using Microsoft.AspNetCore.Authorization;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddStellaOpsResourceServerAuthentication(
    builder.Configuration,
    configure: options =>
    {
        options.RequiredScopes.Clear();
    });

builder.Services.AddAuthorization(options =>
{
    options.AddObservabilityResourcePolicies();
    options.DefaultPolicy = new AuthorizationPolicyBuilder()
        .RequireAuthenticatedUser()
        .AddRequirements(new StellaOpsScopeRequirement(new[] { StellaOpsScopes.TimelineRead }))
        .Build();
    options.FallbackPolicy = options.DefaultPolicy;
});

builder.Services.AddOpenApi();

var app = builder.Build();

if (app.Environment.IsDevelopment())
{
    app.MapOpenApi();
}

app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();

app.MapGet("/timeline/events", () => Results.Ok(Array.Empty<object>()))
    .RequireAuthorization(StellaOpsResourceServerPolicies.TimelineRead);

app.MapPost("/timeline/events", () => Results.Accepted("/timeline/events", new { status = "indexed" }))
    .RequireAuthorization(StellaOpsResourceServerPolicies.TimelineWrite);

app.Run();