@using System.Security.Claims
@inject NavigationManager Navigation

<AuthorizeView>
    <Authorized Context="authState">
        <div class="user-access-bar">
            <div class="user-access-copy">
                <span class="micro-label">Compte Keycloak</span>
                <strong>@BuildDisplayName(authState.User)</strong>
                <span class="user-access-meta">@BuildMeta(authState.User)</span>
            </div>
            <div class="user-access-actions">
                <a class="button ghost small" href="@LogoutHref">Se deconnecter</a>
            </div>
        </div>
    </Authorized>
    <Authorizing>
        <div class="user-access-bar">
            <div class="user-access-copy">
                <span class="micro-label">Compte Keycloak</span>
                <strong>Connexion optionnelle</strong>
                <span class="user-access-meta">Le site reste accessible sans connexion. Vous pouvez vous connecter ou creer un compte si besoin.</span>
            </div>
            <div class="user-access-actions">
                <a class="button primary small" href="@LoginHref">Se connecter</a>
                <a class="button ghost small" href="@RegisterHref">Creer un compte</a>
            </div>
        </div>
    </Authorizing>
    <NotAuthorized>
        <div class="user-access-bar">
            <div class="user-access-copy">
                <span class="micro-label">Compte Keycloak</span>
                <strong>Connexion optionnelle</strong>
                <span class="user-access-meta">Le site reste accessible sans connexion. Chaque compte conserve son propre etat de match dans ce navigateur.</span>
            </div>
            <div class="user-access-actions">
                <a class="button primary small" href="@LoginHref">Se connecter</a>
                <a class="button ghost small" href="@RegisterHref">Creer un compte</a>
            </div>
        </div>
    </NotAuthorized>
</AuthorizeView>

@code {
    [Parameter]
    public string? ReturnUrl { get; set; }

    private string LoginHref => BuildAuthHref("login", EffectiveReturnUrl);
    private string RegisterHref => BuildAuthHref("register", EffectiveReturnUrl);
    private string LogoutHref => BuildAuthHref("logout", "/");

    private string EffectiveReturnUrl
    {
        get
        {
            if (!string.IsNullOrWhiteSpace(ReturnUrl))
            {
                return ReturnUrl!;
            }

            var relativePath = Navigation.ToBaseRelativePath(Navigation.Uri);
            if (string.IsNullOrWhiteSpace(relativePath))
            {
                return "/";
            }

            return relativePath.StartsWith("/", StringComparison.Ordinal)
                ? relativePath
                : $"/{relativePath}";
        }
    }

    private static string BuildAuthHref(string action, string returnUrl)
        => $"authentication/{action}?returnUrl={Uri.EscapeDataString(returnUrl)}";

    private static string BuildDisplayName(ClaimsPrincipal user)
        => user.Identity?.Name
            ?? user.FindFirst("name")?.Value
            ?? user.FindFirst("preferred_username")?.Value
            ?? "Utilisateur connecte";

    private static string BuildMeta(ClaimsPrincipal user)
    {
        var details = new List<string>();
        var email = user.FindFirst("email")?.Value;
        if (!string.IsNullOrWhiteSpace(email))
        {
            details.Add(email);
        }

        var roles = user.FindAll("role")
            .Select(claim => claim.Value)
            .Where(value => !string.IsNullOrWhiteSpace(value))
            .Distinct(StringComparer.OrdinalIgnoreCase)
            .OrderBy(value => value, StringComparer.OrdinalIgnoreCase)
            .ToArray();

        if (roles.Length > 0)
        {
            details.Add($"Roles : {string.Join(", ", roles)}");
        }

        return details.Count > 0
            ? string.Join(" | ", details)
            : "Session authentifiee via Keycloak.";
    }
}