package com.hpay.hpay_mobile_api.security;

//import com.example.securitydemo.service.UserService;
//import com.example.securitydemo.security.JwtRequestFilter;
import com.hpay.hpay_mobile_api.services.AuthService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;



@Configuration
@EnableWebSecurity
public class SecurityConfig  {

    private final AuthService authService;
    private final JwtRequestFilter jwtRequestFilter;
    private final JwtTokenUtil jwtTokenUtil= new JwtTokenUtil();

    public SecurityConfig(AuthService authService, JwtRequestFilter jwtRequestFilter) {
        this.authService = authService;
        this.jwtRequestFilter = jwtRequestFilter;
    }


    // Configure SecurityFilterChain pour les règles de sécurité HTTP
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http
                .csrf(customizer -> customizer.disable())
                .authorizeHttpRequests()
                .requestMatchers(
                        "/api/auth/**",
                        "/api/pays/**",
                        "/api/notification/**",
                        "/api/ville/**",
                        "/api/client/**",
                        "/api/parrainages/**",
                        "/api/messages/**",
                        "/api/images/**",
                        "/api/kyc/**",
                        "/api/compte/**",
                        "/api/benef/**",
                        "/api/virement/**",
                        "/api/depot-retrait/**",
                        "/api/sochitel/**",
                        "/swagger-ui.html",
                        "/swagger-ui/**",
                        "/v3/api-docs/**",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/actuator/**"

                ).permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilterBefore(new JwtRequestFilter(jwtTokenUtil,authService),UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(); // BCrypt password encoder
    }

}