package api

import (
	"errors"
	"net/http"

	"github.com/google/uuid"

	"github.com/alchemistkay/guestguard/internal/domain"
	"github.com/alchemistkay/guestguard/internal/storage"
)

// hostFromContext returns the authed user's id, or writes 401 and returns
// false. Used by host-facing handlers as the first line in the function.
func hostFromContext(w http.ResponseWriter, r *http.Request) (uuid.UUID, bool) {
	uid, ok := UserIDFromContext(r.Context())
	if !ok {
		writeError(w, http.StatusUnauthorized, "unauthenticated")
		return uuid.Nil, false
	}
	return uid, true
}

// requireEventOwner fetches the event and confirms the authed user owns it.
// On mismatch (or missing event) it returns 404 — never 403 — so a cross-
// tenant probe cannot tell the difference between "event doesn't exist" and
// "exists but belongs to someone else".
func requireEventOwner(
	w http.ResponseWriter,
	r *http.Request,
	events *storage.EventRepo,
	eventID, hostID uuid.UUID,
) (*domain.Event, bool) {
	ev, err := events.GetForHost(r.Context(), eventID, hostID)
	if err != nil {
		if errors.Is(err, domain.ErrEventNotFound) {
			writeError(w, http.StatusNotFound, "event not found")
			return nil, false
		}
		writeError(w, http.StatusInternalServerError, "failed to load event")
		return nil, false
	}
	return ev, true
}