth_client/user"
	"code.tnxs.net/vernonkeenan/lib/api/auth/auth_models"
	httptransport "github.com/go-openapi/runtime/client"
)

// CheckAPIUser authenticates a User with the auth service
//
// When called, ChechAPIUser assumes there is an "auth" service account in the
// app configuration file.
//
func CheckAPIUser(token *string) (*User, error) {
	sugar.Debug("app.CheckAPIUser: 📥")
	if authUser == nil {
		authUser = &User{
			APIKey: GetServiceAccount("auth").APIKey,
			Auth: httptransport.APIKeyAuth(
				"X-API-Key",
				"header",
				GetServiceAccount("auth").APIKey,
			),
		}
	}
	params := user.NewGetUsersParams()
	params.Apikey = token
	response, err := authClient.User.GetUsers(params, authUser.Auth)
	if err != nil {
		sugar.Warnf("app.CheckAPIUser: ❗ Access attempt with invalid API key: %s", *token)
		return nil, err
	}
	var obj *auth_models.User
	for _, itm := range response.Payload.Data { // single iteration execution
		obj = itm
	}
	sugar.Debugf("app.CheckAPIUser: 📤 👍 ID = %s, Name = %s", obj.ID, obj.Name)
	return MarshalAuthUserToSwagger(obj), nil
}