import "server-only"

import type { Role } from "@cms/content/rbac"
import { cookies, headers } from "next/headers"

import { auth, resolveRoleFromAuthSession } from "@/lib/auth/server"
import { resolveDefaultRole, resolveRoleFromRawValue } from "./access"

export async function resolveRoleFromServerContext(): Promise<Role | null> {
  const roleFromAuthSession = await resolveRoleFromAuthSessionInServerContext()

  if (roleFromAuthSession) {
    return roleFromAuthSession
  }

  const cookieStore = await cookies()
  const headerStore = await headers()

  const roleFromCookie = cookieStore.get("cms_role")?.value
  const roleFromHeader = headerStore.get("x-cms-role")

  const resolved = resolveRoleFromRawValue(roleFromCookie ?? roleFromHeader)

  if (resolved) {
    return resolved
  }

  return resolveDefaultRole()
}

async function resolveRoleFromAuthSessionInServerContext(): Promise<Role | null> {
  try {
    const headerStore = await headers()
    const session = await auth.api.getSession({
      headers: headerStore,
    })

    return resolveRoleFromAuthSession(session)
  } catch {
    return null
  }
}