"""
/service endpoints.
"""

from fastapi import APIRouter, Depends, HTTPException, status

from ..db import User
from ..easyrsa import CertificateType, EasyRSA
from ._common import Responses, get_current_user

router = APIRouter(prefix="/service", tags=["service"])


@router.put(
    "/pki/init",
    responses={
        status.HTTP_200_OK: Responses.OK,
        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
    },
)
async def init_pki(
    current_user: User = Depends(get_current_user),
) -> None:

    if not current_user.is_admin:
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)

    easy_rsa = EasyRSA()

    easy_rsa.init_pki()
    easy_rsa.build_ca()
    easy_rsa.issue(CertificateType.server)