import { Archon } from "../Archon.js";
import { Role } from "../types/policy.js";
import { RoleChangeRequest, User, UserId } from "../types/user.js";

/**
 * Used to request a role switch to a privileged role. Requires a user to authenticate the request.
 * @param user The user to request the role switch for.
 * @param newRole The new role to switch to.
 * @param callbackUrl The URL to redirect the user to after the request is processed.
 * @param reason An optional (but highly recommended) reason for the role switch request. 
 * Shows to the user when they authenticate the request.
 * @returns The session change request with an authentication URL for the user to visit.
 */
export default async function requestPrivilegedRoleSwitch(user: User | UserId, newRole: Role, callbackUrl: string, reason?: string): Promise<RoleChangeRequest> {
    const response = await Archon.request(`/users/roleSwitchRequest/${typeof user === "string" ? user : user.id}`, "POST", {
        roleName: newRole.name,
        requestUri: callbackUrl,
        reason: reason
    });

    if (response.status !== 200) {
        throw new Error(`Failed to request role switch: ${response.data}`);
    }

    return {
        ...response.data,
        authUrl: `${Archon.getPublicUrl()}/.archon/authenticate/switchRole?nonce=${response.data.nonce}`
    };
}