package grpcserver

import (
	"crypto/tls"
	"database/sql"
	"fmt"
	"log/slog"
	"net"

	pb "git.wntrmute.dev/kyle/eng-pad-server/gen/engpad/v1"
	"google.golang.org/grpc"
	"google.golang.org/grpc/credentials"
)

type Config struct {
	Addr    string
	TLSCert string
	TLSKey  string
	DB      *sql.DB
	BaseURL string
}

// Start creates and starts the gRPC server. It returns the server so the
// caller can manage graceful shutdown. The server runs in a background
// goroutine; errors are sent to errCh.
func Start(cfg Config) (*grpc.Server, error) {
	cert, err := tls.LoadX509KeyPair(cfg.TLSCert, cfg.TLSKey)
	if err != nil {
		return nil, fmt.Errorf("load TLS cert: %w", err)
	}

	tlsConfig := &tls.Config{
		Certificates: []tls.Certificate{cert},
		MinVersion:   tls.VersionTLS13,
	}

	lis, err := net.Listen("tcp", cfg.Addr)
	if err != nil {
		return nil, fmt.Errorf("listen %s: %w", cfg.Addr, err)
	}

	srv := grpc.NewServer(
		grpc.Creds(credentials.NewTLS(tlsConfig)),
		grpc.UnaryInterceptor(AuthInterceptor(cfg.DB)),
	)

	syncSvc := &SyncService{DB: cfg.DB, BaseURL: cfg.BaseURL}
	pb.RegisterEngPadSyncServer(srv, syncSvc)

	slog.Info("gRPC server started", "addr", cfg.Addr)
	go func() { _ = srv.Serve(lis) }()

	return srv, nil
}