package auth

import (
	"context"

	"github.com/distribution/distribution/v3/registry/auth"
)

type accessController struct{}

var _ auth.AccessController = &accessController{}

// Authorized returns a non-nil error if the context is granted access and
// returns a new authorized context. If one or more Access structs are
// provided, the requested access will be compared with what is available
// to the context. The given context will contain a "http.request" key with
// a `*http.Request` value. If the error is non-nil, access should always
// be denied. The error may be of type Challenge, in which case the caller
// may have the Challenge handle the request or choose what action to take
// based on the Challenge header or response status. The returned context
// object should have a "auth.user" value set to a UserInfo struct.
func (a *accessController) Authorized(ctx context.Context, access ...auth.Access) (context.Context, error) {
	return context.WithValue(ctx, "auth.user", &auth.UserInfo{Name: "leet hax0r"}), nil
}

func newAccessController(options map[string]interface{}) (*accessController, error) {
	return &accessController{}, nil
}

func init() {
	f := func(options map[string]interface{}) (auth.AccessController, error) {
		return newAccessController(options)
	}
	auth.Register("absent", auth.InitFunc(f))
}