package claims

import (
	"fmt"
	"oc-auth/conf"
	"reflect"
	"strings"

	"cloud.o-forge.io/core/oc-lib/models/peer"
	"github.com/google/go-cmp/cmp"
)

// ClaimService builds and verifies OAuth2 session claims
type ClaimService interface {
	// BuildConsentSession builds the session payload for Hydra consent accept.
	// Claims are injected into the Hydra JWT via the consent session, not appended to the token.
	BuildConsentSession(clientID string, userId string, peer *peer.Peer) Claims

	// DecodeClaimsInToken verifies permissions from claims extracted from a JWT
	DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, string, error)
}

// SessionClaims contains access_token and id_token claim maps
type SessionClaims struct {
	AccessToken map[string]interface{} `json:"access_token"`
	IDToken     map[string]interface{} `json:"id_token"`
}

// Claims is the top-level session structure passed to Hydra consent accept
type Claims struct {
	Session SessionClaims `json:"session"`
}

var t = map[string]ClaimService{
	"hydra": HydraClaims{},
}

func cleanMap(m map[string]interface{}) map[string]interface{} {
	if m == nil {
		return map[string]interface{}{}
	}

	ignored := map[string]bool{
		"exp": true,
		"iat": true,
		"nbf": true,
	}

	out := make(map[string]interface{})

	for k, v := range m {
		if ignored[k] {
			continue
		}

		switch val := v.(type) {
		case map[string]interface{}:
			out[k] = cleanMap(val)
		default:
			out[k] = val
		}
	}

	return out
}

func (c *Claims) EqualExt(ext map[string]interface{}) bool {
	claims := &Claims{}
	claims.SessionFromExt(ext)

	return c.EqualClaims(claims)
}

func (c *Claims) EqualClaims(claims *Claims, permsKey ...string) bool {
	c.normalizeClaims()
	claims.normalizeClaims()

	if len(permsKey) > 0 {
		for _, p := range permsKey {
			if !(claims.Session.AccessToken[p] != nil && c.Session.AccessToken[p] != nil && claims.Session.AccessToken[p] == c.Session.AccessToken[p]) {
				return false
			}
		}
		return true
	}
	ok := reflect.DeepEqual(c.Session, claims.Session)
	if !ok {
		fmt.Println(cmp.Diff(c.Session, claims.Session))
	}
	return ok
}

func (c *Claims) normalizeClaims() {
	c.Session.AccessToken = cleanMap(c.Session.AccessToken)
	c.Session.IDToken = cleanMap(c.Session.IDToken)
}

func (c *Claims) SessionFromExt(ext map[string]interface{}) {
	var access map[string]interface{}
	var id map[string]interface{}

	if v, ok := ext["access_token"].(map[string]interface{}); ok && v != nil {
		access = v
	} else {
		access = map[string]interface{}{}
	}

	if v, ok := ext["id_token"].(map[string]interface{}); ok && v != nil {
		id = v
	} else {
		id = map[string]interface{}{}
	}

	c.Session = SessionClaims{
		AccessToken: access,
		IDToken:     id,
	}
}

func GetClaims() ClaimService {
	for k := range t {
		if strings.Contains(conf.GetConfig().Auth, k) {
			return t[k]
		}
	}
	return nil
}