using System.Security.Claims;
using Microsoft.AspNetCore.Http;

namespace SpaceGame.Api.Auth.Simulation;

public sealed class HttpContextPlayerIdentityResolver(IHttpContextAccessor httpContextAccessor) : IPlayerIdentityResolver
{
    public Guid? GetCurrentPlayerId()
    {
        var subject = httpContextAccessor.HttpContext?.User.FindFirstValue(ClaimTypes.NameIdentifier)
          ?? httpContextAccessor.HttpContext?.User.FindFirstValue("sub");
        return Guid.TryParse(subject, out var playerId) ? playerId : null;
    }

    public Guid GetRequiredPlayerId() =>
      GetCurrentPlayerId() ?? throw new InvalidOperationException("Authenticated player identity is required.");

    public bool CanAccessGm()
    {
        var user = httpContextAccessor.HttpContext?.User;
        return user?.IsInRole("gm") == true || user?.IsInRole("admin") == true;
    }
}