const axios = require('axios');

async function authenticateWithLDAP(username, password) {
    try {
        const response = await axios.post(process.env.LDAP_AUTH_URL, {
            username,
            password
        }, {
            headers: { 'Content-Type': 'application/json' },
            timeout: 5000
        });
        
        if (response.data && response.data.success === true) {
            return {
                success: true,
                username: response.data.username,
                full_name: response.data.full_name,
                groups: response.data.groups || [],
                description: response.data.description || ''
            };
        } else {
            return { success: false, message: 'Неверные учетные данные' };
        }
    } catch (error) {
        console.error('LDAP auth error:', error.message);
        return { success: false, message: 'Ошибка соединения с сервером авторизации' };
    }
}

function checkUserAccess(groups) {
    const allowedGroups = process.env.ALLOWED_GROUPS ? process.env.ALLOWED_GROUPS.split(',') : [];
    const tasksGroups = process.env.TASKS_GROUPS ? process.env.TASKS_GROUPS.split(',') : [];
    
    const isAdmin = groups.some(group => allowedGroups.includes(group));
    const isAllowed = groups.some(group => tasksGroups.includes(group));
    
    if (isAdmin) {
        return { allowed: true, role: 'admin' };
    } else if (isAllowed) {
        return { allowed: true, role: 'user' };
    } else {
        return { allowed: false, role: null, message: 'Доступ запрещён. Обратитесь к администрации.' };
    }
}

module.exports = {
    authenticateWithLDAP,
    checkUserAccess
};