# -*- coding: utf-8 -*-
"""
Adtlas Security Middleware

Custom middleware for adding security headers that are not natively supported
by Django's SecurityMiddleware.

Author: Adtlas Development Team
Version: 1.0.0
Last Updated: 2025-01-27
"""

from django.conf import settings
from django.utils.deprecation import MiddlewareMixin


class SecurityHeadersMiddleware(MiddlewareMixin):
    """
    Middleware to add additional security headers to HTTP responses.
    
    This middleware adds security headers that are not covered by Django's
    built-in SecurityMiddleware, including:
    - Cross-Origin-Opener-Policy (COOP)
    - Cross-Origin-Embedder-Policy (COEP)
    - Additional security headers as needed
    """
    
    def process_response(self, request, response):
        """
        Add security headers to the response.
        
        Args:
            request: The HTTP request object
            response: The HTTP response object
            
        Returns:
            The modified response object with additional security headers
        """
        
        # Cross-Origin-Opener-Policy header
        coop_policy = getattr(settings, 'SECURE_CROSS_ORIGIN_OPENER_POLICY', 'same-origin')
        if coop_policy:
            response['Cross-Origin-Opener-Policy'] = coop_policy
        
        # Cross-Origin-Embedder-Policy header
        coep_policy = getattr(settings, 'SECURE_CROSS_ORIGIN_EMBEDDER_POLICY', 'require-corp')
        if coep_policy:
            response['Cross-Origin-Embedder-Policy'] = coep_policy
        
        # Additional Referrer Policy (if not already set by SecurityMiddleware)
        referrer_policy = getattr(settings, 'SECURE_REFERRER_POLICY', None)
        if referrer_policy and 'Referrer-Policy' not in response:
            response['Referrer-Policy'] = referrer_policy
        
        # Permissions Policy (formerly Feature Policy)
        permissions_policy = getattr(settings, 'SECURE_PERMISSIONS_POLICY', None)
        if permissions_policy:
            response['Permissions-Policy'] = permissions_policy
        
        return response


class TrustedOriginMiddleware(MiddlewareMixin):
    """
    Middleware to handle trusted origins for Cross-Origin requests.
    
    This middleware helps ensure that Cross-Origin-Opener-Policy and other
    security headers work correctly with the application's trusted origins.
    """
    
    def process_request(self, request):
        """
        Process the incoming request to handle trusted origins.
        
        Args:
            request: The HTTP request object
            
        Returns:
            None (allows request to continue processing)
        """
        
        # Get the origin from the request
        origin = request.META.get('HTTP_ORIGIN')
        
        if origin:
            # Check if the origin is in our trusted origins
            trusted_origins = getattr(settings, 'CSRF_TRUSTED_ORIGINS', [])
            
            # Add origin information to request for later use
            request.is_trusted_origin = origin in trusted_origins
            request.request_origin = origin
        else:
            request.is_trusted_origin = True  # Same-origin requests
            request.request_origin = None
        
        return None
    
    def process_response(self, request, response):
        """
        Process the response to add origin-specific headers if needed.
        
        Args:
            request: The HTTP request object
            response: The HTTP response object
            
        Returns:
            The response object
        """
        
        # Add debug information in development
        if getattr(settings, 'DEBUG', False):
            if hasattr(request, 'is_trusted_origin'):
                response['X-Debug-Trusted-Origin'] = str(request.is_trusted_origin)
            if hasattr(request, 'request_origin'):
                response['X-Debug-Request-Origin'] = str(request.request_origin or 'same-origin')
        
        return response