from fastapi import FastAPI, Request, Form
from fastapi.responses import PlainTextResponse

app = FastAPI()

USERS = {
    "admin": {"password": "secret", "tags": ["administrator", "management"]},
    "user1": {"password": "password123", "tags": ["management"]},
}

@app.post("/rabbit/auth/user")
async def auth_user(username: str = Form(...), password: str = Form(...)):
    user = USERS.get(username)
    if user and user["password"] == password:
        return PlainTextResponse("allow " + ", ".join(user["tags"]))
    return PlainTextResponse("deny", status_code=403)

@app.post("/rabbit/auth/vhost")
async def auth_vhost(username: str = Form(...), vhost: str = Form(...), ip: str = Form(...)):
    if username in USERS:
        return PlainTextResponse("allow")
    return PlainTextResponse("deny", status_code=403)

@app.post("/rabbit/auth/resource")
async def auth_resource(username: str = Form(...), vhost: str = Form(...), resource: str = Form(...), name: str = Form(...), permission: str = Form(...)):
    if username == "admin":
        return PlainTextResponse("allow")

    if username == "user1" and resource == "queue" and name.startswith("public_"):
        if permission in ["read", "configure"]:
            return PlainTextResponse("allow")

    return PlainTextResponse("deny", status_code=403)

@app.post("/rabbit/auth/topic")
async def auth_topic(username: str = Form(...), 
                     vhost: str = Form(...), 
                     resource: str = Form(...), 
                     name: str = Form(...), 
                     permission: str = Form(...),
                     topic_path: str = Form(...),
                     ):

    if username == "admin" or (username == "user1" and routing_key.startswith("logs.")):
        return PlainTextResponse("allow")
    return PlainTextResponse("deny", status_code=403)