import camelCase from 'camelcase';
import { Construct } from 'constructs';
import kebabCase from 'lodash.kebabcase';
import { APP_NAME, COMPANY_NAME } from '../../../src/constants';
import {
  DataAwsIamPolicyDocument,
  IamPolicy,
  IamUser,
  IamUserPolicyAttachment,
} from '../generated/providers/aws/iam';
import { S3Bucket } from '../generated/providers/aws/s3';

export type BucketProps = {};

export default class Bucket extends Construct {
  readonly readPolicy: IamPolicy;
  readonly bucketName: string;

  constructor(scope: Construct, id: string) {
    super(scope, id);
    const bucketName = kebabCase(
      `${COMPANY_NAME}-${APP_NAME}-${id}-${process.env.NODE_ENV}`
    );

    const s3UploadBucket = new S3Bucket(this, 'bucket', {
      bucket: bucketName,
      acl: 'private',
      versioning: {
        enabled: true,
      },
      // @TODO: enable logging
    });

    const readUploadBucketPolicyDocument = new DataAwsIamPolicyDocument(
      this,
      'policy_doc',
      {
        statement: [
          {
            actions: [
              's3:GetBucket*',
              's3:GetObject*',
              's3:PutObject*',
              's3:ListBucket*',
              's3:ListMultipart*',
              's3:DeleteObject*',
              's3:CreateJob',
              's3:AbortMultipartUpload',
              's3:UpdateJobPriority',
              's3:CreateBucket',
              's3:DescribeJob',
              's3:RestoreObject',
            ],
            resources: [`${s3UploadBucket.arn}/*`],
          },
        ],
      }
    );

    this.readPolicy = new IamPolicy(this, 'policy', {
      namePrefix: camelCase(`read-${bucketName}`, { pascalCase: true }),
      policy: readUploadBucketPolicyDocument.json,
    });
    this.bucketName = bucketName;
  }

  /**
   * assigns basic permissions
   */
  allowUserToReadOrAddObjects({ user }: { user: IamUser }) {
    new IamUserPolicyAttachment(this, 'policy_attach', {
      policyArn: this.readPolicy.arn,
      user: user.name,
    });
  }
}