package claims

import (
	"oc-auth/conf"
	"strings"

	"cloud.o-forge.io/core/oc-lib/models/peer"
)

// ClaimService builds and verifies OAuth2 session claims
type ClaimService interface {
	// BuildConsentSession builds the session payload for Hydra consent accept.
	// Claims are injected into the Hydra JWT via the consent session, not appended to the token.
	BuildConsentSession(clientID string, userId string, peer *peer.Peer) Claims

	// DecodeClaimsInToken verifies permissions from claims extracted from a JWT
	DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error)
}

// SessionClaims contains access_token and id_token claim maps
type SessionClaims struct {
	AccessToken map[string]interface{} `json:"access_token"`
	IDToken     map[string]interface{} `json:"id_token"`
}

// Claims is the top-level session structure passed to Hydra consent accept
type Claims struct {
	Session SessionClaims `json:"session"`
}

var t = map[string]ClaimService{
	"hydra": HydraClaims{},
}

func GetClaims() ClaimService {
	for k := range t {
		if strings.Contains(conf.GetConfig().Auth, k) {
			return t[k]
		}
	}
	return nil
}