{ crane, lib, nodePackages
, useWebAuthn ? false, openssl, zlib, pkg-config, protobuf
, usePostgres ? true, postgresql, postgresqlTestHook
, nixosTests }:

assert useWebAuthn -> openssl != null && pkg-config != null;
assert usePostgres -> postgresql != null && postgresqlTestHook != null;

let
  featureMatrix = features: lib.concatStringsSep " " (lib.attrNames (lib.filterAttrs (k: v: v) features));

  suffixes = [ ".sql" ".ts" ".css" ".html" ".json" ];
  suffixFilter = suffixes: name: type:
      let base = baseNameOf (toString name);
      in type == "directory" || lib.any (ext: lib.hasSuffix ext base) suffixes;
  srcFilter = path: type: (suffixFilter suffixes path type) || (crane.filterCargoSources path type);

  src = lib.cleanSourceWith {
    src = ./.; # The original, unfiltered source
    filter = srcFilter;
    name = "source"; # Be reproducible, regardless of the directory name
  };

  cargoFeatures = "--no-default-features --features=\"${featureMatrix {
    webauthn = useWebAuthn;
    postgres = usePostgres;
    rustls   = !useWebAuthn;
  }}\"";

  args = {
    inherit src;
    strictDeps = true;

    cargoExtraArgs = cargoFeatures;

    buildInputs = lib.optional useWebAuthn openssl;
    nativeBuildInputs = [ nodePackages.typescript ] ++ (lib.optional useWebAuthn pkg-config);

    meta = with lib.meta; {
      maintainers = with lib.maintainers; [ vikanezrimaya ];
      platforms = ["aarch64-linux" "x86_64-linux"];
      mainProgram = "kittybox";
    };
  };

  cargoArtifacts = crane.buildDepsOnly args;
  args' = args // { inherit cargoArtifacts; };

in crane.buildPackage (args' // {
  nativeCheckInputs = lib.optionals usePostgres [
    postgresql postgresqlTestHook
  ];
  
  # Tests create arbitrary databases; we need to be prepared for that
  postgresqlTestUserOptions = "LOGIN SUPERUSER";
  postgresqlTestSetupPost = ''
    export DATABASE_URL="postgres://localhost?host=$PGHOST&user=$PGUSER&dbname=$PGDATABASE"
  '';

  passthru = {
    tests = nixosTests;
    hasPostgres = usePostgres;

    inherit cargoArtifacts;

    clippy = crane.cargoClippy args';
  };
})