/**
 * Authentication Providers Configuration
 * Supports multiple auth strategies for SaaS and on-premise deployments
 */

const AuthProviders = {
  // Local JWT authentication (default)
  LOCAL: 'local',
  
  // SAML 2.0 for Active Directory/ADFS
  SAML: 'saml',
  
  // OAuth 2.0/OpenID Connect
  OAUTH: 'oauth',
  
  // LDAP for on-premise AD
  LDAP: 'ldap',
  
  // Custom SSO
  CUSTOM_SSO: 'custom_sso'
};

/**
 * Tenant-specific authentication configuration
 * Each tenant can have different auth providers
 */
class AuthConfig {
  constructor() {
    this.providers = new Map();
    this.defaultProvider = AuthProviders.LOCAL;
  }

  /**
   * Register authentication provider for a tenant
   * @param {string} tenantId - Tenant identifier
   * @param {object} config - Provider configuration
   */
  registerProvider(tenantId, config) {
    this.providers.set(tenantId, {
      type: config.type,
      enabled: config.enabled || true,
      config: config.settings,
      userMapping: config.userMapping || this.getDefaultUserMapping(),
      roleMapping: config.roleMapping || this.getDefaultRoleMapping(),
      createdAt: new Date()
    });
  }

  /**
   * Get authentication provider for tenant
   * @param {string} tenantId - Tenant identifier
   * @returns {object} Provider configuration
   */
  getProvider(tenantId) {
    return this.providers.get(tenantId) || {
      type: this.defaultProvider,
      enabled: true,
      config: {},
      userMapping: this.getDefaultUserMapping(),
      roleMapping: this.getDefaultRoleMapping()
    };
  }

  /**
   * Default user attribute mapping from external providers
   */
  getDefaultUserMapping() {
    return {
      username: ['preferred_username', 'samAccountName', 'username', 'sub'],
      email: ['email', 'mail', 'emailAddress'],
      firstName: ['given_name', 'givenName', 'firstName'],
      lastName: ['family_name', 'surname', 'lastName'],
      displayName: ['name', 'displayName', 'cn'],
      phoneNumber: ['phone_number', 'telephoneNumber', 'mobile']
    };
  }

  /**
   * Default role mapping from external providers to internal roles
   */
  getDefaultRoleMapping() {
    return {
      // Active Directory groups to internal roles
      'Domain Admins': 'admin',
      'UAV-Admins': 'admin',
      'UAV-Operators': 'operator',
      'UAV-Viewers': 'viewer',
      
      // OAuth/SAML role claims
      'admin': 'admin',
      'operator': 'operator',
      'viewer': 'viewer',
      
      // Default fallback
      'default': 'viewer'
    };
  }

  /**
   * Get all configured providers
   */
  getAllProviders() {
    return Array.from(this.providers.entries()).map(([tenantId, config]) => ({
      tenantId,
      ...config
    }));
  }
}

module.exports = {
  AuthProviders,
  AuthConfig
};