-- SPDX-FileCopyrightText: 2024 Sarah Vaupel <sarah.vaupel@uniworx.de>
--
-- SPDX-License-Identifier: AGPL-3.0-or-later

-- TODO: AuthSourceAzure and AuthSourceLdap to be removed, just use config settings!

-- | AzureADv2 (Microsoft Graph) user authentication sources, parsed from application settings
-- | Note: No host specification is needed since Azure authentication is always requested at https://graph.microsoft.com/ (Microsoft Graph API)
AuthSourceAzure
  clientId       UUID         -- ^ Azure Client ID of this application
  clientSecret   Text         -- ^ Azure Client Secret of this application
  tenantId       UUID         -- ^ Azure Tenant ID of the Azure source
  scopes         AzureScopes  -- ^ Azure Scopes this application (client) is authorized for
  UniqueAuthSourceAzure clientId -- TODO rethink!
  Primary clientId -- TODO rethink!
  deriving Show Eq Ord Generic

-- | LDAP user authentication sources, parsed from application settings
AuthSourceLdap
  host           Text         -- ^ LDAP host destination to connect to
                              -- TODO: switch to url type
  port           Word16       -- ^ Port of the LDAP service to connect to
                              -- TODO: Maybe merge with host and make primary key?
  tls            Bool         -- ^ Whether to connect to the host via TLS
  user           LdapDn       -- ^ User used for queries
  pass           LdapPass     -- ^ Password used for queries
  base           LdapDn       -- ^ TODO documentation needed
  scope          LdapScope    -- ^ TODO documentation needed
  timeout        NominalDiffTime  -- ^ Query timeout
  searchTimeout  Int32            -- ^ Search query timeout -- TODO: why not NominalDiffTime??
  UniqueAuthSourceLdap host port -- TODO rethink!
  deriving Show Eq Ord Generic


-- TODO: define AuthenticationSource with json instances to store unique source identifiers per protocol
-- | User authentication data fetched from external user sources
ExternalAuth
    user      UserId
    source    AuthenticationSourceIdent    -- Identifier of the external source in the config
    data      Value "default='{}'::jsonb"  -- Raw user data from external source
    lastSync  UTCTime                      -- When was the corresponding User entry last synced with this external source? -- TODO rethink
    UniqueExternalAuth user source        -- At most one entry of this user per source
    deriving Show Eq Ord Generic