/*
 * Copyright @ 2013 CurisTEC, S.A.S. All Rights Reserved.
 */
package net.curisit.securis;

import jakarta.persistence.EntityManager;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.ForbiddenException;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.ext.ExceptionMapper;
import jakarta.ws.rs.ext.Provider;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import net.curisit.securis.services.exception.SeCurisServiceException;
import net.curisit.securis.services.exception.SeCurisServiceException.ErrorCodes;

/**
* DefaultExceptionHandler
* <p>
* JAX-RS {@link ExceptionMapper} that normalizes error responses across the API.
* It also makes a best-effort to rollback and close a request-scoped {@link EntityManager}
* if still open.
*
* <p>Response strategy:
* <ul>
* <li>{@link ForbiddenException} → 401 UNAUTHORIZED with app-specific error headers.</li>
* <li>{@link SeCurisServiceException} → 418 (custom) with app error headers.</li>
* <li>Other exceptions → 500 with generic message and request context logging.</li>
* </ul>
*
* Headers:
* <ul>
* <li>{@code X-SECURIS-ERROR-MSG}</li>
* <li>{@code X-SECURIS-ERROR-CODE}</li>
* </ul>
*
* @author JRA
* Last reviewed by JRA on Oct 6, 2025.
*/
@Provider
public class DefaultExceptionHandler implements ExceptionMapper<Exception> {
	
	private static final Logger LOG = LogManager.getLogger(DefaultExceptionHandler.class);
	
	/** Default status code used for application-defined errors. */
	public static final int DEFAULT_APP_ERROR_STATUS_CODE = 418;
	
	/** Header name carrying a human-readable error message. */
	public static final String ERROR_MESSAGE_HEADER = "X-SECURIS-ERROR-MSG";
	
	/** Header name carrying a symbolic application error code. */
	public static final String ERROR_CODE_MESSAGE_HEADER = "X-SECURIS-ERROR-CODE";

	/** Default constructor (logs instantiation). */
	public DefaultExceptionHandler() {
		LOG.info("Creating DefaultExceptionHandler ");
	}

	// Context objects injected by the runtime
	@Context
	HttpServletRequest request;
	@Context
	SecurityContext bsc;

	/**
	* toResponse
	* <p>
	* Map a thrown exception to an HTTP {@link Response}, releasing the {@link EntityManager}
	* if present.
	*/
	@Override
	public Response toResponse(Exception e) {
		releaseEntityManager();
		if (e instanceof ForbiddenException) {
			LOG.warn("ForbiddenException: {}", e.toString());
			return Response.status(Status.UNAUTHORIZED)
					.header(ERROR_CODE_MESSAGE_HEADER, ErrorCodes.INVALID_CREDENTIALS)
					.header(ERROR_MESSAGE_HEADER, "Unathorized access to the application")
					.type(MediaType.APPLICATION_JSON)
					.build();
		}

		if (e instanceof SeCurisServiceException) {
			LOG.warn("SeCurisServiceException: {}", e.toString());
			return Response.status(DEFAULT_APP_ERROR_STATUS_CODE)
					.header(ERROR_CODE_MESSAGE_HEADER, ((SeCurisServiceException) e).getStatus())
					.header(ERROR_MESSAGE_HEADER, e.getMessage())
					.type(MediaType.APPLICATION_JSON)
					.build();
		}

	    String path = request != null ? request.getPathInfo() : null;
	    Object user = (bsc != null && bsc.getUserPrincipal() != null) ? bsc.getUserPrincipal() : null;
	    String host = request != null ? request.getRemoteHost() : null;
	    String ua = request != null ? request.getHeader("User-Agent") : null;
	    String url = request != null ? String.valueOf(request.getRequestURL()) : null;

	    LOG.error("Unexpected error accessing to '{}' by user: {}", path, user);
	    LOG.error("Request sent from {}, with User-Agent: {}", host, ua);
	    LOG.error("Request url: {}", url, e);

	    /**
		LOG.error("Unexpected error accesing to '{}' by user: {}", request.getPathInfo(), bsc.getUserPrincipal());
		LOG.error("Request sent from {}, with User-Agent: {}", request.getRemoteHost(), request.getHeader("User-Agent"));
		LOG.error("Request url: " + request.getRequestURL(), e);
		*/
		
		return Response.serverError()
				.header(ERROR_MESSAGE_HEADER, "Unexpected error: " + e.toString())
				.type(MediaType.APPLICATION_JSON)
				.build();
	}

	/**
	* releaseEntityManager
	* <p>
	* Best-effort cleanup: rollback active transaction (if joined) and close the {@link EntityManager}.
	*/
	private void releaseEntityManager() {
		
		/**
		try {
			if (em != null && em.isOpen()) {
				LOG.debug("CLOSING EM: {}, trans: {}", em, em.isJoinedToTransaction());
				if (em.isJoinedToTransaction()) {
					em.getTransaction().rollback();
					LOG.info("ROLLBACK");
				}
				em.close();
			}
		} catch (Exception ex) {
			ex.printStackTrace();
			LOG.error("Error closing EM: {}, {}", em, ex);
		}
		*/
	}
}