package hwsauth

import (
	"database/sql"
	"net/http"

	"git.haelnorr.com/h/golib/jwt"
	"github.com/pkg/errors"
)

// Attempt to use a valid refresh token to generate a new token pair
func (auth *Authenticator[T]) refreshAuthTokens(
	tx *sql.Tx,
	w http.ResponseWriter,
	r *http.Request,
	rT *jwt.RefreshToken,
) (T, error) {
	model, err := auth.load(tx, rT.SUB)
	if err != nil {
		return getNil[T](), errors.Wrap(err, "auth.load")
	}

	rememberMe := map[string]bool{
		"session": false,
		"exp":     true,
	}[rT.TTL]

	// Set fresh to true because new tokens coming from refresh request
	err = jwt.SetTokenCookies(w, r, auth.tokenGenerator, model.ID(), false, rememberMe, auth.SSL)
	if err != nil {
		return getNil[T](), errors.Wrap(err, "jwt.SetTokenCookies")
	}
	// New tokens sent, revoke the old tokens
	err = rT.Revoke(tx)
	if err != nil {
		return getNil[T](), errors.Wrap(err, "rT.Revoke")
	}
	// Return the authorized user
	return model, nil
}