package hwsauth

import (
	"database/sql"
	"projectreshoot/pkg/hws"

	"git.haelnorr.com/h/golib/jwt"
	"github.com/pkg/errors"
	"github.com/rs/zerolog"
)

type Authenticator[T Model] struct {
	tokenGenerator     *jwt.TokenGenerator
	load               LoadFunc[T]
	conn               *sql.DB
	ignoredPaths       []string
	logger             *zerolog.Logger
	server             *hws.Server
	errorPage          hws.ErrorPage
	SSL                bool   // Use SSL for JWT tokens. Default true
	TrustedHost        string // TrustedHost to use for SSL verification
	SecretKey          string // Secret key to use for JWT tokens
	AccessTokenExpiry  int64  // Expiry time for Access tokens in minutes. Default 5
	RefreshTokenExpiry int64  // Expiry time for Refresh tokens in minutes. Default 1440 (1 day)
	TokenFreshTime     int64  // Expiry time of token freshness. Default 5 minutes
	LandingPage        string // Path of the desired landing page for logged in users
}

// NewAuthenticator creates and returns a new Authenticator using the provided configuration.
// All expiry times should be provided in minutes.
// trustedHost and secretKey strings must be provided.
func NewAuthenticator[T Model](
	load LoadFunc[T],
	server *hws.Server,
	conn *sql.DB,
	logger *zerolog.Logger,
	errorPage hws.ErrorPage,
) (*Authenticator[T], error) {
	if load == nil {
		return nil, errors.New("No function to load model supplied")
	}
	if server == nil {
		return nil, errors.New("No hws.Server provided")
	}
	if conn == nil {
		return nil, errors.New("No database connection supplied")
	}
	if logger == nil {
		return nil, errors.New("No logger provided")
	}
	if errorPage == nil {
		return nil, errors.New("No ErrorPage provided")
	}
	auth := Authenticator[T]{
		load:               load,
		server:             server,
		conn:               conn,
		logger:             logger,
		errorPage:          errorPage,
		AccessTokenExpiry:  5,
		RefreshTokenExpiry: 1440,
		TokenFreshTime:     5,
		SSL:                true,
	}
	return &auth, nil
}

// Initialise finishes the setup and prepares the Authenticator for use.
// Any custom configuration must be set before Initialise is called
func (auth *Authenticator[T]) Initialise() error {
	if auth.TrustedHost == "" {
		return errors.New("Trusted host must be provided")
	}
	if auth.SecretKey == "" {
		return errors.New("Secret key cannot be blank")
	}
	if auth.LandingPage == "" {
		return errors.New("No landing page specified")
	}
	tokenGen, err := jwt.CreateGenerator(
		auth.AccessTokenExpiry,
		auth.RefreshTokenExpiry,
		auth.TokenFreshTime,
		auth.TrustedHost,
		auth.SecretKey,
		auth.conn,
	)
	if err != nil {
		return errors.Wrap(err, "jwt.CreateGenerator")
	}
	auth.tokenGenerator = tokenGen
	return nil
}