package services

import (
	"context"
	"errors"
	"platform/web/models"
)

var Auth = &authService{}

type authService struct{}

type AuthServiceError string

func (e AuthServiceError) Error() string {
	return string(e)
}

type AuthServiceOauthError string

func (e AuthServiceOauthError) Error() string {
	return string(e)
}

var (
	ErrOauthInvalidRequest       = AuthServiceOauthError("invalid_request")
	ErrOauthInvalidClient        = AuthServiceOauthError("invalid_client")
	ErrOauthInvalidGrant         = AuthServiceOauthError("invalid_grant")
	ErrOauthInvalidScope         = AuthServiceOauthError("invalid_scope")
	ErrOauthUnauthorizedClient   = AuthServiceOauthError("unauthorized_client")
	ErrOauthUnsupportedGrantType = AuthServiceOauthError("unsupported_grant_type")
)

// OauthAuthorizationCode 验证授权码
func (s *authService) OauthAuthorizationCode(ctx context.Context, client *models.Client, code, redirectURI, codeVerifier string) (*TokenDetails, error) {
	// TODO: 从数据库验证授权码
	return nil, errors.New("TODO")
}

// OauthClientCredentials 验证客户端凭证
func (s *authService) OauthClientCredentials(ctx context.Context, client *models.Client, scope ...[]string) (*TokenDetails, error) {

	var clientType PayloadType
	switch client.Spec {
	case 0:
		clientType = PayloadClientConfidential
	case 1:
		clientType = PayloadClientPublic
	case 2:
		clientType = PayloadClientConfidential
	}

	// 保存会话并返回令牌
	auth := AuthContext{
		Permissions: map[string]struct{}{
			"client": {},
		},
		Payload: Payload{
			Type: clientType,
			Id:   client.ID,
		},
	}

	// todo 数据库定义会话持续时间
	token, err := Session.Create(ctx, auth)
	if err != nil {
		return nil, err
	}

	return token, nil
}

// OauthRefreshToken 验证刷新令牌
func (s *authService) OauthRefreshToken(ctx context.Context, client *models.Client, refreshToken string, scope ...[]string) (*TokenDetails, error) {
	// TODO: 从数据库验证刷新令牌
	return nil, errors.New("TODO")
}

type GrantType int

const (
	GrantTypeAuthorizationCode GrantType = iota
	GrantTypeClientCredentials
	GrantTypeRefreshToken
)