package grpcserver

import (
	mcdslgrpc "git.wntrmute.dev/mc/mcdsl/grpcserver"
)

// methodMap builds the mcdsl grpcserver.MethodMap for MCNS.
//
// Adding a new RPC without adding it to the correct map is a security
// defect — the mcdsl auth interceptor denies unmapped methods by default.
func methodMap() mcdslgrpc.MethodMap {
	return mcdslgrpc.MethodMap{
		Public:        publicMethods(),
		AuthRequired:  authRequiredMethods(),
		AdminRequired: adminRequiredMethods(),
	}
}

func publicMethods() map[string]bool {
	return map[string]bool{
		"/mcns.v1.AdminService/Health": true,
		"/mcns.v1.AuthService/Login":   true,
	}
}

func authRequiredMethods() map[string]bool {
	return map[string]bool{
		"/mcns.v1.AuthService/Logout":      true,
		"/mcns.v1.ZoneService/ListZones":   true,
		"/mcns.v1.ZoneService/GetZone":     true,
		"/mcns.v1.RecordService/ListRecords": true,
		"/mcns.v1.RecordService/GetRecord":   true,
	}
}

func adminRequiredMethods() map[string]bool {
	return map[string]bool{
		"/mcns.v1.ZoneService/CreateZone": true,
		"/mcns.v1.ZoneService/UpdateZone": true,
		"/mcns.v1.ZoneService/DeleteZone": true,
		"/mcns.v1.RecordService/CreateRecord": true,
		"/mcns.v1.RecordService/UpdateRecord": true,
		"/mcns.v1.RecordService/DeleteRecord": true,
	}
}