import type { Policy } from 'https://gitlab.com/soapbox-pub/strfry-policies/-/raw/develop/mod.ts';
import { Client } from 'npm:ldapts';
import { load } from "https://deno.land/std@0.224.0/dotenv/mod.ts";

const env      = await load({ export: true });
const url      = Deno.env.get("LDAP_URL");
const bindDN   = Deno.env.get("LDAP_BIND_DN");
const password = Deno.env.get("LDAP_PASSWORD");
const searchDN = Deno.env.get("LDAP_SEARCH_DN");

const ldapPolicy: Policy<void> = async (msg) => {
  const client = new Client({ url });
  const { pubkey, kind, tags } = msg.event;
  let out = { id: msg.event.id }

  try {
    await client.bind(bindDN, password);

    const { searchEntries } = await client.search(searchDN, {
      filter: `(nostrKey=${pubkey})`,
      attributes: ['nostrKey']
    });

    const memberKey = searchEntries[0]?.nostrKey;

    const accepted = (memberKey === pubkey);
    // TODO  if kind is 9735, check that "description" tag contains valid 9734 event,
    // signed by memberKey and with "p" tag being the same as pubkey (receipt sender)

    if (accepted) {
      out['action'] = 'accept';
      out['msg'] = '';
    } else {
      out['action'] = 'reject';
      out['msg'] = 'Only members can publish notes on this relay';
    }
  } catch (ex) {
    out['action'] = 'reject';
    out['msg'] = 'Auth service temporarily unavailable';
  } finally {
    await client.unbind();
    return out;
  }
};

export default ldapPolicy;