package cluster

import (
	"crypto/tls"
	"net/http"
	"time"

	"kvs/types"
)

// NewAuthenticatedHTTPClient creates an HTTP client configured for cluster authentication
func NewAuthenticatedHTTPClient(config *types.Config, timeout time.Duration) *http.Client {
	client := &http.Client{
		Timeout: timeout,
	}

	// Configure TLS if enabled
	if config.ClusterTLSEnabled {
		tlsConfig := &tls.Config{
			InsecureSkipVerify: config.ClusterTLSSkipVerify,
		}

		client.Transport = &http.Transport{
			TLSClientConfig: tlsConfig,
		}
	}

	return client
}

// AddClusterAuthHeaders adds authentication headers to an HTTP request
func AddClusterAuthHeaders(req *http.Request, config *types.Config) {
	req.Header.Set("X-Cluster-Secret", config.ClusterSecret)
	req.Header.Set("X-Node-ID", config.NodeID)
}

// GetProtocol returns the appropriate protocol (http or https) based on TLS configuration
func GetProtocol(config *types.Config) string {
	if config.ClusterTLSEnabled {
		return "https"
	}
	return "http"
}